dhcpdns/kea/tasks/main.yml

+---
+
+- include_tasks: ../functions/get_secret.yml
+  with_items:
+    - { path: "/etc/kea/kea_api_password", length: 22 }
+    - { path: "/etc/kea/kea_ddns_key", length: 44 }
+
+
+- name: "Instaliere debian Pakete" 
+  apt:
+    update_cache: yes
+    state: present
+    name:
+      - isc-kea
+
+
+- name: "Copy Service Config Files"
+  template: 
+    src: "{{ item }}" 
+    dest: "/etc/kea/{{ item }}"
+  with_items: 
+    - kea-ctrl-agent.conf
+    - kea-dhcp-ddns.conf
+    - kea-dhcp4.conf
+
+
+- name: enable and restart isc-kea-dhcp-ddns-server.service
+  systemd:
+    name: "isc-kea-dhcp-ddns-server.service"
+    state: restarted
+    enabled: True
+
+
+- name: enable and restart isc-kea-dhcp4-server.service
+  systemd:
+    name: "isc-kea-dhcp4-server.service"
+    state: restarted
+    enabled: True
+
+
+- name: disable isc-kea-dhcp6-server.service
+  systemd:
+    name: "isc-kea-dhcp6-server.service"
+    state: stopped
+    enabled: False
+
+
+- name: enable and restart isc-kea-ctrl-agent.service
+  systemd:
+    name: "isc-kea-ctrl-agent.service"
+    state: restarted
+    enabled: True
+

dhcpdns/kea/templates/kea-ctrl-agent.conf

+// For official documentation, see: https://kea.readthedocs.io/
+{
+"Control-agent": {
+    "http-host": "127.0.0.1",
+    "http-port": {{ kea_ctrl_agent_port }},
+    "authentication": {
+        "type": "basic",
+        "realm": "Kea Control Agent",
+        "directory": "/etc/kea",
+        "clients": [
+            {
+                "user": "{{ kea_ctrl_agent_user }}",
+                "password-file": "kea_api_password"
+            }
+        ]
+    },
+    "control-sockets": {
+        "dhcp4": {
+            "socket-type": "unix",
+            "socket-name": "kea4-ctrl-socket"
+        },
+        "dhcp6": {
+            "socket-type": "unix",
+            "socket-name": "kea6-ctrl-socket"
+        },
+        "d2": {
+            "socket-type": "unix",
+            "socket-name": "kea-ddns-ctrl-socket"
+        }
+    },
+    "loggers": [
+    {
+        "name": "kea-ctrl-agent",
+        "output-options": [
+            {
+                "output": "stdout",
+                "pattern": "%-5p %m\n"
+            }
+        ],
+        "severity": "INFO",
+        "debuglevel": 0
+    }
+    ]
+}
+}

dhcpdns/kea/templates/kea-dhcp-ddns.conf

+// For official documentation, see: https://kea.readthedocs.io/
+{
+    "DhcpDdns": {
+        "ip-address": "127.0.0.1",
+        "port": {{ kea_ddns_service_port }},
+        "dns-server-timeout" : 1000,
+        "user-context": { "version": 1 },
+        "control-socket": {
+            "socket-type": "unix",
+            "socket-name": "kea-ddns-ctrl-socket"
+        },
+        "forward-ddns":
+        {
+            "ddns-domains":
+            [
+            {
+                "comment": "warpzone.lan",
+                "name": "warpzone.lan.",
+                "key-name": "kea-ddns-key",
+                "dns-servers":
+                [
+                    {
+                        "ip-address": "127.0.0.1"
+                    }
+                ]
+            },
+            ]
+        },
+        "reverse-ddns":
+        {
+            "ddns-domains":
+            [
+                {
+                    "name": "0.0.10.in-addr.arpa.",
+                    "key-name": "kea-ddns-key",
+                    "dns-servers": [ { "ip-address": "127.0.0.1" } ]
+                },
+                {
+                    "name": "1.0.10.in-addr.arpa.",
+                    "key-name": "kea-ddns-key",
+                    "dns-servers": [ { "ip-address": "127.0.0.1" } ]
+                },
+                {
+                    "name": "2.0.10.in-addr.arpa.",
+                    "key-name": "kea-ddns-key",
+                    "dns-servers": [ { "ip-address": "127.0.0.1" } ]
+                },
+                {
+                    "name": "3.0.10.in-addr.arpa.",
+                    "key-name": "kea-ddns-key",
+                    "dns-servers": [ { "ip-address": "127.0.0.1" } ]
+                }
+            ]
+        },
+        "tsig-keys": [
+            {
+                "name": "kea-ddns-key",
+                "algorithm": "hmac-sha256",
+                "secret": "{{ kea_ddns_key }}"
+            }
+        ],
+        "loggers": [
+            {
+                "name": "kea-dhcp-ddns",
+                "output-options": [
+                    {
+                        "output": "stdout",
+                        "pattern": "%-5p %m\n"
+                    }
+                ],
+                "severity": "INFO",
+                "debuglevel": 0
+            }
+        ]
+    }
+}

dhcpdns/kea/templates/kea-dhcp4.conf

+// For official documentation, see: https://kea.readthedocs.io/
+{
+"Dhcp4": {
+    "interfaces-config": {
+        "interfaces": [ "*" ]
+    },
+    "control-socket": {
+        "socket-type": "unix",
+        "socket-name": "kea4-ctrl-socket"
+    },
+    "lease-database": {
+        "type": "memfile",
+        "lfc-interval": 3600
+    },
+    "expired-leases-processing": {
+        "reclaim-timer-wait-time": 10,
+        "flush-reclaimed-timer-wait-time": 25,
+        "hold-reclaimed-time": 3600,
+        "max-reclaim-leases": 100,
+        "max-reclaim-time": 250,
+        "unwarned-reclaim-cycles": 5
+    },
+    "renew-timer": 3600,
+    "rebind-timer": 7200,
+    "valid-lifetime": 14400,
+    "option-data": [
+        {
+            "name": "domain-name-servers",
+            "data": "{{ int_ip4 }}"
+        },
+        {
+            "name": "domain-name",
+            "data": "warpzone.lan"
+        },
+        {
+            "name": "domain-search",
+            "data": "warpzone.lan"
+        }
+    ],
+    "subnet4": [
+        {
+            "id": 1,
+            "subnet": "10.0.0.0/22",
+            "pools": [ { "pool": "10.0.0.3 - 10.0.3.254" } ],
+            "option-data": [
+                {
+                    "name": "routers",
+                    "data": "10.0.0.1"
+                }
+            ]
+        }
+    ],
+    "loggers": [
+    {
+        "name": "kea-dhcp4",
+        "output-options": [
+            {
+                "output": "stdout",
+                "pattern": "%-5p %m\n"
+            }
+        ],
+        "severity": "INFO",
+        "debuglevel": 0
+    }
+    ],
+    "hooks-libraries": [
+    { 
+        "library": "/usr/lib/x86_64-linux-gnu/kea/hooks/libdhcp_lease_cmds.so" 
+    }
+    ],
+    "server-hostname": "{{ inventory_hostname }}",
+    "ddns-send-updates": true,
+    "ddns-override-no-update": false,
+    "ddns-override-client-update": false,
+    "ddns-replace-client-name": "never",
+    "ddns-generated-prefix": "",
+    "ddns-qualifying-suffix": "warpzone.lan",
+    "ddns-update-on-renew": true,
+    "ddns-conflict-resolution-mode": "check-with-dhcid",
+    "hostname-char-set": "",
+    "hostname-char-replacement": "",
+    "dhcp-ddns": {
+        "enable-updates": true,
+        "server-ip": "127.0.0.1",
+        "server-port": {{ kea_ddns_service_port }},
+        "sender-ip": "",
+        "sender-port": 0,
+        "max-queue-size": 1024,
+        "ncr-protocol": "UDP",
+        "ncr-format": "JSON"
+    },
+}
+}

functions @ e8a04941

-Subproject commit 900377e4f72486f6699ecf736f96adfbc04e92da
+Subproject commit e8a049414bca2b14b158444dac1b94c2ca90d9be

group_vars/all

@@ -5,21 +5,4 @@ ansible_python_interpreter: /usr/bin/python3
 # Globale Variablen für alle Server
 
