mg
0d17626c8f
doku bash alias als dotfile entfernt rg als standard dotfiles source timeshift aufgeräumt tasks wip timeshift snapd temp aus tasks Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: mg/ansible#129 Co-Authored-By: mg <mg@noreply.git.mgrote.net> Co-Committed-By: mg <mg@noreply.git.mgrote.net>
240 lines
8.8 KiB
YAML
240 lines
8.8 KiB
YAML
---
|
|
### wird in vielen Rollen verwendet
|
|
empfaenger_mail: michael.grote@posteo.de
|
|
file_header: |
|
|
#----------------------------------------------------------------#
|
|
# This file is managed with ansible! #
|
|
#----------------------------------------------------------------#
|
|
### geerlingguy.munin-node
|
|
munin_node_bind_host: "0.0.0.0"
|
|
munin_node_bind_port: "4949"
|
|
munin_node_allowed_cidrs: [192.168.2.0/24]
|
|
munin_node_disabled_plugins:
|
|
- name: meminfo # zu hohe last
|
|
- name: hddtemp2 # ersetzt durch hddtemp_smartctl
|
|
- name: squid_cache
|
|
- name: squid_objectsize
|
|
- name: squid_requests
|
|
- name: squid_traffic
|
|
- name: nfsd
|
|
- name: samba
|
|
- name: nfsd4
|
|
- name: ntp # verursacht zu viele dns ptr request
|
|
- name: cronjobs
|
|
- name: hddtempd # ersetzt durch hddtemp_smartctl
|
|
- name: ipmi_power # für pve2, leeres diagramm
|
|
- name: fail2ban
|
|
- name: fail2ban_
|
|
- name: apcupsd_pct
|
|
- name: kvm_io
|
|
- name: kvm_cpu
|
|
- name: docker_mem
|
|
- name: docker_cpu
|
|
munin_node_additional_plugins:
|
|
- name: chrony
|
|
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/chrony
|
|
- name: lvm_
|
|
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/lvm_
|
|
- name: systemd_status
|
|
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/systemd_status
|
|
munin_node_config: {
|
|
"lvm_": {
|
|
"user munin"
|
|
}
|
|
}
|
|
|
|
### mgrote.dotfiles
|
|
dotfiles_repo_url: https://git.mgrote.net/mg/dotfiles
|
|
dotfiles_repo_path: /home/mg/dotfiles
|
|
dotfiles_files:
|
|
- repo_path: "{{ dotfiles_repo_path}}/.vimrc"
|
|
local_path: "/home/mg/.vimrc"
|
|
- repo_path: "{{ dotfiles_repo_path}}/.tmux.conf"
|
|
local_path: "/home/mg/.tmux.conf"
|
|
- repo_path: "{{ dotfiles_repo_path}}/.gitconfig"
|
|
local_path: "/home/mg/.gitconfig"
|
|
dotfiles_dirs:
|
|
- path: /home/mg/.config/i3
|
|
- path: /home/mg/.config/polybar
|
|
dotfiles_owner: mg
|
|
### jnv.unattended_upgrades
|
|
unattended_mail: "{{ empfaenger_mail }}"
|
|
unattended_mail_only_on_error: true
|
|
unattended_syslog_enable: true
|
|
unattended_origins_patterns:
|
|
- 'origin=Ubuntu,archive=${distro_codename}-security'
|
|
- 'o=Ubuntu,a=${distro_codename}-updates'
|
|
### mgrote.ntp_chrony_server
|
|
ntp_chrony_timezone: "Europe/Berlin" # Zeitzone in der sich der Computer befindet
|
|
ntp_chrony_servers: # welche Server sollen befragt werden
|
|
- address: ntp-server.grote.lan
|
|
options: iburst #optionaler parameter
|
|
ntp_chrony_logging: false # logging an/aus
|
|
### mgrote.postfix
|
|
postfix_absender_mailadresse: info@mgrote.net
|
|
postfix_absender_passwort: "{{ lookup('keepass', 'postfix_absender_passwort', 'password') }}"
|
|
postfix_erlaubte_netzwerke: "127.0.0.0/8 192.168.2.0/24"
