mg/homeserver
1
0
Fork 0
Code Issues 1 Pull requests 1 Activity Actions
homeserver/group_vars/all.yml
mg d7dd0ef313 Defaults + Syntax (#65) 
zed defaults

zed syntax

scrub syntax

sanoid mit ts

health syntax

arc syntax

tmux syntax

smart syntax

restic handler

restic syntax

postfix syntax

chrony syntax

muster script mit ts

muster syntax

motd meta

motd syntax

smb syntax

f2b syntax

moreutils als standardsoftware

rasdaemon + cv4pve. date durch ts ersetzt

dokuwiki defaults

dokuwiki syntax

cv4 handler entfernt

apt manage sources: / in var

apt install packages syntax

apcupsd syntax

acng defaults

acng syntax

Co-authored-by: Michael Grote <michael.grote@posteo.de>
Reviewed-on: mg/ansible#65
Co-Authored-By: mg <mg@noreply.git.mgrote.net>
Co-Committed-By: mg <mg@noreply.git.mgrote.net>
2021-04-09 23:29:03 +02:00

168 lines
6.2 KiB
YAML
Raw Blame History

---
### wird in vielen Rollen verwendet
empfaenger_mail: michael.grote@posteo.de
file_header: |
#----------------------------------------------------------------#
# This file is managed with ansible! #
#----------------------------------------------------------------#
### jnv.unattended_upgrades
unattended_mail: "{{ empfaenger_mail }}"
unattended_mail_only_on_error: true
unattended_syslog_enable: true
unattended_origins_patterns:
- 'origin=Ubuntu,archive=${distro_codename}-security'
- 'o=Ubuntu,a=${distro_codename}-updates'
### mgrote.ntp_chrony_server
ntp_chrony_timezone: "Europe/Berlin" # Zeitzone in der sich der Computer befindet
ntp_chrony_servers: # welche Server sollen befragt werden
- address: ntp-server.grote.lan
options: iburst #optionaler parameter
ntp_chrony_logging: false # logging an/aus
### mgrote.postfix
postfix_absender_mailadresse: info@mgrote.net
postfix_absender_passwort: "{{ lookup('keepass', 'postfix_absender_passwort', 'password') }}"
postfix_erlaubte_netzwerke: "127.0.0.0/8 192.168.2.0/24"
postfix_mail_nach_cronjob: false
postfix_smtp_server: smtp.strato.de
postfix_smtp_server_port: 587
postfix_smtp_use_tls: "yes"
### mgrote.apt_manage_sources
manage_sources_apt_proxy_url: "acng.grote.lan:9999/"
### mgrote.restic
restic_folders_to_backup: "/usr/local /etc /root /home"
restic_cron_hours: "19"
restic_repository: "//fileserver2.grote.lan/backup/restic"
restic_repository_password: "{{ lookup('keepass', 'restic_repository_password', 'password') }}"
restic_mount: "/mnt/restic"
restic_mount_user: restic
restic_mount_password: "{{ lookup('keepass', 'fileserver_smb_user_restic', 'password') }}"
restic_exclude: |
._*
desktop.ini
.Trash-*
**/**cache***/**
**/**Cache***/**
**/**AppData***/**
### mgrote.tmux
tmux_conf_destination: "/home/mg/.tmux.conf"
tmux_bashrc_destination: "/home/mg/.bashrc"
tmux_standardsession_name: "default"
### mgrote.fail2ban
f2b_bantime: 300
f2b_findtime: 300
f2b_maxretry: 5
f2b_destemail: "{{ empfaenger_mail }}"
f2b_sender: "{{ postfix_absender_mailadresse }}"
### oefenweb.ufw
ufw_rules:
- rule: allow
to_port: 22
protocol: tcp
comment: 'ssh'
from_ip: 192.168.2.0/24
ufw_default_incoming_policy: deny
ufw_default_outgoing_policy: allow
### ryandaniels.create_users
users:
- username: mg
password: "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}"
update_password: on_create