 # Letsencrypt notification mail 
-letsencrypt_mail: verwaltung@warpzone.ms
-
-
-
-# Zentrale InfluxDb für Systemmonitoring  
-influxdb_sysmon:
-  url: "http://192.168.0.201:18086"
-  db: "influx"
-  user: "influx" 
-  password: "influx" 
-
-# Zentrale InfluxDb für Snmp Daten   
-influxdb_snmp:
-  url: "http://192.168.0.201:28086"
-  db: "influx"
-  user: "influx" 
-  password: "influx" 
-
+letsencrypt_mail: verwaltung@warpzone.ms
\ No newline at end of file

group_vars/prod

-# Globale Variablen für alle produktiven Server
-
-# Ports des LDAP Servers 
-ldap_port_default: 389
-ldap_port_secure: 636
-
-# IP Adresse des LDAP Servers
-# Extern läuft auf dem webserver
-ldap_ip_ext: 10.42.1.1
-
-
-# Basis-Informationen der LDAP Konfiguration 
-ldap_org: Warpzone
-ldap_domain: warpzone.ms
-ldap_base_dn: dc=warpzone,dc=ms
-ldap_admin_bind_dn: cn=admin,dc=warpzone,dc=ms
-ldap_readonly_bind_dn: cn=readonly,dc=warpzone,dc=ms
-ldap_group_dn: ou=groups,dc=warpzone,dc=ms
-ldap_group_active_dn: cn=active,ou=groups,dc=warpzone,dc=ms
 
 # SMTP Settings 
 smtp_domain: warpzone.ms
@@ -32,40 +13,40 @@ global_domains:
 # Globale Mail konfiguration 
 mail_domains:
   warpzonems:
-    maildomain: warpzone.ms 
-    mxserver: mailserver.warpzone.ms
-    mxhostname: webserver
-    spf: v=spf1 mx ~all
-    dmarc: v=DMARC1; p=none;
+    maildomain: "warpzone.ms" 
+    mxserver: "mailserver.warpzone.ms"
+    mxhostname: "webserver"
+    spf: "v=spf1 mx a:mailserver.warpzone.ms ip4:{{ hostvars['webserver'].ext_ip4 }} ip6:{{ hostvars['webserver'].ext_ip6 }} -all"
+    dmarc: "v=DMARC1; p=none;"
     dkim:
-      - { selector: "dkim", value: "v=DKIM1;k=rsa;t=s;s=email;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+ZvoSoa2LwBbzQMD9laVy8hUGbvhe1LkL/6SIk3Ks8GfiT7p+hdlbcvo+noBR4gvbmSWwn3yBxOnGCtSH+iP0q7HHrmeEXJqGkLK25zZh1EO8bZqIHi2NX/LnN7dJTO8C27CRLME+YtWdrDaerIWXsHk7U+qD1ZuM5Q+FgAzsQ5uxQVlD6sO3IU" }
+      - { selector: "dkim", value: "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxNnNZElbWq9EonFULbr8vWWykKmZEylRwjo4lYx/lXsGDFWBuNh2s6gFF10OuHWtavokjvh/7sFidNaRYQkn3uwHmylBWFn7Jr2lPWY8PBEoIeAZZx5qHaDWxJVgzE7maFyXAswDGXcR/DRTn2xR6osNXOovjGeYXq/atR/45iwfgkhqAaXaV1uP/K9y\" \"y2sZ2dRtGEwCKsWbP26cOZ6MUcADszgUTEp59iKey79m0uwi0IpA8WjEKVwbMcf/6fBw1ejIEjVUX+bami2fQ6RPl4uEyloco4paV3w/vww2hh4VchCFLYAEKMkZOZs/eTDGsjaMguwHbPeVJjkpX2T6WQIDAQAB" }
   member_warpzonems:
-    maildomain: member.warpzone.ms 
-    mxserver: mailserver.warpzone.ms
-    mxhostname: webserver
-    spf: v=spf1 mx ~all
-    dmarc: v=DMARC1; p=none;
+    maildomain: "member.warpzone.ms" 
+    mxserver: "mailserver.warpzone.ms"
+    mxhostname: "webserver"
+    spf: "v=spf1 mx a:mailserver.warpzone.ms ip4:{{ hostvars['webserver'].ext_ip4 }} ip6:{{ hostvars['webserver'].ext_ip6 }} -all"
     dkim:
-      - { selector: "dkim", value: "v=DKIM1;k=rsa;t=s;s=email;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8lZDykC3gbxSHMwTNO7QrDytlO9Sg66nEXpIv1/GqQrj3T1i3tTn05XxpJbRXUMuooaP6xZqt2OR3f/Wex6d4WwHH4Z1YuvyKDUWewynGZ3Ge+Vca8T0LBdDw7DZWtkXv94SHPWLyPWuuBXQs2nAgrMn3rtlwKovEsOqg85mFNb1EVm9Rgj9TB2" }
+      - { selector: "dkim", value: "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu334a+uJ5b7D8UTz3Up6A8EjZhEnXaIpiIcKAGPXXD2ZBGmkWfUNcwDcfMoDErH6ntXzf0uH2VMvaajB/wdKLyly1irDKoyjLA3hJb5wnF9Gh0anL1qxY6UA189vWsw+2JlZJWyQ3IcaQ720SM3OrrK4AL3gRItieSEQ+23m5aW0P6sgUuMXTmmKLbd4\" \"DzZ14Emw293TD2p4gJtgxW/6EfIfcUU+/jP1NNm9gksyzynH1pJXPwVruo9u4QujEQiPqtVsVtrtUm1kbnW+pexj3eKOLLEHGZ+p5AZ/jtALk9pJfNumm/XHFK5PTZDBIipXOYvuG8RdwsaCQRezGKy04QIDAQAB" }
   lists_warpzonems:
-    maildomain: lists.warpzone.ms 
-    mxserver: mailserver.warpzone.ms
-    mxhostname: webserver
-    spf: v=spf1 mx ~all
-    dmarc: v=DMARC1; p=none;
+    maildomain: "lists.warpzone.ms" 
+    mxserver: "mailserver.warpzone.ms"
+    mxhostname: "webserver"
+    spf: "v=spf1 mx a:mailserver.warpzone.ms ip4:{{ hostvars['webserver'].ext_ip4 }} ip6:{{ hostvars['webserver'].ext_ip6 }} -all"
+    dkim:
+      - { selector: "dkim", value: "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoO7SXkUkM17Y1Vi/cvO48IJmlReGWSaYHY+wEldLHt80TiXP0AGZ8nG+DshXi1J2D5xjn8cJu4VqgDrLFnsRJyGYKmi7yVukANVg6gjYlET4y5+UU7Vk2W3xhN2U/8F0rcyynALzQa8i4Y/wEI0qkgHyE6+lITmglJvlj6tgp4YYK2TBH3Zo//PukOmU\" \"6gG/qu0+6p+CepvqzfGT2l1duov5a2+DJJzlJTULJ5D5Blsmg/0GeC81gZ4QDC3S8aaM5Pw3I3lQCSJT4Q4Ge6Ues4ccagNrdnZhtHNaVFGdL1mR1k+G784gpMZphPj5MylNEpA3V4bD7/Ygf4GuAvHdMwIDAQAB" }
 #  chaostreffmuensterde:
 #    maildomain: chaostreff-muenster.de 
-#    mxserver: mailserver.warpzone.ms
-#    mxhostname: webserver
-#    spf: v=spf1 mx ~all
+#    mxserver: "mailserver.warpzone.ms"
+#    mxhostname: "webserver"
+#    spf: "v=spf1 mx a:mailserver.warpzone.ms ip4:{{ hostvars['webserver'].ext_ip4 }} ip6:{{ hostvars['webserver'].ext_ip6 }} -all"
 #    dmarc: v=DMARC1; p=none;
 #    dkim:
 #      - { selector: "dkim", value: "v=DKIM1;k=rsa;t=s;s=email;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/OBnxYygjhKeZVyvhDAO1/O1XwyYEhQx3bW/rO/Wmp8ZzP/eQh3dljDEibj1KsfdUhfgTIU8CnTKLayb8B07MMzhBklpg8WUV2LrDmpndfhixizjaxzwBj/dhtiZE7e4BwhOPOmdBQ0cCIvNhMcQcCa1RgCpX/g5Ii0AtQ2zCPMTSOW5YWn+VY" }
 #  lists_chaostreffmuensterde:
-#    maildomain: lists.chaostreff-muenster.de 
-#    mxserver: mailserver.warpzone.ms
-#    mxhostname: webserver
-#    spf: v=spf1 mx ~all
+#    maildomain: "lists.chaostreff-muenster.de"
+#    mxserver: "mailserver.warpzone.ms"
+#    mxhostname: "webserver"
+#    spf: "v=spf1 mx a:mailserver.warpzone.ms ip4:{{ hostvars['webserver'].ext_ip4 }} ip6:{{ hostvars['webserver'].ext_ip6 }} -all"
 #    dmarc: v=DMARC1; p=none;
 
