Compare revisions

renovatebot · jabertwo · jabertwo · void · void · renovatebot
--- a/common/docker/templates/daemon.json
+++ b/common/docker/templates/daemon.json
@@ -6,7 +6,7 @@
      "max-file": "5"
    },
    "metrics-addr": "{{int_ip4}}:9323",
-    "experimental": true
+    "experimental": true,
+    "ip6tables": true
 }
--- a/common/docker_traefik/tasks/main.yml
+++ b/common/docker_traefik/tasks/main.yml
@@ -37,11 +37,19 @@
    dest: "{{ basedir }}/{{ item }}"
  with_items:
    - docker-compose.yml
-    - traefik.yml 
+    - traefik.yml
-    - dynamic/redirect-default.yml
    - dynamic/tls.yml
  register: config
+- name: redirect-default ersstellen, wenn domain_default definiert ist
+  template:
+    src: "{{ item }}"
+    dest: "{{ basedir }}/{{ item }}"
+  with_items:
+    - dynamic/redirect-default.yml
+  when: domain_default is defined
+  register: config
 - name: "stop {{ servicename}} docker"
  docker_compose:
    project_src: "{{ basedir }}"

--- a/common/docker_traefik/templates/docker-compose.yml
+++ b/common/docker_traefik/templates/docker-compose.yml
@@ -3,7 +3,7 @@ version: '2.4'
 services:
    app:
-        image: traefik:v2.9.8
+        image: traefik:v3.0
        restart: always
        ports:
            - "80:80"

--- a/common/docker_traefik/templates/dynamic/tls.yml
+++ b/common/docker_traefik/templates/dynamic/tls.yml
@@ -14,7 +14,6 @@ tls:
    options:
        default:
            sniStrict: true
-            preferServerCipherSuites: true
            minVersion: "VersionTLS12"
            curvePreferences:
                - "secp521r1"

--- a/common/wireguard/templates/webserver.conf
+++ b/common/wireguard/templates/webserver.conf
+[Interface]
+PrivateKey = {{ privatekey }}
+Address = 10.43.1.1 
+ListenPort = 51821
+[Peer]
+PublicKey = 9FLaGBXWjInPv4PFRuAJPPrPWruzocVrXg9lsmwGdX4=
+AllowedIPs = 10.43.1.2, 192.168.0.0/24, 10.0.0.0/23
--- a/group_vars/prod
+++ b/group_vars/prod
@@ -35,37 +35,37 @@ mail_domains:
    maildomain: warpzone.ms 
    mxserver: mailserver.warpzone.ms
    mxhostname: webserver
-    spf: "v=spf1 mx a:mailserver.warpzone.ms ~all"
+    spf: "v=spf1 mx a:{{ mail_domains.warpzonems.mxserver }} ip4:{{ hostvars['webserver'].ext_ip4 }} ip6:{{ hostvars['webserver'].ext_ip6 }} -all"
-    dmarc: v=DMARC1; p=none;
+    dmarc: "v=DMARC1; p=none;"
    dkim:
      - { selector: "dkim", value: "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxNnNZElbWq9EonFULbr8vWWykKmZEylRwjo4lYx/lXsGDFWBuNh2s6gFF10OuHWtavokjvh/7sFidNaRYQkn3uwHmylBWFn7Jr2lPWY8PBEoIeAZZx5qHaDWxJVgzE7maFyXAswDGXcR/DRTn2xR6osNXOovjGeYXq/atR/45iwfgkhqAaXaV1uP/K9y\" \"y2sZ2dRtGEwCKsWbP26cOZ6MUcADszgUTEp59iKey79m0uwi0IpA8WjEKVwbMcf/6fBw1ejIEjVUX+bami2fQ6RPl4uEyloco4paV3w/vww2hh4VchCFLYAEKMkZOZs/eTDGsjaMguwHbPeVJjkpX2T6WQIDAQAB" }
  member_warpzonems:
-    maildomain: member.warpzone.ms 
+    maildomain: "member.{{ mail_domains.warpzonems.maildomain }}" 
-    mxserver: mailserver.warpzone.ms
+    mxserver: "{{ mail_domains.warpzonems.mxserver }}"
-    mxhostname: webserver
+    mxhostname: "{{ mail_domains.warpzonems.mxhostname }}"
-    spf: "v=spf1 mx a:mailserver.warpzone.ms ~all"
+    spf: "{{ mail_domains.warpzonems.spf }}"
    dkim:
      - { selector: "dkim", value: "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu334a+uJ5b7D8UTz3Up6A8EjZhEnXaIpiIcKAGPXXD2ZBGmkWfUNcwDcfMoDErH6ntXzf0uH2VMvaajB/wdKLyly1irDKoyjLA3hJb5wnF9Gh0anL1qxY6UA189vWsw+2JlZJWyQ3IcaQ720SM3OrrK4AL3gRItieSEQ+23m5aW0P6sgUuMXTmmKLbd4\" \"DzZ14Emw293TD2p4gJtgxW/6EfIfcUU+/jP1NNm9gksyzynH1pJXPwVruo9u4QujEQiPqtVsVtrtUm1kbnW+pexj3eKOLLEHGZ+p5AZ/jtALk9pJfNumm/XHFK5PTZDBIipXOYvuG8RdwsaCQRezGKy04QIDAQAB" }
  lists_warpzonems:
-    maildomain: lists.warpzone.ms 
+    maildomain: "lists.{{ mail_domains.warpzonems.maildomain }}" 
-    mxserver: mailserver.warpzone.ms
+    mxserver: "{{ mail_domains.warpzonems.mxserver }}"
-    mxhostname: webserver
+    mxhostname: "{{ mail_domains.warpzonems.mxhostname }}"
-    spf: "v=spf1 mx a:mailserver.warpzone.ms ~all"
+    spf: "{{ mail_domains.warpzonems.spf }}"
    dkim:
      - { selector: "dkim", value: "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoO7SXkUkM17Y1Vi/cvO48IJmlReGWSaYHY+wEldLHt80TiXP0AGZ8nG+DshXi1J2D5xjn8cJu4VqgDrLFnsRJyGYKmi7yVukANVg6gjYlET4y5+UU7Vk2W3xhN2U/8F0rcyynALzQa8i4Y/wEI0qkgHyE6+lITmglJvlj6tgp4YYK2TBH3Zo//PukOmU\" \"6gG/qu0+6p+CepvqzfGT2l1duov5a2+DJJzlJTULJ5D5Blsmg/0GeC81gZ4QDC3S8aaM5Pw3I3lQCSJT4Q4Ge6Ues4ccagNrdnZhtHNaVFGdL1mR1k+G784gpMZphPj5MylNEpA3V4bD7/Ygf4GuAvHdMwIDAQAB" }
 #  chaostreffmuensterde:
 #    maildomain: chaostreff-muenster.de 
-#    mxserver: mailserver.warpzone.ms
+#    mxserver: "{{ mail_domains.warpzonems.mxserver }}"
-#    mxhostname: webserver
+#    mxhostname: "{{ mail_domains.warpzonems.mxhostname }}"
-#    spf: v=spf1 mx ~all
+#    spf: "{{ mail_domains.warpzonems.spf }}"
 #    dmarc: v=DMARC1; p=none;
 #    dkim:
 #      - { selector: "dkim", value: "v=DKIM1;k=rsa;t=s;s=email;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/OBnxYygjhKeZVyvhDAO1/O1XwyYEhQx3bW/rO/Wmp8ZzP/eQh3dljDEibj1KsfdUhfgTIU8CnTKLayb8B07MMzhBklpg8WUV2LrDmpndfhixizjaxzwBj/dhtiZE7e4BwhOPOmdBQ0cCIvNhMcQcCa1RgCpX/g5Ii0AtQ2zCPMTSOW5YWn+VY" }
 #  lists_chaostreffmuensterde:
-#    maildomain: lists.chaostreff-muenster.de 
+#    maildomain: "lists.{{ mail_domains.chaostreffmuensterde.maildomain }}"
-#    mxserver: mailserver.warpzone.ms
+#    mxserver: "{{ mail_domains.chaostreffmuensterde.mxserver }}"
-#    mxhostname: webserver
+#    mxhostname: "{{ mail_domains.chaostreffmuensterde.mxhostname }}"
-#    spf: v=spf1 mx ~all
+#    spf: "{{ mail_domains.chaostreffmuensterde.spf }}"
 #    dmarc: v=DMARC1; p=none;

