mg
416c36f97c
motd unit house plugins vereinheitlicht aufräumen user vereinheitlicht samba users aufgeräumt aussortiert apc pwr systemd plugin kvm plugins lvm plguin acng plugin munin user chrony fur alle gruppe playbook docker vars playbook firewall munin für alle Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: mg/ansible#116 Co-Authored-By: mg <mg@noreply.git.mgrote.net> Co-Committed-By: mg <mg@noreply.git.mgrote.net>
132 lines
4.8 KiB
YAML
132 lines
4.8 KiB
YAML
---
|
|
# Bind Mounts - fileserver
|
|
# pct set 109 -mp0 /hdd_data_raidz/videos,mp=/shares_videos
|
|
# pct set 109 -mp1 /hdd_data_raidz/data_crypt,mp=/shares
|
|
# pct set 109 -mp2 /hdd_data_raidz/vm_backup,mp=/shares_pve_backup
|
|
# pct set 109 -mp3 /hdd_data_raidz/papa_backup,mp=/shares_papa_backup
|
|
# pct set 109 -mp4 /hdd_data_raidz/music,mp=/shares_music
|
|
# pct set 109 -mp5 /hdd_data_raidz/tmp,mp=/shares_tmp
|
|
# pct set 109 -mp6 /hdd_data_raidz/archiv,mp=/shares_archiv
|
|
# Bind Mounts - fileserver-test
|
|
# pct set 158 -mp0 /rpool/vm/dir/vm-158/videos,mp=/shares_videos
|
|
# pct set 158 -mp1 /rpool/vm/dir/vm-158/data,mp=/shares
|
|
# pct set 158 -mp2 /rpool/vm/dir/vm-158/proxmox,mp=/shares_pve_backup
|
|
# pct set 158 -mp3 /rpool/vm/dir/vm-158/papa,mp=/shares_papa_backup
|
|
# pct set 158 -mp4 /rpool/vm/dir/vm-158/music,mp=/shares_music
|
|
# pct set 158 -mp5 /rpool/vm/dir/vm-158/tmp,mp=/shares_tmp
|
|
# pct set 158 -mp6 /rpool/vm/dir/vm-158/archiv,mp=/shares_archiv
|
|
|
|
### mgrote.smb_fileserver
|
|
smb_users:
|
|
- name: 'annemariedroessler'
|
|
password: "{{ lookup('keepass', 'fileserver_smb_user_amd', 'password') }}"
|
|
- name: 'restic'
|
|
password: "{{ lookup('keepass', 'fileserver_smb_user_restic', 'password') }}"
|
|
- name: 'win10'
|
|
password: "{{ lookup('keepass', 'fileserver_smb_user_win10', 'password') }}"
|
|
- name: 'kodi'
|
|
password: "{{ lookup('keepass', 'fileserver_smb_user_kodi', 'password') }}"
|
|
- name: 'michaelgrote'
|
|
password: "{{ lookup('keepass', 'fileserver_smb_user_mg', 'password') }}"
|
|
- name: 'navidrome'
|
|
password: "{{ lookup('keepass', 'fileserver_smb_user_navidrome', 'password') }}"
|
|
- name: 'docker'
|
|
password: "{{ lookup('keepass', 'fileserver_smb_user_docker', 'password') }}"
|
|
- name: 'pve'
|
|
password: "{{ lookup('keepass', 'fileserver_smb_user_pve', 'password') }}"
|
|
- name: 'brother_ads2700w'
|
|
password: "{{ lookup('keepass', 'fileserver_smb_user_brother_ads2700w', 'password') }}"
|
|
- name: 'photoprism'
|
|
password: "{{ lookup('keepass', 'fileserver_smb_user_photoprism', 'password') }}"
|
|
- name: 'bdfr'
|
|
password: "{{ lookup('keepass', 'fileserver_smb_user_bdfr', 'password') }}"
|
|
|
|
smb_shares:
|
|
- name: 'videos'
|
|
path: '/shares_videos'
|
|
users_ro: 'kodi'
|
|
users_rw: 'annemariedroessler michaelgrote win10'
|
|
- name: 'scans'
|
|
path: '/shares/scans'
|
|
users_ro: 'annemariedroessler michaelgrote'
|
|
users_rw: 'brother_ads2700w'
|
|
- name: 'papa_backup'
|
|
path: '/shares_papa_backup'
|
|
users_ro: ''
|
|
users_rw: 'win10 michaelgrote'
|
|
- name: 'amd'
|
|
path: '/shares/amd'
|
|
users_ro: 'navidrome michaelgrote'
|
|
users_rw: 'annemariedroessler win10'
|
|
- name: 'backup'
|
|
path: '/shares/Backup'
|
|
users_ro: ''
|
|
users_rw: 'annemariedroessler restic win10 michaelgrote'
|
|
- name: 'archiv'
|
|
path: '/shares_archiv'
|
|
users_ro: ''
|
|
users_rw: 'bdfr michaelgrote'
|
|
- name: 'hm'
|
|
path: '/shares/hm'
|
|
users_ro: 'win10'
|
|
users_rw: 'michaelgrote'
|
|
- name: 'mg'
|
|
path: '/shares/mg'
|
|
users_ro: ''
|
|
users_rw: 'win10 michaelgrote'
|
|
- name: 'musik'
|
|
path: '/shares_music'
|
|
users_ro: 'navidrome kodi annemariedroessler '
|
|
users_rw: 'win10 michaelgrote'
|
|
- name: 'tmp'
|
|
path: '/shares_tmp'
|
|
users_ro: 'win10'
|
|
users_rw: 'kodi annemariedroessler restic win10 michaelgrote'
|
|
- name: 'bilder'
|
|
path: '/shares/bilder'
|
|
users_ro: 'photoprism'
|
|
users_rw: 'annemariedroessler michaelgrote win10'
|
|
- name: 'proxmox'
|
|
path: '/shares_pve_backup'
|
|
users_ro: 'michaelgrote'
|
|
users_rw: 'pve win10'
|
|
smb_workgroup: WORKGROUP
|
|
smb_min_protocol: "SMB2"
|
|
smb_client_min_protocol: "SMB2"
|
|
smb_client_max_protocol: "SMB3_11"
|
|
|
|
### oefenweb.ufw
|
|
ufw_rules:
|
|
- rule: allow
|
|
to_port: 22
|
|
protocol: tcp
|
|
comment: 'ssh'
|
|
from_ip: 192.168.2.0/24
|
|
- rule: allow
|
|
to_port: 445
|
|
comment: 'smb'
|
|
from_ip: 192.168.2.0/24
|
|
- rule: allow
|
|
to_port: 139
|
|
comment: 'smb'
|
|
from_ip: 192.168.2.0/24
|
|
- rule: allow
|
|
to_port: 4949
|
|
protocol: tcp
|
|
comment: 'munin'
|
|
from_ip: 192.168.2.144/24
|
|
|
|
### geerlingguy.munin-node
|
|
munin_node_plugins:
|
|
- name: chrony
|
|
- name: systemd_status
|
|
- name: lvm_
|
|
- name: samba_locked
|
|
- name: samba_users
|
|
munin_node_install_plugins: # in eigenes Repo gesichert
|
|
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/chrony
|
|
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/lvm_
|
|
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/systemd_status
|
|
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/samba_locked
|
|
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/samba_users
|