 
@@ -88,6 +69,7 @@ matrix:
   domain: matrix.warpzone.ms
   public_url: https://matrix.warpzone.ms
   identity_server: https://matrix.warpzone.ms
+  notifications_room_id: "!iYefxbySFEfFQfUGEK:matrix.warpzone.ms"
 
 # Monitoring 
 monitoring:
@@ -113,3 +95,27 @@ esphome_devices:
   - { id: "lounge",        name: "Lounge",        groups: "gLounge",        sensors: [ "Temp", "pressure", "humidity" ] }
   - { id: "status",        name: "Status/Strom",  groups: "gHauptraum",     sensors: [ "stromverbrauch", "warpzone_status" ] }
   - { id: "vortragsraum",  name: "Vortragsraum",  groups: "gVortragsraum",  sensors: [ "Temp", "pressure", "humidity" ] }
+
+# Global eQ3 Max configuration 
+eq3max:
+  cube_host: 192.168.0.15
+  devices_heizung:
+    - { name: "E-Werkstatt-Mitte", id: "MEQ1814738" }
+#    - { name: "HeizungKlo", id: "OEQ0663079" }
+
+# SLZB-06 Zigbee Adapter 
+slzb06:
+  host: 192.168.0.16
+
+# Globale OAuth Server Settings
+oauth_global:
+  authorize_url: https://uffd.warpzone.ms/oauth2/authorize
+  token_url: https://uffd.warpzone.ms/oauth2/token
+  userinfo_url: https://uffd.warpzone.ms/oauth2/userinfo
+  logout_url: https://uffd.warpzone.ms/logout
+  metrics_url: https://uffd.warpzone.ms/metrics
+
+oidc_global:
+  provider_url: https://uffd.warpzone.ms
+  logout_url: https://uffd.warpzone.ms/logout
+  ldap_base_dn: "dc=warpzone,dc=ms"

group_vars/test

+
+# SMTP Settings 
+smtp_domain: test-warpzone.de
+smtp_host: mailserver.test-warpzone.de
+smtp_port: 587 
+noreply_email_user: noreply@test-warpzone.de
+
+# Globale Domains
+global_domains:
+  warpzonems:
+    domain: test-warpzone.de
+
+# Globale Mail konfiguration 
+mail_domains:
+  warpzonems:
+    maildomain: "test-warpzone.de" 
+    mxserver: "mailserver.test-warpzone.de"
+    mxhostname: "test-warpzone-de"
+    spf: "v=spf1 mx a:mailserver.test-warpzone.de ip4:{{ hostvars['test-warpzone-de'].ext_ip4 }} ip6:{{ hostvars['test-warpzone-de'].ext_ip6 }} -all"
+    dmarc: "v=DMARC1; p=none;"
+    dkim:
+      - { selector: "dkim", value: "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqlvNCdae1bHGiuBrbXLwbtlEeQySngzG5wa7rG9O7eFFBnEKsrk9yOexRt1N5rOotRwL+Zy/9So8nylUFggP8nXlCgfUmEDPfNaWfzAeHUaPCTpUpbEZhOWr0vGxAyWeJ2p2eOAFK2PUU+KVqF7L3Zhb3yQxyYPKhKD4uxwgqH/Y2UPNP0SaJ7fOtZpW\" \"1cGiIVp2aVGiE5w1AbI3kDfLpGuh8g0AzBknVX4z8wb+f5wdZiX/3/iebv8LVxOpu6DRMt48D9PN9hRQywDVLPNko03rSu5MHoz3ilJC7lkFg7DRUssFT4JHeyrxoOu7FhZUc8BKjeQ3W2mrsGd6Y48ffQIDAQAB" }
+  # lists_warpzonems:
+  #   maildomain: "lists.test-warpzone.de" 
+  #   mxserver: "mailserver.test-warpzone.de"
+  #   mxhostname: "test-warpzone-de"
+  #   spf: "v=spf1 mx a:mailserver.test-warpzone.de ip4:{{ hostvars['test-warpzone-de'].ext_ip4 }} ip6:{{ hostvars['test-warpzone-de'].ext_ip6 }} -all"
+  #   dkim:
+  #     - { selector: "dkim", value: "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoO7SXkUkM17Y1Vi/cvO48IJmlReGWSaYHY+wEldLHt80TiXP0AGZ8nG+DshXi1J2D5xjn8cJu4VqgDrLFnsRJyGYKmi7yVukANVg6gjYlET4y5+UU7Vk2W3xhN2U/8F0rcyynALzQa8i4Y/wEI0qkgHyE6+lITmglJvlj6tgp4YYK2TBH3Zo//PukOmU\" \"6gG/qu0+6p+CepvqzfGT2l1duov5a2+DJJzlJTULJ5D5Blsmg/0GeC81gZ4QDC3S8aaM5Pw3I3lQCSJT4Q4Ge6Ues4ccagNrdnZhtHNaVFGdL1mR1k+G784gpMZphPj5MylNEpA3V4bD7/Ygf4GuAvHdMwIDAQAB" }
+
+# Monitoring 
+monitoring:
+  external_dns_servers:
+    - { ip: "1.1.1.1", name: "Cloudflare" }
+    - { ip: "8.8.8.8", name: "Google" }
+    - { ip: "9.9.9.9", name: "Quad9" }
+
+
+
+# Globale OAuth Server Settings
+oauth_global:
+  authorize_url: https://uffd.test-warpzone.de/oauth2/authorize
+  token_url: https://uffd.test-warpzone.de/oauth2/token
+  userinfo_url: https://uffd.test-warpzone.de/oauth2/userinfo
+  logout_url: https://uffd.test-warpzone.de/logout
+  metrics_url: https://uffd.test-warpzone.de/metrics
+
+oidc_global:
+  provider_url: https://uffd.test-warpzone.de
+  logout_url: https://uffd.test-warpzone.de/logout
+  ldap_base_dn: "dc=test-warpzone,dc=de"
+
+# Matrix Settings 
+matrix:
+  domain: matrix.test-warpzone.de
+  public_url: https://matrix.test-warpzone.de
+  identity_server: https://matrix.test-warpzone.de
+  notifications_room_id: "!QxrpmOPYwofaPFqKMY:matrix.test-warpzone.de"

