mg
/
homeserver
1
0
Fork 0
Code Issues 1 Pull Requests Activity
homeserver/host_vars/docker7.grote.lan.yml

321 lines
14 KiB
YAML
Raw Blame History

---
### mgrote.restic
restic_folders_to_backup: "/ /var/lib/docker /var/lib/docker2" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben; https://restic.readthedocs.io/en/latest/040_backup.html#excluding-files
#### mgrote.set_permissions
dir_permissions:
- path: /var/lib/docker2/httpd-registry
mode: '0777'
### mrlesmithjr.ansible-manage-lvm
lvm_groups:
- vgname: vg_docker
disks:
- /dev/sdb
create: true
lvnames:
- lvname: lv_docker
size: +100%FREE
create: true
filesystem: xfs
mount: true
mntp: /var/lib/docker
- vgname: vg_docker2
disks:
- /dev/sdc
create: true
lvnames:
- lvname: lv_docker2
size: +100%FREE
create: true
filesystem: xfs
mount: true
mntp: /var/lib/docker2/httpd-registry
manage_lvm: true
pvresize_to_max: true
### mgrote.apt_manage_packages
apt_packages_extra:
- libwww-curl-perl # für munin-plugin: unifi
- libjson-perl # für munin-plugin: unifi
- sshpass # fur munin mt_system_*
### mgrote.docker-compose-deploy
docker_compose_projects:
- name: watchtower
dir_name: docker-watchtower
repository_url: git.mgrote.net/mg/docker-watchtower
state: present
os_username: docker-user
repository_user: mg
repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
- name: ansible-ara
dir_name: docker-ansible-ara
repository_url: git.mgrote.net/mg/docker-ansible-ara
state: present
os_username: docker-user
repository_user: mg
repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
- name: homer
dir_name: docker-homer
repository_url: git.mgrote.net/mg/docker-homer
state: present
os_username: docker-user
repository_user: mg
repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
- name: photoprism
dir_name: docker-photoprism
repository_url: git.mgrote.net/mg/docker-photoprism
state: present
os_username: docker-user
repository_user: mg
repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
- name: miniflux
dir_name: docker-miniflux
repository_url: git.mgrote.net/mg/docker-miniflux
state: present
os_username: docker-user
repository_user: mg
repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
- name: traefik
dir_name: docker-traefik
repository_url: git.mgrote.net/mg/docker-traefik
state: present
os_username: docker-user
repository_user: mg
repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
network_name: nw_proxy_traefik
- name: munin-master
dir_name: docker-munin-master
repository_url: git.mgrote.net/mg/docker-munin-master_production
state: present
os_username: docker-user
repository_user: mg
repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
- name: oxidized
dir_name: docker-oxidized
repository_url: git.mgrote.net/mg/docker-oxidized
state: present
os_username: docker-user
repository_user: mg
repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
- name: librenms
dir_name: docker-librenms
repository_url: git.mgrote.net/mg/docker-librenms
state: present
os_username: docker-user
repository_user: mg
repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
- name: unifi-controller
dir_name: docker-unifi-controller
repository_url: git.mgrote.net/mg/docker-unifi-controller
state: present
os_username: docker-user
repository_user: mg
repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
- name: navidrome-mg
dir_name: docker-navidrome-mg
repository_url: git.mgrote.net/mg/docker-navidrome-mg
state: present
os_username: docker-user
repository_user: mg
repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
- name: hastebin
dir_name: docker-hastebin
repository_url: git.mgrote.net/mg/docker-hastebin
state: present
os_username: docker-user
repository_user: mg
repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
