293 lines
12 KiB
YAML
293 lines
12 KiB
YAML
---
|
|
### mrlesmithjr.ansible-manage-lvm
|
|
lvm_groups:
|
|
- vgname: vg_docker
|
|
disks:
|
|
- /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi1
|
|
create: true
|
|
lvnames:
|
|
- lvname: docker
|
|
size: +100%FREE
|
|
create: true
|
|
filesystem: xfs
|
|
mount: true
|
|
mntp: /var/lib/docker
|
|
- vgname: vg_docker2
|
|
disks:
|
|
- /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi2
|
|
create: true
|
|
lvnames:
|
|
- lvname: httpd
|
|
size: 1G
|
|
create: true
|
|
filesystem: xfs
|
|
mount: true
|
|
mntp: /mnt/httpd
|
|
manage_lvm: true
|
|
pvresize_to_max: true
|
|
### mgrote.restic
|
|
restic_folders_to_backup: "/ /var/lib/docker /mnt/httpd" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben
|
|
|
|
### mgrote.docker-compose-inline
|
|
compose_owner: "docker-user"
|
|
compose_group: "docker-user"
|
|
compose_file_permissions: "644"
|
|
compose_dir_permissions: "755"
|
|
compose_dest_basedir: "/docker"
|
|
compose_src_basedir: "{{ inventory_dir }}/docker-compose"
|
|
compose_files:
|
|
- name: oxidized
|
|
state: present
|
|
- name: homer
|
|
state: present
|
|
- name: munin
|
|
state: present
|
|
- name: drone
|
|
state: present
|
|
- name: nextcloud
|
|
state: present
|
|
network: traefik
|
|
- name: httpd # das Volume hat die Rechte 0777 damit jeder per SSH reinschreiben kann; ist fur drone.io eingerichtet; siehe $dir_permissions
|
|
state: present
|
|
- name: unifi-controller
|
|
state: present
|
|
- name: miniflux
|
|
state: present
|
|
network: traefik
|
|
- name: traefik
|
|
state: present
|
|
network: traefik
|
|
- name: navidrome
|
|
state: present
|
|
network: traefik
|
|
## del # am ende loschen, also die eiträge
|
|
- name: hastebin
|
|
state: absent
|
|
- name: photoprism
|
|
state: absent
|
|
- name: tor-snowflake
|
|
state: absent
|
|
- name: dozzle
|
|
state: absent
|
|
- name: ara
|
|
state: absent
|
|
- name: librenms
|
|
state: absent
|
|
|
|
#### mgrote.set_permissions
|
|
dir_permissions:
|
|
- path: /mnt/httpd
|
|
mode: '0777'
|
|
### oefenweb.ufw
|
|
ufw_rules:
|
|
- rule: allow
|
|
to_port: 22
|
|
protocol: tcp
|
|
comment: 'ssh'
|
|
from_ip: 0.0.0.0/0
|
|
- rule: allow
|
|
to_port: 4949
|
|
protocol: tcp
|
|
comment: 'munin'
|
|
from_ip: 0.0.0.0/0
|
|
# docker network inspect $(docker network ls -q)|grep -E "IPv(4|6)A" | grep -v \"\" | sort -h
|
|
- rule: allow
|
|
from_ip: 192.168.0.0/16
|
|
comment: 'docker networks'
|
|
- rule: allow
|
|
from_ip: 172.0.0.0/8
|
|
comment: 'docker networks'
|
|
|
|
### geerlingguy.pip
|
|
pip_package: python3-pip
|
|
pip_install_packages:
|
|
- name: docker # für munin-plugin docker_
|
|
- name: fritzconnection # für munin fritzbox*
|
|
- name: lxml # für munin fritzbox*
|
|
- name: requests # für munin fritzbox*
|
|
|
|
### mgrote.apt_manage_packages
|
|
apt_packages_extra:
|
|
- libwww-curl-perl # für munin-plugin: unifi
|
|
- libjson-perl # für munin-plugin: unifi
|
|
- sshpass # fur munin mt_system_*
|
|
|
|
### mgrote.munin-node
|
|
munin_node_allowed_cidrs: [0.0.0.0/0] # weil der munin-server aus einem anderen subnet zugreift
|
|
munin_node_plugins:
|
|
- name: timesync
|
|
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status
|
|
- name: systemd_status
|
|
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status
|
|
- name: systemd_mem
|
|
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_mem
|
|
config: |
|
|
[systemd_mem]
|
|
env.all_services true
|
|
- name: lvm_
|
|
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_
|
|
config: |
|
|
[lvm_*]
|
|
user root
|
|
- name: fail2ban
|
|
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
|
|
config: |
|
|
[fail2ban]
|
|
env.client /usr/bin/fail2ban-client