host_vars/carrot

+
+# Host spezifische Variablen
+
+motd_lines:
+  - "Carrot - Interner VPN Endpunkt @ warpzone"
+  - "Haupt-IP @ eth0: {{ansible_eth0.ipv4.address}}"
+
+debian_sources:
+  - "deb http://ftp2.de.debian.org/debian/ bookworm main contrib non-free non-free-firmware"
+  - "deb http://ftp.debian.org/debian bookworm-updates main contrib non-free non-free-firmware"
+  - "deb http://security.debian.org/ bookworm-security main contrib non-free non-free-firmware"
+
+debian_keys_id:
+
+debian_keys_url:
+
+
+# Primäre IP Adressen des Hosts
+#ext_ip4: <keine>
+#ext_ip6: <keine>
+int_ip4: 192.168.0.202
+
+
+# Art des Hosts: physical, vm, lxc
+host_type: "lxc"
+
+
+administratorenteam:
+  - "void"
+  - "sandhome"
+  - "3d"
+  - "jabertwo"
+
+
+# Monitoring aktivieren
+alert:
+  load:
+    warn: 15
+    crit: 30
+  disks:
+    - { mountpoint: "/", warn: "5 GB", crit: "1 GB" }
+

host_vars/dhcpdns

+
+# Host spezifische Variablen
+
+motd_lines:
+  - "dhcpdns - Interner DHCP und DNS @ warpzone"
+  - "Haupt-IP @ eth0: {{ansible_eth0.ipv4.address}}"
+  - "IPv6-IP @ eth0: {{ ext_ip6 }}"
+
+debian_sources:
+  - "deb http://ftp2.de.debian.org/debian/ bookworm main contrib non-free non-free-firmware"
+  - "deb http://ftp.debian.org/debian bookworm-updates main contrib non-free non-free-firmware"
+  - "deb http://security.debian.org/ bookworm-security main contrib non-free non-free-firmware"
+  - "deb https://dl.cloudsmith.io/public/isc/kea-2-6/deb/debian bookworm main"
+  - "deb https://packages.sury.org/bind/ bookworm main"
+
+debian_keys_id:
+
+debian_keys_url:
+  - "https://dl.cloudsmith.io/public/isc/kea-2-6/gpg.63D408891D8B8D01.key"
+  - "https://packages.sury.org/bind/apt.gpg"
+
+# Primäre IP Adressen des Hosts
+#ext_ip4: <keine>
+ext_ip6: 2a02:1799:7:1337::2
+int_ip4: 10.0.0.2
+
+
+# Art des Hosts: physical, vm, lxc
+host_type: "lxc"
+
+# SSL deaktivieren
+webserver_ssl: false
+
+# Liste der gehosteten Domänen
+webserver_domains:
+  - "dhcpdns.warpzone.lan"
+
+administratorenteam:
+  - "void"
+  - "sandhome"
+  - "3d"
+  - "jabertwo"
+
+# Monitoring aktivieren
+alert:
+  load:
+    warn: 15
+    crit: 30
+  disks:
+    - { mountpoint: "/", warn: "1 GB", crit: "512 MB" }
\ No newline at end of file

host_vars/hex

+
+# Host spezifische Variablen 
+
+motd_lines: 
+  - "Hex - Physischer Server für Veranstaltungen / Camps"
+  - "IPs: {{ansible_vmbr0.ipv4.address}}"
+
+debian_sources: 
+  - "deb http://deb.debian.org/debian/ bookworm main non-free non-free-firmware contrib"
+  - "deb http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware"
+  - "deb http://deb.debian.org/debian/ bookworm-updates main contrib non-free non-free-firmware"
+  - "deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription"
+
+debian_keys_id:
+
+debian_keys_url:
+  - "https://enterprise.proxmox.com/debian/proxmox-release-bookworm.gpg"
+
+
+# Art des Hosts: physical, vm, docker 
+host_type: "physical"
+
+# Primäre IP Adressen des Hosts 
+int_ip4: 10.111.10.100
+
+administratorenteam:
+  - "void"
+  - "3d"
+  - "jabertwo"
+

host_vars/hix

+
+# Host spezifische Variablen
+
+motd_lines:
+  - "Hix - Virtueller Server für Infrastruktur-Dienste auf Veranstaltungen / Camps"
+  - "Haupt-IP @ eth0: {{ansible_eth0.ipv4.address}}"
+
+debian_sources:
+  - "deb http://ftp2.de.debian.org/debian/ bookworm main contrib non-free non-free-firmware"
+  - "deb http://ftp.debian.org/debian bookworm-updates main contrib non-free non-free-firmware"
+  - "deb http://security.debian.org/ bookworm-security main contrib non-free non-free-firmware"
+  - "deb https://download.docker.com/linux/debian bookworm stable"
+
+debian_keys_id:
+
+debian_keys_url:
+  - "https://download.docker.com/linux/debian/gpg"
+
+
+# Primäre IP Adressen des Hosts
+#ext_ip4: <keine>
+#ext_ip6: <keine>
+int_ip4: 10.111.10.101
+
+
+# Art des Hosts: physical, vm, lxc
+host_type: "lxc"
+
+# SSL deaktivieren
+webserver_ssl: false
+
+# Liste der gehosteten Domänen
+webserver_domains:
+  - "unifi.warpzone.remote"
+
+administratorenteam:
+  - "void"
+  - "3d"
+  - "jabertwo"
+
+# Docker konfigurationen 
+docker:
+  # Interne Docker-Netzwerke 
+  internal_networks:
+    - web

host_vars/ogg

@@ -6,10 +6,10 @@ motd_lines:
   - "Haupt-IP @ eth0: {{ansible_eth0.ipv4.address}}"
 
 debian_sources:
-  - "deb http://ftp2.de.debian.org/debian/ bullseye main contrib non-free"
-  - "deb http://ftp.debian.org/debian bullseye-updates main contrib non-free"
-  - "deb http://security.debian.org/ bullseye-security main contrib non-free"
-  - "deb https://download.docker.com/linux/debian bullseye stable"
+  - "deb http://ftp2.de.debian.org/debian/ bookworm main contrib non-free non-free-firmware"
+  - "deb http://ftp.debian.org/debian bookworm-updates main contrib non-free non-free-firmware"
+  - "deb http://security.debian.org/ bookworm-security main contrib non-free non-free-firmware"
+  - "deb https://download.docker.com/linux/debian bookworm stable"
 
 debian_keys_id:
 