- name: apache-registry # fur diesen container ist das lv: lv_docker2 nach /var/lib/docker2/httpd-registry gemountet; dieser Pfad steht in der docker-compose.yml als Volume drin; dieser Ordner hat die Rechte 0777 damit jeder per SSH reinschrieben kann; ist fur drone.io eingerichtet; siehe $dir_permissions
dir_name: docker-apache-registry
repository_url: git.mgrote.net/Docker-Compose/apache-registry
state: present
os_username: docker-user
repository_user: mg
repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
git_branch: main
### oefenweb.ufw
ufw_rules: # ist extra weil bei munin kein subnet angegeben ist
- rule: allow
to_port: 22
protocol: tcp
comment: 'ssh'
from_ip: 0.0.0.0/0
- rule: allow
to_port: 4949
protocol: tcp
comment: 'munin'
from_ip: 0.0.0.0/0
- rule: allow
to_port: 443
protocol: tcp
comment: 'mf-filter' # da mgrote.net auf tarefik umgelietet wird funktioniert sonst mf-filter nicht, daher hier explizit Port 443 freigegeben
from_ip: 0.0.0.0/0
### geerlingguy.pip
pip_package: python3-pip
pip_install_packages:
- name: docker # für munin-plugin docker_
- name: fritzconnection # für munin fritzbox*
- name: lxml # für munin fritzbox*
- name: requests # für munin fritzbox*
### mgrote.munin-node
munin_node_allowed_cidrs: [0.0.0.0/0] # weil der munin-server aus einem anderen subnet zugreift
munin_node_plugins:
- name: timesync
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status
- name: systemd_status
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status
- name: systemd_mem
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_mem
config: |
[systemd_mem]
env.all_services true
- name: lvm_
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_
config: |
[lvm_*]
user root
- name: fail2ban
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
config: |
[fail2ban]
env.client /usr/bin/fail2ban-client
env.config_dir /etc/fail2ban
user root
- name: docker_containers
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
config: |
[docker_*]
user root
env.DOCKER_HOST unix://run/docker.sock
- name: docker_cpu
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
- name: docker_memory
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
- name: docker_network
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
- name: docker_volumes
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
- name: http_response
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/http/http_response
config: |
[http_response]
env.sites http://docker7.grote.lan:8888/nodes http://docker7.grote.lan:1234 http://docker7.grote.lan:5000 http://docker7.grote.lan:333 http://docker7.grote.lan:2233 http://docker7.grote.lan:2342 http://docker7.grote.lan:8081/ https://miniflux.mgrote.net/ http://docker7.grote.lan:3001 http://docker7.grote.lan:2342 https://audio.mgrote.net/mg
env.max_time 20
env.short_label true
env.follow_redirect true
- name: mt_system_crs309
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/router/mikrotik_system
config: |
[mt_system_crs309]
user root
env.ssh_user munin
env.ssh_password {{ lookup('keepass', 'crs309_munin_user', 'password') }}
env.ssh_host 192.168.2.224
- name: mt_system_hex
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/router/mikrotik_system
config: |
[mt_system_hex]
user root
env.ssh_user munin
env.ssh_password {{ lookup('keepass', 'hex_munin_user', 'password') }}
env.ssh_host 192.168.3.144
- name: mt_system_crs305
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/router/mikrotik_system
config: |
[mt_system_crs305]
user root
env.ssh_user munin
env.ssh_password {{ lookup('keepass', 'crs305_munin_user', 'password') }}
env.ssh_host 192.168.2.225
- name: mt_system_rb5009
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/router/mikrotik_system
config: |
[mt_system_rb5009]
user root
env.ssh_user munin
env.ssh_password {{ lookup('keepass', 'rb5009_munin_user', 'password') }}
env.ssh_host 192.168.2.1
- name: unifi
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/unifi
config: |
[unifi*]
