mg
1bbc4e5b60
gruppe docker nur für docker-hosts Nutzer root für pve angelegt Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: mg/ansible#92 Co-Authored-By: mg <mg@noreply.git.mgrote.net> Co-Committed-By: mg <mg@noreply.git.mgrote.net>
52 lines
2.4 KiB
YAML
52 lines
2.4 KiB
YAML
---
|
|
### oefenweb.ufw
|
|
ufw_rules:
|
|
- rule: allow
|
|
to_port: 22
|
|
protocol: tcp
|
|
comment: 'ssh'
|
|
from_ip: 192.168.2.0/24
|
|
### geerlingguy.docker
|
|
docker_users:
|
|
- mg
|
|
### mgrote.restic
|
|
restic_folders_to_backup: /usr/local /etc /root /home /var/lib/docker
|
|
qssrestic_cron_hours: "*/4"
|
|
restic_exclude: |
|
|
._*
|
|
desktop.ini
|
|
.Trash-*
|
|
**/**cache***/**
|
|
**/**Cache***/**
|
|
**/**AppData***/**
|
|
/var/lib/docker/volumes/***Musik***
|
|
/var/lib/docker/volumes/***musik***
|
|
/var/lib/docker/volumes/***musik***
|
|
/var/lib/docker/volumes/***musik***
|
|
/var/lib/docker/volumes/docker-photoprism_pp_smb_bilder***/**
|
|
# https://github.com/restic/restic/issues/1005
|
|
# https://forum.restic.net/t/exclude-syntax-confusion/1531/12
|
|
### ryandaniels.create_users
|
|
users:
|
|
- username: mg
|
|
password: "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}"
|
|
update_password: on_create
|
|
ssh_key: ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAp7z2WWUS626wY4laQJNGVYs5uOowrSOjd9RLsoPV5GWU46lsD+Q7CblqcBflvkzFiU16bzI0QZcQ9YP5M5LcYreCqCIq2HdeA4/hgIhlBGAzgp4mK8gZsEoCd2rs5888RA8T/oGnAoP0FXBegm2XmXTmt3826ZZUektCanSipMzrT3XUDZDnf1sTY60Fu8GK4hcRIFI7spM0u9upCYXVOrygBmoBQ5GlOyGEPyXs1Am/PERcVZFUPS0mGJ0COVCgEOaVvM8kEn5dK/QpmKqE8OMBsRdQ51pj9BMLNz/0IRnF6OxHDfEyLuqNPZuuBZc+/pULaZefCgjKGL1zXIFFlw== #generieren: ssh-keygen -o; für putty ändern https://www.oracle.com/webfolder/technetwork/tutorials/obe/cloud/ggcs/Change_private_key_format_for_Putty/Change_private_key_format_for_Putty.html#section2
|
|
use_sudo: yes
|
|
use_sudo_nopass: yes
|
|
user_state: present
|
|
groups: ssh, sudo, docker
|
|
servers:
|
|
- production
|
|
- test
|
|
- username: ansible-user
|
|
password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}"
|
|
update_password: on_create
|
|
ssh_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyqs0OE5RVqs6tIzyuGQWvq/OVDa/tfdSEqMIwcthFt+pwCCjpqtNc8L8FSXgphSwuNosFakqhMLDFD3pmII+t61NRExsoR3nGTDuCAQnTvTKXTEfhnunN3pwgXWVTI68j9pRzmSy+hMkSFbgN9EGMSXxGcNunY7ewS3ZkVe08SWFpiX9giYq6uiOiMHsZKdcP6s2QRXUhZlTx2cOc/9gJ5lD82EUXQRZzT6ww2xVrceIW9c3CZFmSmYWxvrR7dPcHrke90FPPd5WhU+Anz++6GsT6+OhZTk+uQnBHllFXn9NoFQIEUDO4zV+gFXITaAbTkLAcCwuKB2QcDZ6C2mhf ansible-generated on ansible-v2
|
|
use_sudo: yes
|
|
use_sudo_nopass: yes
|
|
user_state: present
|
|
groups: ssh, sudo
|
|
servers:
|
|
- production
|
|
- test
|