@@ -31,8 +31,16 @@ webserver_ssl: false
 
 # Liste der gehosteten Domänen
 webserver_domains:
-  - "esphome.warpzone"
-  - "unifi.warpzone"
+  - "esphome.warpzone.lan"
+  - "fridgeserver.warpzone.lan"
+  - "grafana.warpzone.lan"
+  - "ha.warpzone.lan"
+  - "mqtt.warpzone.lan"
+  - "omada.warpzone.lan"
+  - "services.warpzone.lan"
+  - "tasmoadmin.warpzone.lan"
+  - "warpsrvint.warpzone.lan"
+  - "zigbee2mqtt.warpzone.lan"
 
 administratorenteam:
   - "void"
@@ -49,15 +57,27 @@ docker:
 # Monitoring aktivieren
 alert:
   load:
-    warn: 2
-    crit: 4
+    warn: 15
+    crit: 30
   containers:
-    - { name: "dockerstats_app_1" }    
-    - { name: "mqtt_app_1" } 
-    - { name: "mqtt_influxdb_1" } 
-    - { name: "mqtt_telegraf_1" } 
-    - { name: "nodered_app_1" }
-    - { name: "unifi_app_1" }
+    - { name: "dockerstats-app-1" }    
+    - { name: "esphome-app-1" }    
+    - { name: "fridgeserver-app-1" }    
+    - { name: "grafana-app-1" }    
+    - { name: "heimdall-app-1" }    
+    - { name: "homeassistant-app-1" }    
+    - { name: "homeassistant-influxdb-1" }    
+    - { name: "mqtt-app-1" } 
+    - { name: "mqtt-explorer-1" } 
+    - { name: "mqtt-influxdb-1" } 
+    - { name: "mqtt-tgbinary-1" } 
+    - { name: "mqtt-tgfloat-1" } 
+    - { name: "nodered-app-1" }
+    - { name: "omada-app-1" }
+    - { name: "tasmoadmin-app-1" }
+    - { name: "traefik-app-1" }
+    - { name: "watchtower-app-1" }
+    - { name: "zigbee2mqtt-app-1" }
   disks:
     - { mountpoint: "/", warn: "5 GB", crit: "1 GB" }
     - { mountpoint: "/srv", warn: "5 GB", crit: "1 GB" }
@@ -70,21 +90,21 @@ borgbackup_repos:
   borgbase:
 
     # URL des Repos
-    repo: "juxt0t1v@juxt0t1v.repo.borgbase.com:repo"
+    repo: "apu4cibr@apu4cibr.repo.borgbase.com:repo"
 
     # Repo-spezifische Optionen zum Aufruf von Borgbackup
     # z.B. bei Sicherungen zu rsync.net ist --remote-path=borg1 erforderlich
     options: ""
 
     # Compression Options, z,b. "zlib,5, "zstd,5"
-    compression: "zlib,5"
+    compression: "zstd,5"
 
     # Prune Optionen
     prune: "--keep-within=2d --keep-daily=7 --keep-weekly=4 --keep-monthly=6"
 
     # Backup Schedule
     weekday: "*"
-    hour: "*/4"
+    hour: "6"
     minute: "40"
 
     #  Zusätzliche Verzeichnisse, die nur in diesem Backup gesichtert werden sollen
@@ -92,8 +112,8 @@ borgbackup_repos:
 
     # Monitoring
     alert: true
-    warning_age: 10
-    critical_age: 20
+    warning_age: 36
+    critical_age: 60
     warning_count: 10
     critical_count: 5
 

host_vars/test-warpzone-de

+
+# Host spezifische Variablen 
+
+motd_lines: 
+  - "Testserver"
+  - "Öffentliche IPs: {{ansible_eth0.ipv4.address}} / {{ansible_eth0.ipv6[0].address}}"
+
+debian_sources: 
+  - "deb http://ftp2.de.debian.org/debian/ bookworm main contrib non-free non-free-firmware"
+  - "deb http://ftp.debian.org/debian bookworm-updates main contrib non-free non-free-firmware"
+  - "deb http://security.debian.org/ bookworm-security main contrib non-free non-free-firmware"
+  - "deb https://download.docker.com/linux/debian bookworm stable"
+
+debian_keys_id:
+
+debian_keys_url:
+  - "https://download.docker.com/linux/debian/gpg"
+
+
+# Primäre IP Adressen des Hosts 
+ext_ip4: 159.69.57.56
+ext_ip6: 2a01:4f8:231:8a1:159:69:57:56
+int_ip4: 127.0.0.1
+
+# Art des Hosts: physical, vm, docker 
+host_type: "lxc"
+
+# SSL aktivieren 
+webserver_ssl: true
+
+# Liste der gehosteten Domänen
+webserver_domains: 
+  - "test-warpzone.de"
+#  - "api.test-warpzone.de"
+#  - "auth.test-warpzone.de"
+  - "gitlab.test-warpzone.de"
+#  - "matrix.test-warpzone.de"
+#  - "mailserver.test-warpzone.de"
+#  - "ldap.test-warpzone.de"
+#  - "keycloak.test-warpzone.de"
+#  - "md.test-warpzone.de"
+#  - "turn.test-warpzone.de"
+  - "wiki.test-warpzone.de"
+  - "www.test-warpzone.de"
+#  - "workadventure.test-warpzone.de"
+#  - "play.workadventure.test-warpzone.de"
+#  - "pusher.workadventure.test-warpzone.de"
+#  - "api.workadventure.test-warpzone.de"
+#  - "icon.workadventure.test-warpzone.de"
+
+
+# #OpenVPN Konfigurationen 
+# openvpn_server:
+#   - "server-zone"
+#   - "server-verwaltung"
+
+administratorenteam:
+  - "void"
+  - "sandhome"
+  - "jabertwo"
+  - "supervirus"
+
+# Docker konfigurationen 
+docker:
+  # Interne Docker-Netzwerke 
+  internal_networks:
+    - web
+    
+# Monitoring aktivieren 
+alert:  
+  load: 
+    warn: 5
+    crit: 10
+  containers:
+    #- { name: "coturn_coturn_1" }
+    - { name: "dockerstats-app-1" }
+    #- { name: "dokuwiki_app_1" }
+    - { name: "gitlab-app-1" }
+    - { name: "gitlab-dind-1" }
+    - { name: "gitlab-runner-1" }
+    #- { name: "hackmd_app_1" }
+    #- { name: "hackmd_db_1" }
+    #- { name: "icinga_app_1" }
+    #- { name: "icinga_db_1" }
+    #- { name: "icinga_graphite_1" }
+    #- { name: "keycloak_app_1" }
+    #- { name: "keycloak_db_1" }
+    #- { name: "keycloak_sync-group-active_1" }
+    #- { name: "ldap_openldap_1" }
+    #- { name: "ldap_phpldapadmin_1" }
+    #- { name: "mail_admin_1" }
+    #- { name: "mail_antispam_1" }
+    #- { name: "mail_certdumper_1" }
+    #- { name: "mail_db_1" }
+    #- { name: "mail_front_1" }
+    #- { name: "mail_imap_1" }
+    #- { name: "mail_oletools_1" }
+    #- { name: "mail_redis_1" }
+    #- { name: "mail_resolver_1" }
+    #- { name: "mail_smtp_1" }
+    #- { name: "mail_webmail_1" }
+    #- { name: "mail_mailman-core_1" }
+    #- { name: "mail_mailman-web_1" }
+    #- { name: "mail_mailman-nginx_1" }
+    #- { name: "matrix_ma1sd_1" }
+    #- { name: "matrix_db_1" }
+    #- { name: "matrix_purgemediacache_1" }
+    #- { name: "matrix_synapse_1" }
+    #- { name: "matterbridge_cw_1" }
+    #- { name: "matterbridge_wz_1" }
+    #- { name: "matterbridge_web_1" }
+    #- { name: "matterbridge_restarter_1" }
+    - { name: "traefik-app-1" }
+    #- { name: "vpnserver_app_1" }
+    #- { name: "warpapi_app_1" }
+    #- { name: "watchtower_app_1" }
+    - { name: "wordpress-app-1" }
+    - { name: "wordpress-db-1" }
+    #- { name: "workadventure_back_1" }
+    #- { name: "workadventure_front_1" }
+    #- { name: "workadventure_icon_1" }
+    #- { name: "workadventure_pusher_1" }
+    #- { name: "workadventure_redis_1" }
+  disks: 
+    - { mountpoint: "/", warn: "5 GB", crit: "1 GB" }
+    - { mountpoint: "/srv", warn: "5 GB", crit: "1 GB" }
+  
+
+# # Definition von Borgbackup Repositories 
+# borgbackup_repos:
+
+#   # warpsrvint: 
+
+#   #   # URL des Repos   
+#   #   repo: "ssh://warpzone@192.168.0.201:22/data/warpzone/webserver"
+    
+#   #   # Repo-spezifische Optionen zum Aufruf von Borgbackup
+#   #   # z.B. bei Sicherungen zu rsync.net ist --remote-path=borg1 erforderlich
+#   #   options: ""
+
+#   #   # Compression Options, z,b. "zlib,5, "zstd,5"
+#   #   compression: "zlib,5"
+
+#   #   # Prune Optionen 
+#   #   prune: "--keep-within=2d --keep-daily=7 --keep-weekly=4 --keep-monthly=6"
+    
+#   #   # Backup Schedule 
+#   #   weekday: "*"
+#   #   hour: "6"
+#   #   minute: "0"
+
+#   #   #  Zusätzliche Verzeichnisse, die nur in diesem Backup gesichtert werden sollen 
+#   #   # directories:
+
+#   #   # Monitoring
+#   #   alert: true
+#   #   warning_age: 26 
+#   #   critical_age: 50
+#   #   warning_count: 10
+#   #   critical_count: 5
+
+#   borgbase: 
+
+#     # URL des Repos   
+#     repo: "ani9ve0q@ani9ve0q.repo.borgbase.com:repo"
+    
+#     # Repo-spezifische Optionen zum Aufruf von Borgbackup
+#     # z.B. bei Sicherungen zu rsync.net ist --remote-path=borg1 erforderlich
+#     options: ""
+
+#     # Compression Options, z,b. "zlib,5, "zstd,5"
+#     compression: "zlib,5"
+
+#     # Prune Optionen 
+#     prune: "--keep-within=2d --keep-daily=7 --keep-weekly=4 --keep-monthly=6"
+    
+#     # Backup Schedule 
+#     weekday: "*"
+#     hour: "4"
+#     minute: "10"
+
+#     #  Zusätzliche Verzeichnisse, die nur in diesem Backup gesichtert werden sollen 
+#     # directories:
+
+#     # Monitoring
+#     alert: true
+#     warning_age: 26 
+#     critical_age: 50
+#     warning_count: 10
+#     critical_count: 5
+
+
+# # Definition der Verzeichnisse, die in allen Borgbackup Repos gesichert werden sollen 
+# borgbackup_directories:
+#   - "/etc/"
+#   - "/srv/"
+

