homeserver/group_vars/docker.yml
mg 1bbc4e5b60 Nutzerpasswörter (#92)
gruppe docker nur für docker-hosts

Nutzer root für pve angelegt

Co-authored-by: Michael Grote <michael.grote@posteo.de>
Reviewed-on: mg/ansible#92
Co-Authored-By: mg <mg@noreply.git.mgrote.net>
Co-Committed-By: mg <mg@noreply.git.mgrote.net>
2021-05-14 14:57:04 +02:00

52 lines
2.4 KiB
YAML

---
### oefenweb.ufw
ufw_rules:
- rule: allow
to_port: 22
protocol: tcp
comment: 'ssh'
from_ip: 192.168.2.0/24
### geerlingguy.docker
docker_users:
- mg
### mgrote.restic
restic_folders_to_backup: /usr/local /etc /root /home /var/lib/docker
qssrestic_cron_hours: "*/4"
restic_exclude: |
._*
desktop.ini
.Trash-*
**/**cache***/**
**/**Cache***/**
**/**AppData***/**
/var/lib/docker/volumes/***Musik***
/var/lib/docker/volumes/***musik***
/var/lib/docker/volumes/***musik***
/var/lib/docker/volumes/***musik***
/var/lib/docker/volumes/docker-photoprism_pp_smb_bilder***/**
# https://github.com/restic/restic/issues/1005
# https://forum.restic.net/t/exclude-syntax-confusion/1531/12
### ryandaniels.create_users
users:
- username: mg
password: "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}"
update_password: on_create
ssh_key: ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAp7z2WWUS626wY4laQJNGVYs5uOowrSOjd9RLsoPV5GWU46lsD+Q7CblqcBflvkzFiU16bzI0QZcQ9YP5M5LcYreCqCIq2HdeA4/hgIhlBGAzgp4mK8gZsEoCd2rs5888RA8T/oGnAoP0FXBegm2XmXTmt3826ZZUektCanSipMzrT3XUDZDnf1sTY60Fu8GK4hcRIFI7spM0u9upCYXVOrygBmoBQ5GlOyGEPyXs1Am/PERcVZFUPS0mGJ0COVCgEOaVvM8kEn5dK/QpmKqE8OMBsRdQ51pj9BMLNz/0IRnF6OxHDfEyLuqNPZuuBZc+/pULaZefCgjKGL1zXIFFlw== #generieren: ssh-keygen -o; für putty ändern https://www.oracle.com/webfolder/technetwork/tutorials/obe/cloud/ggcs/Change_private_key_format_for_Putty/Change_private_key_format_for_Putty.html#section2
use_sudo: yes
use_sudo_nopass: yes
user_state: present
groups: ssh, sudo, docker
servers:
- production
- test
- username: ansible-user
password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}"
update_password: on_create
ssh_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyqs0OE5RVqs6tIzyuGQWvq/OVDa/tfdSEqMIwcthFt+pwCCjpqtNc8L8FSXgphSwuNosFakqhMLDFD3pmII+t61NRExsoR3nGTDuCAQnTvTKXTEfhnunN3pwgXWVTI68j9pRzmSy+hMkSFbgN9EGMSXxGcNunY7ewS3ZkVe08SWFpiX9giYq6uiOiMHsZKdcP6s2QRXUhZlTx2cOc/9gJ5lD82EUXQRZzT6ww2xVrceIW9c3CZFmSmYWxvrR7dPcHrke90FPPd5WhU+Anz++6GsT6+OhZTk+uQnBHllFXn9NoFQIEUDO4zV+gFXITaAbTkLAcCwuKB2QcDZ6C2mhf ansible-generated on ansible-v2
use_sudo: yes
use_sudo_nopass: yes
user_state: present
groups: ssh, sudo
servers:
- production
- test