--- a/host_vars/carrot
+++ b/host_vars/carrot
@@ -35,8 +35,8 @@ administratorenteam:
 # Monitoring aktivieren
 alert:
  load:
-    warn: 10
+    warn: 15
-    crit: 20
+    crit: 30
  disks:
    - { mountpoint: "/", warn: "5 GB", crit: "1 GB" }
--- a/host_vars/ogg
+++ b/host_vars/ogg
@@ -49,8 +49,8 @@ docker:
 # Monitoring aktivieren
 alert:
  load:
-    warn: 10
+    warn: 15
-    crit: 20
+    crit: 30
  containers:
    - { name: "dockerstats_app_1" }    
    - { name: "esphome_app_1" }    

--- a/host_vars/weatherwax
+++ b/host_vars/weatherwax
@@ -32,8 +32,8 @@ administratorenteam:
 # Monitoring aktivieren
 alert:
  load:
-    warn: 15
+    warn: 20
-    crit: 30
+    crit: 40
  disks:
    - { mountpoint: "/",         warn: "10 GB", crit: "3 GB" }
    # btrfs currently no data from node exporter 

--- a/intern/docker_homeassistant/templates/docker-compose.yml
+++ b/intern/docker_homeassistant/templates/docker-compose.yml
@@ -5,7 +5,7 @@ services:
  app:
-    image: homeassistant/home-assistant:2023.3
+    image: homeassistant/home-assistant:2023.6
    restart: always
    ports:
      - "{{ int_ip4 }}:{{ homematic_callback_port }}:{{ homematic_callback_port }}"

--- a/remote/docker_homeassistant/templates/docker-compose.yml
+++ b/remote/docker_homeassistant/templates/docker-compose.yml
@@ -5,7 +5,7 @@ services:
  app:
-    image: homeassistant/home-assistant:2023.3.3
+    image: homeassistant/home-assistant:2023.6.1
    restart: always
    volumes:
      - "/etc/localtime:/etc/localtime:ro"

--- a/site.yml
+++ b/site.yml
@@ -154,6 +154,7 @@
    - { role: common/kvm-guest, tags: kvm-guest }
    - { role: common/openvpn, tags: openvpn }
    - { role: common/prometheus-node, tags: prometheus-node }
+    - { role: common/wireguard, tags: wireguard }
    - { 
        role: common/docker_dockerstats, tags: dockerstats, 
        servicename: dockerstats, 
@@ -276,7 +277,6 @@
        servicename: traefik,
        basedir: /srv/traefik,
        domain: "warpzone.ms",
-        domain_default: "www.warpzone.ms" 
      }      
    - { 
        role: verwaltung/docker_gitea, tags: gitea,
No results found