host_vars/tiffany

@@ -6,15 +6,15 @@ motd_lines:
   - "Öffentliche IPs: {{ansible_enp35s0.ipv4.address}} / {{ansible_enp35s0.ipv6[0].address}}"
 
 debian_sources: 
-  - "deb http://deb.debian.org/debian/ buster main non-free contrib"
-  - "deb http://security.debian.org/debian-security buster/updates main contrib non-free"
-  - "deb http://deb.debian.org/debian/ buster-updates main contrib non-free"
-  - "deb http://download.proxmox.com/debian/pve buster pve-no-subscription"
+  - "deb http://ftp2.de.debian.org/debian/ bookworm main contrib non-free non-free-firmware"
+  - "deb http://ftp.debian.org/debian bookworm-updates main contrib non-free non-free-firmware"
+  - "deb http://security.debian.org/ bookworm-security main contrib non-free non-free-firmware"
+  - "deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription"
 
 debian_keys_id:
 
 debian_keys_url:
-  - "http://download.proxmox.com/debian/proxmox-ve-release-6.x.gpg"
+  - "http://download.proxmox.com/debian/proxmox-release-bookworm.gpg"
 
 
 # Art des Hosts: physical, vm, docker 
@@ -26,5 +26,6 @@ int_ip4: 159.69.57.15
 administratorenteam:
   - "void"
   - "sandhome"
+  - "jabertwo"
 
 

host_vars/verwaltung

@@ -6,9 +6,10 @@ motd_lines:
   - "Öffentliche IPs: {{ansible_ens18.ipv4.address}} / {{ansible_ens18.ipv6[0].address}}"
 
 debian_sources: 
-  - "deb http://ftp2.de.debian.org/debian/ buster main contrib non-free"
-  - "deb http://security.debian.org/ buster/updates main contrib non-free"
-  - "deb https://download.docker.com/linux/debian buster stable"
+  - "deb http://ftp2.de.debian.org/debian/ bookworm main contrib non-free non-free-firmware"
+  - "deb http://ftp.debian.org/debian bookworm-updates main contrib non-free non-free-firmware"
+  - "deb http://security.debian.org/ bookworm-security main contrib non-free non-free-firmware"
+  - "deb https://download.docker.com/linux/debian bookworm stable"
 
 debian_keys_id:
   
@@ -33,6 +34,7 @@ webserver_domains:
   - "verwaltung.warpzone.ms"
   - "verwaltung-git.warpzone.ms"
   - "verwaltung-jameica.warpzone.ms"
+  - "vault.warpzone.ms"
 
 
 #OpenVPN Konfigurationen 
@@ -45,14 +47,13 @@ openvpn_clients:
 
 administratorenteam:
   - "void"
-  - "sandhome"
+  - "jabertwo"
 
 vorstandteam:
-  - "sandhome"
   - "void"
-  - "larsm"
-  - "h3rb3rn"
-  - "mowoe"
+  - "hn13"
+  - "jabertwo"
+  - "3d"
 
 # Docker konfigurationen 
 docker:
@@ -63,21 +64,23 @@ docker:
 # Monitoring aktivieren 
 alert:  
   load: 
-    warn: 8
-    crit: 16
+    warn: 5
+    crit: 10
   containers:
-    - { name: "dockerstats_app_1" }
-    - { name: "gitea_app_1" }
-    - { name: "gitea_db_1" }
-    - { name: "jameica-vnc_ldap_auth_1" }
-    - { name: "jameica-vnc_nginx_1" }
-    - { name: "jameica-vnc_vnc_1" }
-    - { name: "mysql_app_1" }
-    - { name: "nextcloud_app_1" }
-    - { name: "nextcloud_mysql_1" }
-    - { name: "nextcloud_redis_1" }
-    - { name: "nextcloud_webcron_1" }
-    - { name: "traefik_app_1" }
+    - { name: "dockerstats-app-1" }
+    - { name: "gitea-app-1" }
+    - { name: "gitea-db-1" }
+    - { name: "jameica-vnc-auth-1" }
+    - { name: "jameica-vnc-app-1" }
+    - { name: "mysql-app-1" }
+    - { name: "nextcloud-app-1" }
+    - { name: "nextcloud-mysql-1" }
+    - { name: "nextcloud-redis-1" }
+    - { name: "nextcloud-webcron-1" }
+    - { name: "traefik-app-1" }
+    - { name: "vaultwarden-app-1" }
+    - { name: "vaultwarden-backup-1" }
+    - { name: "watchtower-app-1" }
   disks: 
     - { mountpoint: "/", warn: "5 GB", crit: "1 GB" }
     - { mountpoint: "/srv", warn: "5 GB", crit: "1 GB" }
@@ -86,35 +89,35 @@ alert:
 # Definition von Borgbackup Repositories 
 borgbackup_repos:
 