|
|
env.config_dir /etc/fail2ban
|
|
user root
|
|
- name: docker_containers
|
|
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
|
|
config: |
|
|
[docker_*]
|
|
user root
|
|
env.DOCKER_HOST unix://run/docker.sock
|
|
- name: docker_cpu
|
|
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
|
|
- name: docker_memory
|
|
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
|
|
- name: docker_network
|
|
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
|
|
- name: docker_volumes
|
|
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
|
|
- name: http_response
|
|
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/http/http_response
|
|
config: |
|
|
[http_response]
|
|
env.sites http://docker10.grote.lan:333 http://docker10.grote.lan:8888/nodes http://docker10.grote.lan:1234 https://nextcloud.mgrote.net http://docker10.grote.lan:2342 http://docker10.grote.lan:8000/login http://docker10.grote.lan:3344 http://docker10.grote.lan:5000 https://miniflux.mgrote.net/ http://docker10.grote.lan:3001 http://docker10.grote.lan:8081
|
|
env.max_time 20
|
|
env.short_label true
|
|
env.follow_redirect true
|
|
- name: mt_system_hex
|
|
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/router/mikrotik_system
|
|
config: |
|
|
[mt_system_hex]
|
|
user root
|
|
env.ssh_user munin
|
|
env.ssh_password {{ lookup('keepass', 'munin_user_hex', 'password') }}
|
|
env.ssh_host 192.168.3.144
|
|
- name: mt_system_crs305
|
|
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/router/mikrotik_system
|
|
config: |
|
|
[mt_system_crs305]
|
|
user root
|
|
env.ssh_user munin
|
|
env.ssh_password {{ lookup('keepass', 'munin_user_crs305', 'password') }}
|
|
env.ssh_host 192.168.2.225
|
|
- name: mt_system_rb5009
|
|
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/router/mikrotik_system
|
|
config: |
|
|
[mt_system_rb5009]
|
|
user root
|
|
env.ssh_user munin
|
|
env.ssh_password {{ lookup('keepass', 'munin_user_rb5009', 'password') }}
|
|
env.ssh_host 192.168.2.1
|
|
- name: unifi
|
|
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/unifi
|
|
config: |
|
|
[unifi*]
|
|
# User name to login to unifi controller API. Default is "ubnt". Ideally, this should
|
|
# point to a read-only account.
|
|
env.user munin
|
|
# Password to login to unifi controller API. Default is "ubnt"
|
|
env.pass {{ lookup('keepass', 'munin_user_unifi', 'password') }}
|
|
# URL of the API, with port if needed. No trailing slash.
|
|
env.api_url https://docker10.grote.lan:8443
|
|
# Verify SSL certificate name against host.
|
|
# Note: if using a default cloudkey certificate, this will fail unless you manually add it
|
|
# to the local keystore.
|
|
# Default is "yes"
|
|
env.ssl_verify_host no
|
|
# Verify Peer's SSL vertiicate.
|
|
# Note: if using a default cloudkey certificate, this will fail
|
|
# Default is "yes"
|
|
env.ssl_verify_peer no
|
|
# The human readable name of the unifi site - used for graph titles
|
|
env.name Unifi
|
|
# By default, Use standard munin well know categories -
|
|
env.force_category unifi
|
|
#---
|
|
# Show device CPU utilization
|
|
env.enable_device_cpu yes
|
|
# Show device memory usage
|
|
env.enable_device_mem yes
|
|
# Show device load average (switches and APs only)
|
|
env.enable_device_load yes
|
|
# Show device uptime
|
|
env.enable_device_uptime yes
|
|
# Show number of clients connected to each device
|
|
env.enable_clients_device yes
|
|
# Show detailed graphs for each device (per device graphs)
|
|
env.enable_detail_clients_device yes
|
|
# Show number of clients connected to each network type
|
|
env.enable_clients_type yes
|
|
# Show detailed graphs for each client type (per type graphs)
|
|