ssh_key: ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAp7z2WWUS626wY4laQJNGVYs5uOowrSOjd9RLsoPV5GWU46lsD+Q7CblqcBflvkzFiU16bzI0QZcQ9YP5M5LcYreCqCIq2HdeA4/hgIhlBGAzgp4mK8gZsEoCd2rs5888RA8T/oGnAoP0FXBegm2XmXTmt3826ZZUektCanSipMzrT3XUDZDnf1sTY60Fu8GK4hcRIFI7spM0u9upCYXVOrygBmoBQ5GlOyGEPyXs1Am/PERcVZFUPS0mGJ0COVCgEOaVvM8kEn5dK/QpmKqE8OMBsRdQ51pj9BMLNz/0IRnF6OxHDfEyLuqNPZuuBZc+/pULaZefCgjKGL1zXIFFlw== #generieren: ssh-keygen -o; für putty ändern https://www.oracle.com/webfolder/technetwork/tutorials/obe/cloud/ggcs/Change_private_key_format_for_Putty/Change_private_key_format_for_Putty.html#section2
use_sudo: yes
use_sudo_nopass: yes
user_state: present
groups: ssh, sudo, docker
servers:
- production
- test
- username: ansible-user
password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}"
update_password: on_create
ssh_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyqs0OE5RVqs6tIzyuGQWvq/OVDa/tfdSEqMIwcthFt+pwCCjpqtNc8L8FSXgphSwuNosFakqhMLDFD3pmII+t61NRExsoR3nGTDuCAQnTvTKXTEfhnunN3pwgXWVTI68j9pRzmSy+hMkSFbgN9EGMSXxGcNunY7ewS3ZkVe08SWFpiX9giYq6uiOiMHsZKdcP6s2QRXUhZlTx2cOc/9gJ5lD82EUXQRZzT6ww2xVrceIW9c3CZFmSmYWxvrR7dPcHrke90FPPd5WhU+Anz++6GsT6+OhZTk+uQnBHllFXn9NoFQIEUDO4zV+gFXITaAbTkLAcCwuKB2QcDZ6C2mhf ansible-generated on ansible-v2
use_sudo: yes
use_sudo_nopass: yes
user_state: present
groups: ssh, sudo
servers:
- production
- test
### geerlingguy.dotfiles
dotfiles_repo: "https://git.mgrote.net/mg/dotfiles"
dotfiles_repo_local_destination: "/home/mg/dotfiles-repo"
dotfiles_home: "/home/mg"
dotfiles_user: "mg"
dotfiles_repo_accept_hostkey: true
dotfiles_files:
- .bash_aliases
- .tmux.conf
- .gitconfig
- .vimrc
### mgrote.apt_install_packages
programs_common:
- locales
- python3
- build-essential
- htop
- git
- dnsutils
- nano
- mc
- cifs-utils
- ca-certificates
- netdiscover
- tree
- curl
- logrotate
- ncdu
- net-tools
- apt-transport-https
- neofetch
- moreutils
- ntpdate
- acl
- vim
programs_only_physical:
- hddtemp
- ipmitool
- s-tui
- smartmontools
- lm-sensors
programs_only_vms:
- qemu-guest-agent
- open-vm-tools
### mgrote.apcupsd
apcupsd_master_onbatterydelay: 10
apcupsd_master_batterylevel_for_shutdown: 50
apcupsd_master_minutes_for_shutdown: 10
apcupsd_master_nologon_when_active: disable
apcupsd_slave_onbatterydelay: 10
apcupsd_slave_batterylevel_for_shutdown: 50
apcupsd_slave_minutes_for_shutdown: 10
apcupsd_slave_nologon_when_active: disable
apcupsd_nis_master: on
apcupsd_nis_master_listen_ip: 0.0.0.0
apcupsd_nis_master_listen_port: 3551
apcupsd_ups_name: APC-BX950U-GR
# Ansible Variablen
### User
ansible_user: "ansible-user"
### SSH
ansible_ssh_common_args: "'-o StrictHostKeyChecking=no'"
### python3
# https://docs.ansible.com/ansible/latest/reference_appendices/python_3_support.html
ansible_python_interpreter: "/usr/bin/python3"
# Ansible Plugin Variablen
### Keepass
# https://github.com/viczem/ansible-keepass
keepass_dbx: "./keepass_db.kdbx"
keepass_psw: !vault |
$ANSIBLE_VAULT;1.1;AES256
62383737623066396239383336646164616537646630653964313532383130343533346561633039
3437306134656535353438666165376332633064383135650a636537626662656130376537633164
61613132326536666466636632363866393066656236303766333338356337396338376266346631
6364336331623539300a313562303161373631613734313938346666376239613333333363376236
38363035376662353135333332363431343833656666643036326234656166643531
Reference in a new issue View git blame Copy permalink