-  warpsrvint: 
+  # warpsrvint: 
 
-    # URL des Repos   
-    repo: "ssh://warpzone@192.168.0.201:22/data/warpzone/verwaltung"
+  #   # URL des Repos   
+  #   repo: "ssh://warpzone@192.168.0.201:22/data/warpzone/verwaltung"
     
-    # Repo-spezifische Optionen zum Aufruf von Borgbackup
-    # z.B. bei Sicherungen zu rsync.net ist --remote-path=borg1 erforderlich
-    options: ""
+  #   # Repo-spezifische Optionen zum Aufruf von Borgbackup
+  #   # z.B. bei Sicherungen zu rsync.net ist --remote-path=borg1 erforderlich
+  #   options: ""
 
-    # Compression Options, z,b. "zlib,5, "zstd,5"
-    compression: "zlib,5"
+  #   # Compression Options, z,b. "zlib,5, "zstd,5"
+  #   compression: "zlib,5"
 
-    # Prune Optionen 
-    prune: "--keep-within=2d --keep-daily=7 --keep-weekly=4 --keep-monthly=6"
+  #   # Prune Optionen 
+  #   prune: "--keep-within=2d --keep-daily=7 --keep-weekly=4 --keep-monthly=6"
     
-    # Backup Schedule 
-    weekday: "*"
-    hour: "10"
-    minute: "30"
-
-    #  Zusätzliche Verzeichnisse, die nur in diesem Backup gesichtert werden sollen 
-    # directories:
-
-    # Monitoring
-    alert: true
-    warning_age: 26 
-    critical_age: 50
-    warning_count: 10
-    critical_count: 5
+  #   # Backup Schedule 
+  #   weekday: "*"
+  #   hour: "10"
+  #   minute: "30"
+
+  #   #  Zusätzliche Verzeichnisse, die nur in diesem Backup gesichtert werden sollen 
+  #   # directories:
+
+  #   # Monitoring
+  #   alert: true
+  #   warning_age: 26 
+  #   critical_age: 50
+  #   warning_count: 10
+  #   critical_count: 5
 
   borgbase: 
 

host_vars/weatherwax

@@ -3,18 +3,18 @@
 
 motd_lines: 
   - "Weathermax - Interner Proxmox Server @ warpzone"
-  - "IPs: {{ansible_bond0.ipv4.address}}"
+  - "IPs: {{ansible_vmbr0.ipv4.address}}"
 
 debian_sources: 
-  - "deb http://deb.debian.org/debian/ bullseye main non-free contrib"
-  - "deb http://security.debian.org/debian-security bullseye-security main contrib non-free"
-  - "deb http://deb.debian.org/debian/ bullseye-updates main contrib non-free"
-  - "deb http://download.proxmox.com/debian/pve bullseye pve-no-subscription"
+  - "deb http://deb.debian.org/debian/ bookworm main non-free non-free-firmware contrib"
+  - "deb http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware"
+  - "deb http://deb.debian.org/debian/ bookworm-updates main contrib non-free non-free-firmware"
+  - "deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription"
 
 debian_keys_id:
 
 debian_keys_url:
-  - "https://enterprise.proxmox.com/debian/proxmox-release-bullseye.gpg"
+  - "https://enterprise.proxmox.com/debian/proxmox-release-bookworm.gpg"
 
 
 # Art des Hosts: physical, vm, docker 
@@ -26,5 +26,30 @@ int_ip4: 192.168.0.200
 administratorenteam:
   - "void"
   - "sandhome"
-
+  - "3d"
+  - "jabertwo"
+
+drives:
+  sda1:
+    uuid: 6278aa48-6fc9-4889-be5f-d168627141b8
+    path: /
+    fstype: ext4
+  sda2:
+    uuid: aae468a2-1090-48f6-97fc-7366a84462f0
+    path: none
+    fstype: swap
+  sdb1:
+    uuid: 9b1c727b-a836-4e2b-a6e8-ca8b5a8949a2
+    path: /mnt/data
+    fstype: btrfs
+
+# Monitoring aktivieren
+alert:
+  load:
+    warn: 20
+    crit: 40
+  disks:
+    - { mountpoint: "/",         warn: "10 GB", crit: "3 GB" }
+    # btrfs currently no data from node exporter 
+    # - { mountpoint: "/mnt/data", warn: "10 GB", crit: "3 GB" }
 

host_vars/webserver

@@ -6,9 +6,10 @@ motd_lines:
   - "Öffentliche IPs: {{ansible_ens18.ipv4.address}} / {{ansible_ens18.ipv6[0].address}}"
 
 debian_sources: 
-  - "deb http://ftp2.de.debian.org/debian/ buster main contrib non-free"
-  - "deb http://security.debian.org/ buster/updates main contrib non-free"
-  - "deb https://download.docker.com/linux/debian buster stable"
+  - "deb http://ftp2.de.debian.org/debian/ bookworm main contrib non-free non-free-firmware"
+  - "deb http://ftp.debian.org/debian bookworm-updates main contrib non-free non-free-firmware"
+  - "deb http://security.debian.org/ bookworm-security main contrib non-free non-free-firmware"
+  - "deb https://download.docker.com/linux/debian bookworm stable"
 
 debian_keys_id:
 
@@ -32,19 +33,16 @@ webserver_domains:
   - "warpzone.ms"
   - "api.warpzone.ms"
 #  - "auth.warpzone.ms"
-  - "autodiscover.warpzone.ms"
-  - "autoconfig.warpzone.ms"
   - "gitlab.warpzone.ms"
   - "matrix.warpzone.ms"
   - "mailserver.warpzone.ms"
-  - "ldap.warpzone.ms"
-  - "keycloak.warpzone.ms"
   - "md.warpzone.ms"
+  - "privatebin.warpzone.ms"
 #  - "turn.warpzone.ms"
   - "wiki.warpzone.ms"
   - "www.warpzone.ms"
 #  - "workadventure.warpzone.ms"
-  - "play.workadventure.warpzone.ms"
+#  - "play.workadventure.warpzone.ms"
 #  - "pusher.workadventure.warpzone.ms"
 #  - "api.workadventure.warpzone.ms"
 #  - "icon.workadventure.warpzone.ms"
@@ -58,113 +56,105 @@ openvpn_server:
 administratorenteam:
   - "void"
   - "sandhome"
+  - "jabertwo"
 
