mg
27a1a65608
at für alle at entfernt aufräumen when aktiviert aufräumen entferne reboot job aufgeräumt script durch reboot ersetzt reboot script für safekeeping doku depmod noch nhotwendig rolle nur mit explizit gesetzten parameter doku reboot vars angepasst doku aufgeräumt nur wenn nicht schon da funktiiniert grundlegend Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: mg/ansible#88 Co-Authored-By: mg <mg@noreply.git.mgrote.net> Co-Committed-By: mg <mg@noreply.git.mgrote.net>
171 lines
6.2 KiB
YAML
171 lines
6.2 KiB
YAML
---
|
|
### wird in vielen Rollen verwendet
|
|
empfaenger_mail: michael.grote@posteo.de
|
|
file_header: |
|
|
#----------------------------------------------------------------#
|
|
# This file is managed with ansible! #
|
|
#----------------------------------------------------------------#
|
|
### jnv.unattended_upgrades
|
|
unattended_mail: "{{ empfaenger_mail }}"
|
|
unattended_mail_only_on_error: true
|
|
unattended_syslog_enable: true
|
|
unattended_origins_patterns:
|
|
- 'origin=Ubuntu,archive=${distro_codename}-security'
|
|
- 'o=Ubuntu,a=${distro_codename}-updates'
|
|
### mgrote.ntp_chrony_server
|
|
ntp_chrony_timezone: "Europe/Berlin" # Zeitzone in der sich der Computer befindet
|
|
ntp_chrony_servers: # welche Server sollen befragt werden
|
|
- address: ntp-server.grote.lan
|
|
options: iburst #optionaler parameter
|
|
ntp_chrony_logging: false # logging an/aus
|
|
### mgrote.postfix
|
|
postfix_absender_mailadresse: info@mgrote.net
|
|
postfix_absender_passwort: "{{ lookup('keepass', 'postfix_absender_passwort', 'password') }}"
|
|
postfix_erlaubte_netzwerke: "127.0.0.0/8 192.168.2.0/24"
|
|
postfix_mail_nach_cronjob: false
|
|
postfix_smtp_server: smtp.strato.de
|
|
postfix_smtp_server_port: 587
|
|
postfix_smtp_use_tls: "yes"
|
|
### mgrote.apt_manage_sources
|
|
manage_sources_apt_proxy_url: "acng.grote.lan:9999/"
|
|
### mgrote.restic
|
|
restic_folders_to_backup: "/usr/local /etc /root /home"
|
|
restic_cron_hours: "19"
|
|
restic_repository: "//fileserver2.grote.lan/backup/restic"
|
|
restic_repository_password: "{{ lookup('keepass', 'restic_repository_password', 'password') }}"
|
|
restic_mount: "/mnt/restic"
|
|
restic_mount_user: restic
|
|
restic_mount_password: "{{ lookup('keepass', 'fileserver_smb_user_restic', 'password') }}"
|
|
restic_exclude: |
|
|
._*
|
|
desktop.ini
|
|
.Trash-*
|
|
**/**cache***/**
|
|
**/**Cache***/**
|
|
**/**AppData***/**
|
|
### mgrote.tmux
|
|
tmux_conf_destination: "/home/mg/.tmux.conf"
|
|
tmux_bashrc_destination: "/home/mg/.bashrc"
|
|
tmux_standardsession_name: "default"
|
|
### mgrote.fail2ban
|
|
f2b_bantime: 300
|
|
f2b_findtime: 300
|
|
f2b_maxretry: 5
|
|
f2b_destemail: "{{ empfaenger_mail }}"
|
|
f2b_sender: "{{ postfix_absender_mailadresse }}"
|
|
### oefenweb.ufw
|
|
ufw_rules:
|
|
- rule: allow
|
|
to_port: 22
|
|
protocol: tcp
|
|
comment: 'ssh'
|
|
from_ip: 192.168.2.0/24
|
|
ufw_default_incoming_policy: deny
|
|
ufw_default_outgoing_policy: allow
|
|
### ryandaniels.create_users
|
|
users:
|
|
- username: mg
|
|
password: "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}"
|
|
update_password: on_create
|
|
ssh_key: ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAp7z2WWUS626wY4laQJNGVYs5uOowrSOjd9RLsoPV5GWU46lsD+Q7CblqcBflvkzFiU16bzI0QZcQ9YP5M5LcYreCqCIq2HdeA4/hgIhlBGAzgp4mK8gZsEoCd2rs5888RA8T/oGnAoP0FXBegm2XmXTmt3826ZZUektCanSipMzrT3XUDZDnf1sTY60Fu8GK4hcRIFI7spM0u9upCYXVOrygBmoBQ5GlOyGEPyXs1Am/PERcVZFUPS0mGJ0COVCgEOaVvM8kEn5dK/QpmKqE8OMBsRdQ51pj9BMLNz/0IRnF6OxHDfEyLuqNPZuuBZc+/pULaZefCgjKGL1zXIFFlw== #generieren: ssh-keygen -o; für putty ändern https://www.oracle.com/webfolder/technetwork/tutorials/obe/cloud/ggcs/Change_private_key_format_for_Putty/Change_private_key_format_for_Putty.html#section2
|
|
use_sudo: yes
|
|
use_sudo_nopass: yes
|
|
user_state: present
|
|
groups: ssh, sudo, docker
|
|
servers:
|
|
- production
|
|
- test
|
|
- username: ansible-user
|
|
password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}"
|
|
update_password: on_create
|
|
ssh_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyqs0OE5RVqs6tIzyuGQWvq/OVDa/tfdSEqMIwcthFt+pwCCjpqtNc8L8FSXgphSwuNosFakqhMLDFD3pmII+t61NRExsoR3nGTDuCAQnTvTKXTEfhnunN3pwgXWVTI68j9pRzmSy+hMkSFbgN9EGMSXxGcNunY7ewS3ZkVe08SWFpiX9giYq6uiOiMHsZKdcP6s2QRXUhZlTx2cOc/9gJ5lD82EUXQRZzT6ww2xVrceIW9c3CZFmSmYWxvrR7dPcHrke90FPPd5WhU+Anz++6GsT6+OhZTk+uQnBHllFXn9NoFQIEUDO4zV+gFXITaAbTkLAcCwuKB2QcDZ6C2mhf ansible-generated on ansible-v2
|
|
use_sudo: yes
|
|
use_sudo_nopass: yes
|
|
user_state: present
|
|
groups: ssh, sudo
|
|
servers:
|
|
- production
|
|
- test
|
|
### geerlingguy.dotfiles
|
|
dotfiles_repo: "https://git.mgrote.net/mg/dotfiles"
|
|
dotfiles_repo_local_destination: "/home/mg/dotfiles-repo"
|
|
dotfiles_home: "/home/mg"
|
|
dotfiles_user: "mg"
|
|
dotfiles_repo_accept_hostkey: true
|
|
dotfiles_files:
|
|
- .bash_aliases
|
|
- .tmux.conf
|
|
- .gitconfig
|
|
- .vimrc
|
|
### mgrote.apt_install_packages
|
|
programs_common:
|
|
- locales
|
|
- python3
|
|
- build-essential
|
|
- htop
|
|
- git
|
|
- dnsutils
|
|
- nano
|
|
- mc
|
|
- cifs-utils
|
|
- ca-certificates
|
|
- netdiscover
|
|
- tree
|
|
- curl
|
|
- logrotate
|
|
- ncdu
|
|
- net-tools
|
|
- apt-transport-https
|
|
- neofetch
|
|
- moreutils
|
|
- ntpdate
|
|
- acl
|
|
- vim
|
|
- rsync
|
|
- at
|
|
programs_only_physical:
|
|
- hddtemp
|
|
- ipmitool
|
|
- s-tui
|
|
- smartmontools
|
|
- lm-sensors
|
|
programs_only_vms:
|
|
- qemu-guest-agent
|
|
- open-vm-tools
|
|
|
|
### mgrote.apcupsd
|
|
apcupsd_master_onbatterydelay: 10
|
|
apcupsd_master_batterylevel_for_shutdown: 50
|
|
apcupsd_master_minutes_for_shutdown: 10
|
|
apcupsd_master_nologon_when_active: disable
|
|
apcupsd_slave_onbatterydelay: 10
|
|
apcupsd_slave_batterylevel_for_shutdown: 50
|
|
apcupsd_slave_minutes_for_shutdown: 10
|
|
apcupsd_slave_nologon_when_active: disable
|
|
apcupsd_nis_master: on
|
|
apcupsd_nis_master_listen_ip: 0.0.0.0
|
|
apcupsd_nis_master_listen_port: 3551
|
|
apcupsd_ups_name: APC-BX950U-GR
|
|
|
|
|
|
# Ansible Variablen
|
|
### User
|
|
ansible_user: "ansible-user"
|
|
### SSH
|
|
ansible_ssh_common_args: "'-o StrictHostKeyChecking=no'"
|
|
### python3
|
|
# https://docs.ansible.com/ansible/latest/reference_appendices/python_3_support.html
|
|
ansible_python_interpreter: "/usr/bin/python3"
|
|
|
|
# Ansible Plugin Variablen
|
|
### Keepass
|
|
# https://github.com/viczem/ansible-keepass
|
|
keepass_dbx: "./keepass_db.kdbx"
|
|
keepass_psw: !vault |
|
|
$ANSIBLE_VAULT;1.1;AES256
|
|
62383737623066396239383336646164616537646630653964313532383130343533346561633039
|
|
3437306134656535353438666165376332633064383135650a636537626662656130376537633164
|
|
61613132326536666466636632363866393066656236303766333338356337396338376266346631
|
|
6364336331623539300a313562303161373631613734313938346666376239613333333363376236
|
|
38363035376662353135333332363431343833656666643036326234656166643531
|