homeserver/host_vars/fileserver2.grote.lan.yml

---
  # Bind Mounts - fileserver
  # pct set 127 -mp0 /hdd_data_raidz/videos,mp=/shares_videos
  # pct set 127 -mp1 /hdd_data_raidz/data_crypt,mp=/shares_data_crypt
  # pct set 127 -mp2 /hdd_data_raidz/pve_backup,mp=/shares_pve_backup
  # pct set 127 -mp3 /hdd_data_raidz/papa_backup,mp=/shares_papa_backup
  # pct set 127 -mp4 /hdd_data_raidz/music,mp=/shares_music
  # pct set 127 -mp5 /hdd_data_raidz/tmp,mp=/shares_tmp
  # pct set 127 -mp6 /hdd_data_raidz/archiv,mp=/shares_archiv
  # pct set 127 -mp7 /hdd_data_raidz/bilder,mp=/shares_bilder
  # pct set 127 -mp8 /hdd_data_raidz/hm,mp=/shares_hm
  # pct set 127 -mp9 /hdd_data_raidz/scans,mp=/shares_scans
  # pct set 127 -mp10 /hdd_data_raidz/restic,mp=/shares_restic
  # pct set 127 -mp11 /hdd_data_raidz/amd,mp=/shares_amd
  # pct set 127 -mp12 /hdd_data_raidz/backup,mp=/shares_backup

  ### mgrote.smb_fileserver
  smb_users:
    - name: 'annemariedroessler2'
      password: "{{ lookup('keepass', 'fileserver_smb_user_amd', 'password') }}"
    - name: 'restic'
      password: "{{ lookup('keepass', 'fileserver_smb_user_restic', 'password') }}"
    - name: 'win10'
      password: "{{ lookup('keepass', 'fileserver_smb_user_win10', 'password') }}"
    - name: 'kodi'
      password: "{{ lookup('keepass', 'fileserver_smb_user_kodi', 'password') }}"
    - name: 'michaelgrote'
      password: "{{ lookup('keepass', 'fileserver_smb_user_mg', 'password') }}"
    - name: 'navidrome'
      password: "{{ lookup('keepass', 'fileserver_smb_user_navidrome', 'password') }}"
    - name: 'docker'
      password: "{{ lookup('keepass', 'fileserver_smb_user_docker', 'password') }}"
    - name: 'pve'
      password: "{{ lookup('keepass', 'fileserver_smb_user_pve', 'password') }}"
    - name: 'brother_ads2700w'
      password: "{{ lookup('keepass', 'fileserver_smb_user_brother_ads2700w', 'password') }}"
    - name: 'photoprism'
      password: "{{ lookup('keepass', 'fileserver_smb_user_photoprism', 'password') }}"

  smb_shares:
    - name: 'videos'
      path: '/shares_videos'
      users_ro: 'kodi'
      users_rw: 'annemariedroessler2 michaelgrote win10'
    - name: 'scans'
      path: '/shares_scans'
      users_ro: 'annemariedroessler2 michaelgrote'
      users_rw: 'brother_ads2700w'
    - name: 'papa_backup'
      path: '/shares_papa_backup'
      users_ro: 'michaelgrote'
      users_rw: 'win10'
    - name: 'amd'
      path: '/shares_amd'
      users_ro: 'michaelgrote win10'
      users_rw: 'annemariedroessler2 win10'
    - name: 'backup'
      path: '/shares_backup'
      users_ro: 'annemariedroessler2'
      users_rw: 'win10 michaelgrote'
    - name: 'archiv'
      path: '/shares_archiv'
      users_ro: ''
      users_rw: 'michaelgrote win10'
    - name: 'hm'
      path: '/shares_hm'
      users_ro: 'win10'
      users_rw: 'michaelgrote'
    - name: 'mg'
      path: '/shares_data_crypt'
      users_ro: ''
      users_rw: 'win10 michaelgrote'
    - name: 'musik'
      path: '/shares_music'
      users_ro: 'navidrome kodi annemariedroessler2 '
      users_rw: 'win10 michaelgrote'
    - name: 'tmp'
      path: '/shares_tmp'
      users_ro: 'win10'
      users_rw: 'kodi annemariedroessler2 win10 michaelgrote'
    - name: 'bilder'
      path: '/shares_bilder'
      users_ro: 'photoprism'
      users_rw: 'annemariedroessler2 michaelgrote win10'
    - name: 'proxmox'
      path: '/shares_pve_backup'
      users_ro: 'michaelgrote'
      users_rw: 'pve win10'
    - name: 'restic'
      path: '/shares_restic'
      users_ro: ''
      users_rw: 'annemariedroessler2 restic win10 michaelgrote'
  smb_workgroup: WORKGROUP
  smb_min_protocol: "SMB2"
  smb_client_min_protocol: "SMB2"
  smb_client_max_protocol: "SMB3_11"

  ### oefenweb.ufw
  ufw_rules:
    - rule: allow
      to_port: 22
      protocol: tcp
      comment: 'ssh'
      from_ip: 0.0.0.0/0
    - rule: allow
      to_port: 445
      comment: 'smb'
      from_ip: 0.0.0.0/0
    - rule: allow
      to_port: 139
      comment: 'smb'
      from_ip: 0.0.0.0/0
    - rule: allow
      to_port: 4949
      protocol: tcp
      comment: 'munin'
      from_ip: 192.168.2.144/24

  ### geerlingguy.munin-node
  munin_node_disabled_plugins:
    - name: meminfo # zu hohe last
    - name: hddtemp2 # ersetzt durch hddtemp_smartctl
    - name: ntp # verursacht zu viele dns ptr request
    - name: hddtempd # ersetzt durch hddtemp_smartctl
    - name: ipmi_power # für pve2, leeres diagramm
    - name: lvm_
    - name: samba_locked
    - name: samba_users
  munin_node_plugins:
    - name: chrony
      src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/chrony
    - name: systemd_status
      src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/systemd_status
    - name: samba
      src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/samba
      config: |
        [samba]
        user root
        group root
        env.smbstatus /usr/bin/smbstatus
        env.ignoreipcshare 1