|
|
postfix_mail_nach_cronjob: false
|
|
postfix_smtp_server: smtp.strato.de
|
|
postfix_smtp_server_port: 587
|
|
postfix_smtp_use_tls: "yes"
|
|
### mgrote.apt_manage_sources
|
|
manage_sources_apt_proxy_url: "acng.grote.lan:9999/"
|
|
### mgrote.restic
|
|
restic_folders_to_backup: "/usr/local /etc /root /home"
|
|
restic_cron_hours: "19"
|
|
restic_repository: "//fileserver2.grote.lan/backup/restic"
|
|
restic_repository_password: "{{ lookup('keepass', 'restic_repository_password', 'password') }}"
|
|
restic_mount: "/mnt/restic"
|
|
restic_mount_user: restic
|
|
restic_mount_password: "{{ lookup('keepass', 'fileserver_smb_user_restic', 'password') }}"
|
|
restic_exclude: |
|
|
._*
|
|
desktop.ini
|
|
.Trash-*
|
|
**/**cache***/**
|
|
**/**Cache***/**
|
|
**/**AppData***/**
|
|
### mgrote.tmux
|
|
tmux_conf_destination: "/home/mg/.tmux.conf"
|
|
tmux_bashrc_destination: "/home/mg/.bashrc"
|
|
tmux_standardsession_name: "default"
|
|
### mgrote.fail2ban
|
|
f2b_bantime: 300
|
|
f2b_findtime: 300
|
|
f2b_maxretry: 5
|
|
f2b_destemail: "{{ empfaenger_mail }}"
|
|
f2b_sender: "{{ postfix_absender_mailadresse }}"
|
|
### oefenweb.ufw
|
|
ufw_rules:
|
|
- rule: allow
|
|
to_port: 22
|
|
protocol: tcp
|
|
comment: 'ssh'
|
|
from_ip: 192.168.2.0/24
|
|
- rule: allow
|
|
to_port: 4949
|
|
protocol: tcp
|
|
comment: 'munin'
|
|
from_ip: 192.168.2.144/24
|
|
ufw_default_incoming_policy: deny
|
|
ufw_default_outgoing_policy: allow
|
|
### ryandaniels.create_users
|
|
users:
|
|
- username: mg
|
|
password: "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}"
|
|
update_password: on_create
|
|
ssh_key: ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAp7z2WWUS626wY4laQJNGVYs5uOowrSOjd9RLsoPV5GWU46lsD+Q7CblqcBflvkzFiU16bzI0QZcQ9YP5M5LcYreCqCIq2HdeA4/hgIhlBGAzgp4mK8gZsEoCd2rs5888RA8T/oGnAoP0FXBegm2XmXTmt3826ZZUektCanSipMzrT3XUDZDnf1sTY60Fu8GK4hcRIFI7spM0u9upCYXVOrygBmoBQ5GlOyGEPyXs1Am/PERcVZFUPS0mGJ0COVCgEOaVvM8kEn5dK/QpmKqE8OMBsRdQ51pj9BMLNz/0IRnF6OxHDfEyLuqNPZuuBZc+/pULaZefCgjKGL1zXIFFlw== #generieren: ssh-keygen -o; für putty ändern https://www.oracle.com/webfolder/technetwork/tutorials/obe/cloud/ggcs/Change_private_key_format_for_Putty/Change_private_key_format_for_Putty.html#section2
|
|
use_sudo: yes
|
|
use_sudo_nopass: yes
|
|
user_state: present
|
|
groups: ssh, sudo, docker
|
|
servers:
|
|
- production
|
|
- test
|
|
- laptop
|
|
- username: munin
|
|
password: "{{ lookup('keepass', 'munin_linux_password_hash', 'password') }}"
|
|
update_password: always
|
|
use_sudo: yes
|
|
use_sudo_nopass: yes
|
|
user_state: present
|
|
groups: root, docker
|
|
servers:
|
|
- production
|
|
- username: root
|
|
password: "{{ lookup('keepass', 'root_linux_password_hash_proxmox', 'password') }}"
|
|
update_password: on_create
|
|
ssh_key: ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAp7z2WWUS626wY4laQJNGVYs5uOowrSOjd9RLsoPV5GWU46lsD+Q7CblqcBflvkzFiU16bzI0QZcQ9YP5M5LcYreCqCIq2HdeA4/hgIhlBGAzgp4mK8gZsEoCd2rs5888RA8T/oGnAoP0FXBegm2XmXTmt3826ZZUektCanSipMzrT3XUDZDnf1sTY60Fu8GK4hcRIFI7spM0u9upCYXVOrygBmoBQ5GlOyGEPyXs1Am/PERcVZFUPS0mGJ0COVCgEOaVvM8kEn5dK/QpmKqE8OMBsRdQ51pj9BMLNz/0IRnF6OxHDfEyLuqNPZuuBZc+/pULaZefCgjKGL1zXIFFlw== #generieren: ssh-keygen -o; für putty ändern https://www.oracle.com/webfolder/technetwork/tutorials/obe/cloud/ggcs/Change_private_key_format_for_Putty/Change_private_key_format_for_Putty.html#section2
