homeserver/host_vars/irantu.mgrote.net
2024-04-02 16:12:27 +02:00

67 lines
1.7 KiB
Text

---
### oefenweb.ufw
ufw_rules:
- rule: allow
to_port: 22
protocol: tcp
comment: 'ssh'
from_ip: 192.168.2.0/24
ufw_default_incoming_policy: deny
ufw_default_outgoing_policy: allow
### apt_install_packages
apt_packages_extra:
- qemu
- virt-manager
- tmux
- keychain
- jq
- vim
- cifs-utils
- nextcloud-desktop
- keepassxc
- openssh-server
- sshpass
- ansible
- linux-oem-22.04c
- vlc
- rofi
- wireguard
- wine
### mgrote_user
users:
- username: mg
password: "{{ lookup('keepass', 'mg_irantu_hash', 'password') }}"
update_password: always
groups: ssh, sudo
state: present
public_ssh_key: "{{ ssh_public_key_mg }}"
allow_sudo: true
allow_passwordless_sudo: true
- username: ansible-user
password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}"
update_password: always
groups: ssh, sudo
state: present
public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu
allow_sudo: true
allow_passwordless_sudo: true
### mgrote.wireguard
wireguard_profiles:
- name: wg0
privatekey: "{{ lookup('keepass', 'wireguard_irantu_private_key', 'password') }}"
address: 10.25.25.4/24
dns: 192.168.2.37
publickey: yUDu0ReEz6CjFW6Ecoh2oN/eAGRtVQP38Bu5hJnv1w0=
allowedips: 192.168.2.0/24, 192.168.3.0/24
endpoint: mgrote.net:13231
- name: wg1
privatekey: "{{ lookup('keepass', 'wireguard_irantu_private_key', 'password') }}"
address: 10.25.25.4/24
dns: 192.168.2.37
publickey: yUDu0ReEz6CjFW6Ecoh2oN/eAGRtVQP38Bu5hJnv1w0=
allowedips: 0.0.0.0/0
endpoint: mgrote.net:13231
...