# User name to login to unifi controller API. Default is "ubnt". Ideally, this should
# point to a read-only account.
env.user munin
# Password to login to unifi controller API. Default is "ubnt"
env.pass {{ lookup('keepass', 'unifi_munin_user', 'password') }}
# URL of the API, with port if needed. No trailing slash.
env.api_url https://docker7.grote.lan:8443
# Verify SSL certificate name against host.
# Note: if using a default cloudkey certificate, this will fail unless you manually add it
# to the local keystore.
# Default is "yes"
env.ssl_verify_host no
# Verify Peer's SSL vertiicate.
# Note: if using a default cloudkey certificate, this will fail
# Default is "yes"
env.ssl_verify_peer no
# The human readable name of the unifi site - used for graph titles
env.name Unifi
# By default, Use standard munin well know categories -
env.force_category unifi
#---
# Show device CPU utilization
env.enable_device_cpu yes
# Show device memory usage
env.enable_device_mem yes
# Show device load average (switches and APs only)
env.enable_device_load yes
# Show device uptime
env.enable_device_uptime yes
# Show number of clients connected to each device
env.enable_clients_device yes
# Show detailed graphs for each device (per device graphs)
env.enable_detail_clients_device yes
# Show number of clients connected to each network type
env.enable_clients_type yes
# Show detailed graphs for each client type (per type graphs)
env.enable_detail_clients_type yes
# Show unauthorized / authorized client list
# if you are not using the guest portal, this is useless
env.show_authorized_clients_type yes
# Show transfer statistics on switch ports; wirft Fehler wenn aktiv
env.enable_xfer_port no
# Show detailed graphs per switch port; wirft Fehler wenn aktiv
env.enable_detail_xfer_port no
# Hide ports that have no link (When set to no, unplugged ports will transfer 0, not be undefined); wirft Fehler wenn aktiv
env.hide_empty_xfer_port no
# Show transfer statistics per device; wirft Fehler wenn aktiv
env.enable_xfer_device no
# Show detailed graphs for each device; wirft Fehler wenn aktiv
env.enable_detail_xfer_device yes
# Show transfer statistics per named network; wirft Fehler wenn aktiv
env.enable_xfer_network no
# Show detailed graphs for each named network; wirft Fehler wenn aktiv
env.enable_detail_xfer_network no
# Show transfer statistics per radio; wirft Fehler wenn aktiv
env.enable_xfer_radio no
# Show detailed graphs for each radio; wirft Fehler wenn aktiv
env.enable_detail_xfer_radio no
- name: fritzbox_uptime.py
src: https://git.mgrote.net/mg/mirror-frododvr-fritzbox-munin/raw/branch/master/fritzbox_uptime.py
- name: fritzbox_traffic.py
src: https://git.mgrote.net/mg/mirror-frododvr-fritzbox-munin/raw/branch/master/fritzbox_traffic.py
- name: fritzbox_power.py
src: https://git.mgrote.net/mg/mirror-frododvr-fritzbox-munin/raw/branch/master/fritzbox_power_consumption.py
- name: fritzbox_memory.py
src: https://git.mgrote.net/mg/mirror-frododvr-fritzbox-munin/raw/branch/master/fritzbox_memory_usage.py
- name: fritzbox_helper.py
src: https://git.mgrote.net/mg/mirror-frododvr-fritzbox-munin/raw/branch/master/fritzbox_helper.py
- name: fritzbox_cpu.py
src: https://git.mgrote.net/mg/mirror-frododvr-fritzbox-munin/raw/branch/master/fritzbox_cpu_usage.py
- name: fritzbox_temp.py
src: https://git.mgrote.net/mg/mirror-frododvr-fritzbox-munin/raw/branch/master/fritzbox_cpu_temperature.py
- name: fritzbox_conn_uptime.py
src: https://git.mgrote.net/mg/mirror-frododvr-fritzbox-munin/raw/branch/master/fritzbox_connection_uptime.py
config: |
[fritzbox_*]
env.fritzbox_ip 192.168.5.1
env.fritzbox_username munin
env.fritzbox_password {{ lookup('keepass', 'fritzbox_munin_user', 'password') }}
env.traffic_remove_max true # if you do not want the possible max values
Reference in New Issue View Git Blame Copy Permalink