env.enable_detail_clients_type yes
|
|
# Show unauthorized / authorized client list
|
|
# if you are not using the guest portal, this is useless
|
|
env.show_authorized_clients_type yes
|
|
# Show transfer statistics on switch ports; wirft Fehler wenn aktiv
|
|
env.enable_xfer_port no
|
|
# Show detailed graphs per switch port; wirft Fehler wenn aktiv
|
|
env.enable_detail_xfer_port no
|
|
# Hide ports that have no link (When set to no, unplugged ports will transfer 0, not be undefined); wirft Fehler wenn aktiv
|
|
env.hide_empty_xfer_port no
|
|
# Show transfer statistics per device; wirft Fehler wenn aktiv
|
|
env.enable_xfer_device no
|
|
# Show detailed graphs for each device; wirft Fehler wenn aktiv
|
|
env.enable_detail_xfer_device yes
|
|
# Show transfer statistics per named network; wirft Fehler wenn aktiv
|
|
env.enable_xfer_network no
|
|
# Show detailed graphs for each named network; wirft Fehler wenn aktiv
|
|
env.enable_detail_xfer_network no
|
|
# Show transfer statistics per radio; wirft Fehler wenn aktiv
|
|
env.enable_xfer_radio no
|
|
# Show detailed graphs for each radio; wirft Fehler wenn aktiv
|
|
env.enable_detail_xfer_radio no
|
|
- name: fritzbox_uptime.py
|
|
src: https://git.mgrote.net/mg/mirror-frododvr-fritzbox-munin/raw/branch/master/fritzbox_uptime.py
|
|
- name: fritzbox_traffic.py
|
|
src: https://git.mgrote.net/mg/mirror-frododvr-fritzbox-munin/raw/branch/master/fritzbox_traffic.py
|
|
- name: fritzbox_power.py
|
|
src: https://git.mgrote.net/mg/mirror-frododvr-fritzbox-munin/raw/branch/master/fritzbox_power_consumption.py
|
|
- name: fritzbox_memory.py
|
|
src: https://git.mgrote.net/mg/mirror-frododvr-fritzbox-munin/raw/branch/master/fritzbox_memory_usage.py
|
|
- name: fritzbox_helper.py
|
|
src: https://git.mgrote.net/mg/mirror-frododvr-fritzbox-munin/raw/branch/master/fritzbox_helper.py
|
|
- name: fritzbox_cpu.py
|
|
src: https://git.mgrote.net/mg/mirror-frododvr-fritzbox-munin/raw/branch/master/fritzbox_cpu_usage.py
|
|
- name: fritzbox_temp.py
|
|
src: https://git.mgrote.net/mg/mirror-frododvr-fritzbox-munin/raw/branch/master/fritzbox_cpu_temperature.py
|
|
- name: fritzbox_conn_uptime.py
|
|
src: https://git.mgrote.net/mg/mirror-frododvr-fritzbox-munin/raw/branch/master/fritzbox_connection_uptime.py
|
|
config: |
|
|
[fritzbox_*]
|
|
env.fritzbox_ip 192.168.5.1
|
|
env.fritzbox_username munin
|
|
env.fritzbox_password {{ lookup('keepass', 'munin_user_fritzbox', 'password') }}
|
|
env.traffic_remove_max true # if you do not want the possible max values
|
|
- name: nextcloud_nextcloud.mgrote.net
|
|
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/nextcloud/nextcloud_
|
|
config: |
|
|
[nextcloud_nextcloud.mgrote.net]
|
|
env.username munin
|
|
env.password {{ lookup('keepass', 'munin_user_nextcloud', 'password') }}
|
|
env.api_path /ocs/v2.php/apps/serverinfo/api/v1/info
|
|
env.scheme https
|
|
- name: deye
|
|
src: https://git.mgrote.net/Mirror/munin-contrib/raw/branch/master/plugins/solar/deye
|
|
config: |
|
|
[deye]
|
|
env.user deyeadmin600
|
|
env.password {{ lookup('keepass', 'munin_deye_admin_pass', 'password') }}
|
|
env.ip 192.168.10.180
|
|
- name: solarman_api_inverter
|
|
src: https://raw.githubusercontent.com/quotengrote/contrib/deye2/plugins/solar/solarman_api_inverter # später austauschen nach merge
|
|
config: |
|
|
[solarman_api_inverter]
|
|
env.SLRM_APPID {{ lookup('keepass', 'SLRM_APPID', 'password') }}
|
|
env.SLRM_DEVICE_SN {{ lookup('keepass', 'SLRM_DEVICE_SN', 'password') }}
|
|
env.SLRM_MAIL {{ lookup('keepass', 'SLRM_MAIL', 'password') }}
|
|
env.SLRM_PASSWORD {{ lookup('keepass', 'SLRM_PASSWORD', 'password') }}
|
|
env.SLRM_APPSECRET {{ lookup('keepass', 'SLRM_APPSECRET', 'password') }}
|