mg
834c232c15
Merge branch 'master' into moni docker users aufgeräumt doku doku sensors bei fileserver entfernt sensors bei docker aus gruppe mg docker allgemeine munin-node vars in all pve listening interface angepasst default ipv4 munin in firewall aber nicht für test munin für alle Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: mg/ansible#37 Co-Authored-By: mg <mg@noreply.git.mgrote.net> Co-Committed-By: mg <mg@noreply.git.mgrote.net>
94 lines
2.9 KiB
YAML
94 lines
2.9 KiB
YAML
---
|
|
### geerlingguy.munin-node
|
|
munin_node_remove_plugins:
|
|
- name: sensors
|
|
### mgrote.smb_fileserver
|
|
smb_users:
|
|
- name: 'annemariedroessler'
|
|
password: "{{ lookup('keepass', 'fileserver_smb_user_amd', 'password') }}"
|
|
- name: 'restic'
|
|
password: "{{ lookup('keepass', 'fileserver_smb_user_restic', 'password') }}"
|
|
- name: 'win10'
|
|
password: "{{ lookup('keepass', 'fileserver_smb_user_win10', 'password') }}"
|
|
- name: 'kodi'
|
|
password: "{{ lookup('keepass', 'fileserver_smb_user_kodi', 'password') }}"
|
|
- name: 'michaelgrote'
|
|
password: "{{ lookup('keepass', 'fileserver_smb_user_mg', 'password') }}"
|
|
- name: 'navidrome'
|
|
password: "{{ lookup('keepass', 'fileserver_smb_user_navidrome', 'password') }}"
|
|
- name: 'docker'
|
|
password: "{{ lookup('keepass', 'fileserver_smb_user_docker', 'password') }}"
|
|
- name: 'pve'
|
|
password: "{{ lookup('keepass', 'fileserver_smb_user_pve', 'password') }}"
|
|
- name: 'brother_ads2700w'
|
|
password: "{{ lookup('keepass', 'fileserver_smb_user_brother_ads2700w', 'password') }}"
|
|
smb_shares:
|
|
- name: 'videos'
|
|
path: '/shares_videos'
|
|
users_ro: ' win10 kodi'
|
|
users_rw: 'annemariedroessler michaelgrote'
|
|
- name: 'scans'
|
|
path: '/shares/scans'
|
|
users_ro: 'annemariedroessler michaelgrote'
|
|
users_rw: 'brother_ads2700w ocrmypdf'
|
|
- name: 'replikation'
|
|
path: '/shares/replikation'
|
|
users_ro: ''
|
|
users_rw: 'win10 michaelgrote'
|
|
- name: 'amd'
|
|
path: '/shares/amd'
|
|
users_ro: 'win10 navidrome michaelgrote'
|
|
users_rw: 'annemariedroessler'
|
|
- name: 'backup'
|
|
path: '/shares/Backup'
|
|
users_ro: ''
|
|
users_rw: 'annemariedroessler restic win10 michaelgrote'
|
|
- name: 'hm'
|
|
path: '/shares/hm'
|
|
users_ro: 'win10'
|
|
users_rw: 'michaelgrote'
|
|
- name: 'mg'
|
|
path: '/shares/mg'
|
|
users_ro: ''
|
|
users_rw: 'win10 michaelgrote'
|
|
- name: 'musik'
|
|
path: '/shares/Musik'
|
|
users_ro: 'navidrome kodi annemariedroessler '
|
|
users_rw: 'win10 michaelgrote'
|
|
- name: 'tmp'
|
|
path: '/shares/tmp'
|
|
users_ro: 'win10'
|
|
users_rw: 'kodi annemariedroessler restic win10 michaelgrote'
|
|
- name: 'bilder'
|
|
path: '/shares/bilder'
|
|
users_ro: 'win10'
|
|
users_rw: 'annemariedroessler michaelgrote'
|
|
- name: 'proxmox'
|
|
path: '/shares/proxmox'
|
|
users_ro: 'win10 michaelgrote'
|
|
users_rw: 'pve'
|
|
smb_workgroup: WORKGROUP
|
|
smb_min_protocol: "SMB2"
|
|
smb_client_min_protocol: "SMB2"
|
|
smb_client_max_protocol: "SMB3_11"
|
|
|
|
### oefenweb.ufw
|
|
ufw_rules:
|
|
- rule: allow
|
|
to_port: 22
|
|
protocol: tcp
|
|
comment: 'ssh'
|
|
from_ip: 192.168.2.0/24
|
|
- rule: allow
|
|
to_port: 445
|
|
comment: 'smb'
|
|
from_ip: 192.168.2.0/24
|
|
- rule: allow
|
|
to_port: 139
|
|
comment: 'smb'
|
|
from_ip: 192.168.2.0/24
|
|
- rule: allow
|
|
to_port: 4949
|
|
protocol: tcp
|
|
comment: 'munin-node'
|
|
from_ip: 192.168.2.0/24
|