 # Docker konfigurationen 
 docker:
   # Interne Docker-Netzwerke 
   internal_networks:
-    - mail
     - web
     
 # Monitoring aktivieren 
 alert:  
   load: 
-    warn: 8
-    crit: 16
+    warn: 5
+    crit: 10
   containers:
-    - { name: "autodiscover_warpzonems_1" }
-    - { name: "autodiscover_lists_warpzonems_1" }
-    - { name: "autodiscover_member_warpzonems_1" }
-    - { name: "dockerstats_app_1" }
-    - { name: "dokuwiki_app_1" }
-    - { name: "coturn_coturn_1" }
-    - { name: "gitlab_app_1" }
-    - { name: "gitlab_dind_1" }
-    - { name: "gitlab_runner_1" }
-    - { name: "hackmd_app_1" }
-    - { name: "hackmd_db_1" }
-    - { name: "icinga_app_1" }
-    - { name: "icinga_db_1" }
-    - { name: "icinga_graphite_1" }
-    - { name: "keycloak_app_1" }
-    - { name: "keycloak_db_1" }
-    - { name: "keycloak_sync-group-active_1" }
-    - { name: "ldap_openldap_1" }
-    - { name: "ldap_phpldapadmin_1" }
-    - { name: "mail_dovecot-mailcow_1" }
-    - { name: "mail_dockerapi-mailcow_1" }
-    - { name: "mail_ipv6nat-mailcow_1" }
-    - { name: "mail_mailman-core" }
-    - { name: "mail_mailman-db" }
-    - { name: "mail_mailman-nginx" }
-    - { name: "mail_mailman-web" }
-    - { name: "mail_memcached-mailcow_1" }
-    - { name: "mail_mysql-mailcow_1" }
-    - { name: "mail_netfilter-mailcow_1" }
-    - { name: "mail_nginx-mailcow_1" }
-    - { name: "mail_olefy-mailcow_1" }
-    - { name: "mail_ofelia-mailcow_1" }
-    - { name: "mail_postfix-mailcow_1" }
-    - { name: "mail_postfix-exporter_1" }
-    - { name: "mail_php-fpm-mailcow_1" }
-    - { name: "mail_redis-mailcow_1" }
-    - { name: "mail_rspamd-mailcow_1" }
-    - { name: "mail_traefik-certdumper_1" }    
-    - { name: "mail_unbound-mailcow_1" }
-    - { name: "mail_watchdog-mailcow_1" }
-    - { name: "matterbridge_cw_1" }
-    - { name: "matterbridge_wz_1" }
-    - { name: "matterbridge_web_1" }
-    - { name: "matterbridge_restarter_1" }
-    - { name: "matrix_ma1sd_1" }
-    - { name: "matrix_db_1" }
-    - { name: "matrix_synapse_1" }
-    - { name: "traefik_app_1" }
-    - { name: "warpapi_app_1" }
-    - { name: "wordpress_app_1" }
-    - { name: "wordpress_db_1" }
-    - { name: "workadventure_back_1" }
-    - { name: "workadventure_front_1" }
-    - { name: "workadventure_icon_1" }
-    - { name: "workadventure_pusher_1" }
-    - { name: "workadventure_redis_1" }
+    - { name: "coturn-coturn-1" }
+    - { name: "dockerstats-app-1" }
+    - { name: "dokuwiki-app-1" }
+    - { name: "gitlab-app-1" }
+    - { name: "gitlab-dind-1" }
+    - { name: "gitlab-runner-1" }
+    - { name: "hackmd-app-1" }
+    - { name: "hackmd-db-1" }
+    - { name: "icinga-app-1" }
+    - { name: "icinga-auth-1" }
+    - { name: "icinga-db-1" }
+    - { name: "icinga-graphite-1" }
+    - { name: "mail-admin-1" }
+    - { name: "mail-antispam-1" }
+    - { name: "mail-certdumper-1" }
+    - { name: "mail-db-1" }
+    - { name: "mail-front-1" }
+    - { name: "mail-imap-1" }
+    - { name: "mail-oletools-1" }
+    - { name: "mail-redis-1" }
+    - { name: "mail-resolver-1" }
+    - { name: "mail-smtp-1" }
+    - { name: "mail-webmail-1" }
+    - { name: "mail-mailman-core-1" }
+    - { name: "mail-mailman-web-1" }
+    - { name: "mail-mailman-nginx-1" }
+    - { name: "matrix-db-1" }
+    - { name: "matrix-ldap-1" }
+    - { name: "matrix-purgemediacache-1" }
+    - { name: "matrix-synapse-1" }
+    - { name: "matterbridge-cw-1" }
+    - { name: "matterbridge-wz-1" }
+    - { name: "matterbridge-web-1" }
+    - { name: "matterbridge-restarter-1" }
+    - { name: "privatebin-app-1" }
+    - { name: "traefik-app-1" }
+    - { name: "uffd-app-1" }
+    - { name: "uffd-db-1" }
+    - { name: "vpnserver-app-1" }
+    - { name: "warpapi-app-1" }
+    - { name: "watchtower-app-1" }
+    - { name: "wordpress-app-1" }
+    - { name: "wordpress-db-1" }
+  #  - { name: "workadventure_back_1" }
+  #  - { name: "workadventure_front_1" }
+  #  - { name: "workadventure_icon_1" }
+  #  - { name: "workadventure_pusher_1" }
+  #  - { name: "workadventure_redis_1" }
   disks: 
     - { mountpoint: "/", warn: "5 GB", crit: "1 GB" }
-    - { mountpoint: "/srv", warn: "1 GB", crit: "500 MB" }
+    - { mountpoint: "/srv", warn: "5 GB", crit: "1 GB" }
   
 
 # Definition von Borgbackup Repositories 
 borgbackup_repos:
 
-  warpsrvint: 
+  # warpsrvint: 
 
-    # URL des Repos   
-    repo: "ssh://warpzone@192.168.0.201:22/data/warpzone/webserver"
+  #   # URL des Repos   
+  #   repo: "ssh://warpzone@192.168.0.201:22/data/warpzone/webserver"
     
-    # Repo-spezifische Optionen zum Aufruf von Borgbackup
-    # z.B. bei Sicherungen zu rsync.net ist --remote-path=borg1 erforderlich
-    options: ""
+  #   # Repo-spezifische Optionen zum Aufruf von Borgbackup
+  #   # z.B. bei Sicherungen zu rsync.net ist --remote-path=borg1 erforderlich
+  #   options: ""
 
-    # Compression Options, z,b. "zlib,5, "zstd,5"
-    compression: "zlib,5"
+  #   # Compression Options, z,b. "zlib,5, "zstd,5"
+  #   compression: "zlib,5"
 
-    # Prune Optionen 
-    prune: "--keep-within=2d --keep-daily=7 --keep-weekly=4 --keep-monthly=6"
+  #   # Prune Optionen 
+  #   prune: "--keep-within=2d --keep-daily=7 --keep-weekly=4 --keep-monthly=6"
     
-    # Backup Schedule 
-    weekday: "*"
-    hour: "6"
-    minute: "0"
-
-    #  Zusätzliche Verzeichnisse, die nur in diesem Backup gesichtert werden sollen 
-    # directories:
-
-    # Monitoring
-    alert: true
-    warning_age: 26 
-    critical_age: 50
-    warning_count: 10
-    critical_count: 5
+  #   # Backup Schedule 
+  #   weekday: "*"
+  #   hour: "6"
+  #   minute: "0"
+
+  #   #  Zusätzliche Verzeichnisse, die nur in diesem Backup gesichtert werden sollen 
+  #   # directories:
+
+  #   # Monitoring
+  #   alert: true
+  #   warning_age: 26 
+  #   critical_age: 50
+  #   warning_count: 10
+  #   critical_count: 5
 
   borgbase: 
 

hosts

-
-# Nameskonvention für Server: Pratchett Name/Charaktere
-# Nächste freie Namen: carrot, vimes 
-
-[prod]
-
-# Interner Server Warpzone 
-# Umgebaute Watchguard im Serverschrank 
-# https://wiki.warpzone.ms/intern:warpzone_internal_it_infrastructure#host_fuer_interne_dienste_watchguard_xtm_505
-# Für Verbindungen über den Webserver als Jumphost folgende Parameter ergänzen: 
-# ansible_ssh_common_args='-o ForwardAgent=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ProxyCommand="ssh -W %h:%p -q 159.69.57.51"'
-
-# Interner Proxmox-Server (neu ab 09-2022) 
-weatherwax   ansible_ssh_host=192.168.0.200
-
-# Server für interne Dienste (neu ab 09-2022)
-# Container auf dem internen Proxmox Server 
-# Wichtige Optionen: Nesting = Yes, keyctl = enabled
-ogg          ansible_ssh_host=192.168.0.201
-
-# Externe Server Warpzone
-# