webserver 5.15 KiB
# Host spezifische Variablen
motd_lines:
- "Webserver"
- "Öffentliche IPs: {{ansible_ens18.ipv4.address}} / {{ansible_ens18.ipv6[0].address}}"
debian_sources:
- "deb http://ftp2.de.debian.org/debian/ bookworm main contrib non-free non-free-firmware"
- "deb http://ftp.debian.org/debian bookworm-updates main contrib non-free non-free-firmware"
- "deb http://security.debian.org/ bookworm-security main contrib non-free non-free-firmware"
- "deb https://download.docker.com/linux/debian bookworm stable"
debian_keys_id:
debian_keys_url:
- "https://download.docker.com/linux/debian/gpg"
# Primäre IP Adressen des Hosts
ext_ip4: 159.69.57.51
ext_ip6: 2a01:4f8:231:8a1:159:69:57:51
int_ip4: 10.42.1.1
# Art des Hosts: physical, vm, docker
host_type: "vm"
# SSL aktivieren
webserver_ssl: true
# Liste der gehosteten Domänen
webserver_domains:
- "warpzone.ms"
- "api.warpzone.ms"
# - "auth.warpzone.ms"
- "gitlab.warpzone.ms"
- "matrix.warpzone.ms"
- "mailserver.warpzone.ms"
- "ldap.warpzone.ms"
- "keycloak.warpzone.ms"
- "md.warpzone.ms"
# - "turn.warpzone.ms"
- "wiki.warpzone.ms"
- "www.warpzone.ms"
# - "workadventure.warpzone.ms"
# - "play.workadventure.warpzone.ms"
# - "pusher.workadventure.warpzone.ms"
# - "api.workadventure.warpzone.ms"
# - "icon.workadventure.warpzone.ms"
#OpenVPN Konfigurationen
openvpn_server:
- "server-zone"
- "server-verwaltung"
administratorenteam:
- "void"
- "sandhome"
- "jabertwo"
# Docker konfigurationen
docker:
# Interne Docker-Netzwerke
internal_networks:
- web
# Monitoring aktivieren
alert:
load: warn: 5
crit: 10
containers:
- { name: "coturn-coturn-1" }
- { name: "dockerstats-app-1" }
- { name: "dokuwiki-app-1" }
- { name: "gitlab-app-1" }
- { name: "gitlab-dind-1" }
- { name: "gitlab-runner-1" }
- { name: "hackmd-app-1" }
- { name: "hackmd-db-1" }
- { name: "icinga-app-1" }
- { name: "icinga-db-1" }
- { name: "icinga-graphite-1" }
- { name: "keycloak-app-1" }
- { name: "keycloak-db-1" }
- { name: "keycloak-sync-group-active-1" }
- { name: "ldap-openldap-1" }
- { name: "ldap-phpldapadmin-1" }
- { name: "mail-admin-1" }
- { name: "mail-antispam-1" }
- { name: "mail-certdumper-1" }
- { name: "mail-db-1" }
- { name: "mail-front-1" }
- { name: "mail-imap-1" }
- { name: "mail-oletools-1" }
- { name: "mail-redis-1" }
- { name: "mail-resolver-1" }
- { name: "mail-smtp-1" }
- { name: "mail-webmail-1" }
- { name: "mail-mailman-core-1" }
- { name: "mail-mailman-web-1" }
- { name: "mail-mailman-nginx-1" }
- { name: "matrix-ma1sd-1" }
- { name: "matrix-db-1" }
- { name: "matrix-purgemediacache-1" }
- { name: "matrix-synapse-1" }
- { name: "matterbridge-cw-1" }
- { name: "matterbridge-wz-1" }
- { name: "matterbridge-web-1" }
- { name: "matterbridge-restarter-1" }
- { name: "traefik-app-1" }
- { name: "uffd-app-1" }
- { name: "uffd-db-1" }
- { name: "vpnserver-app-1" }
- { name: "warpapi-app-1" }
- { name: "watchtower-app-1" }
- { name: "wordpress-app-1" }
- { name: "wordpress-db-1" }
# - { name: "workadventure_back_1" }
# - { name: "workadventure_front_1" }
# - { name: "workadventure_icon_1" }
# - { name: "workadventure_pusher_1" }
# - { name: "workadventure_redis_1" }
disks:
- { mountpoint: "/", warn: "5 GB", crit: "1 GB" }
- { mountpoint: "/srv", warn: "5 GB", crit: "1 GB" }
# Definition von Borgbackup Repositories
borgbackup_repos:
# warpsrvint:
# # URL des Repos
# repo: "ssh://warpzone@192.168.0.201:22/data/warpzone/webserver"
# # Repo-spezifische Optionen zum Aufruf von Borgbackup
# # z.B. bei Sicherungen zu rsync.net ist --remote-path=borg1 erforderlich
# options: ""
# # Compression Options, z,b. "zlib,5, "zstd,5"
# compression: "zlib,5"
# # Prune Optionen
# prune: "--keep-within=2d --keep-daily=7 --keep-weekly=4 --keep-monthly=6"
# # Backup Schedule
# weekday: "*"
# hour: "6"
# minute: "0"
# # Zusätzliche Verzeichnisse, die nur in diesem Backup gesichtert werden sollen
# # directories:
# # Monitoring
# alert: true
# warning_age: 26
# critical_age: 50
# warning_count: 10
# critical_count: 5
borgbase:
# URL des Repos
repo: "ani9ve0q@ani9ve0q.repo.borgbase.com:repo"
# Repo-spezifische Optionen zum Aufruf von Borgbackup
# z.B. bei Sicherungen zu rsync.net ist --remote-path=borg1 erforderlich
options: ""
# Compression Options, z,b. "zlib,5, "zstd,5"
compression: "zlib,5"
# Prune Optionen
prune: "--keep-within=2d --keep-daily=7 --keep-weekly=4 --keep-monthly=6"
# Backup Schedule
weekday: "*"
hour: "4"
minute: "10"
# Zusätzliche Verzeichnisse, die nur in diesem Backup gesichtert werden sollen
# directories:
# Monitoring
alert: true
warning_age: 26
critical_age: 50
warning_count: 10
critical_count: 5
# Definition der Verzeichnisse, die in allen Borgbackup Repos gesichert werden sollen
borgbackup_directories:
- "/etc/"
- "/srv/"