|
|
use_sudo: yes
|
|
use_sudo_nopass: yes
|
|
user_state: present
|
|
groups: ssh, sudo
|
|
servers:
|
|
- proxmox
|
|
- username: ansible-user
|
|
password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}"
|
|
update_password: on_create
|
|
ssh_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyqs0OE5RVqs6tIzyuGQWvq/OVDa/tfdSEqMIwcthFt+pwCCjpqtNc8L8FSXgphSwuNosFakqhMLDFD3pmII+t61NRExsoR3nGTDuCAQnTvTKXTEfhnunN3pwgXWVTI68j9pRzmSy+hMkSFbgN9EGMSXxGcNunY7ewS3ZkVe08SWFpiX9giYq6uiOiMHsZKdcP6s2QRXUhZlTx2cOc/9gJ5lD82EUXQRZzT6ww2xVrceIW9c3CZFmSmYWxvrR7dPcHrke90FPPd5WhU+Anz++6GsT6+OhZTk+uQnBHllFXn9NoFQIEUDO4zV+gFXITaAbTkLAcCwuKB2QcDZ6C2mhf ansible-generated on ansible-v2
|
|
use_sudo: yes
|
|
use_sudo_nopass: yes
|
|
user_state: present
|
|
groups: ssh, sudo
|
|
servers:
|
|
- production
|
|
- test
|
|
- laptop
|
|
### mgrote.apt_install_packages
|
|
programs_common:
|
|
- locales
|
|
- python3
|
|
- build-essential
|
|
- htop
|
|
- git
|
|
- dnsutils
|
|
- nano
|
|
- mc
|
|
- cifs-utils
|
|
- ca-certificates
|
|
- netdiscover
|
|
- tree
|
|
- curl
|
|
- whois
|
|
- logrotate
|
|
- ncdu
|
|
- net-tools
|
|
- apt-transport-https
|
|
- neofetch
|
|
- moreutils
|
|
- ntpdate
|
|
- acl
|
|
- vim
|
|
- rsync
|
|
- at
|
|
- rg
|
|
programs_only_physical:
|
|
- hddtemp
|
|
- ipmitool
|
|
- s-tui
|
|
- smartmontools
|
|
- lm-sensors
|
|
- ethtool
|
|
programs_only_vms:
|
|
- qemu-guest-agent
|
|
- open-vm-tools
|
|
|
|
### mgrote.apcupsd
|
|
apcupsd_master_onbatterydelay: 10
|
|
apcupsd_master_batterylevel_for_shutdown: 50
|
|
apcupsd_master_minutes_for_shutdown: 10
|
|
apcupsd_master_nologon_when_active: disable
|
|
apcupsd_slave_onbatterydelay: 10
|
|
apcupsd_slave_batterylevel_for_shutdown: 50
|
|
apcupsd_slave_minutes_for_shutdown: 10
|
|
apcupsd_slave_nologon_when_active: disable
|
|
apcupsd_nis_master: on
|
|
apcupsd_nis_master_listen_ip: 0.0.0.0
|
|
apcupsd_nis_master_listen_port: 3551
|
|
apcupsd_ups_name: APC-BX950U-GR
|
|
|
|
|
|
# Ansible Variablen
|
|
### User
|
|
ansible_user: "ansible-user"
|
|
### SSH
|
|
ansible_ssh_common_args: "'-o StrictHostKeyChecking=no'"
|
|
### python3
|
|
# https://docs.ansible.com/ansible/latest/reference_appendices/python_3_support.html
|
|
ansible_python_interpreter: "/usr/bin/python3"
|
|
|
|
# Ansible Plugin Variablen
|
|
### Keepass
|
|
# https://github.com/viczem/ansible-keepass
|
|
keepass_dbx: "./keepass_db.kdbx"
|
|
keepass_psw: !vault |
|
|
$ANSIBLE_VAULT;1.1;AES256
|
|
62383737623066396239383336646164616537646630653964313532383130343533346561633039
|
|
3437306134656535353438666165376332633064383135650a636537626662656130376537633164
|
|
61613132326536666466636632363866393066656236303766333338356337396338376266346631
|
|
6364336331623539300a313562303161373631613734313938346666376239613333333363376236
|
|
38363035376662353135333332363431343833656666643036326234656166643531
|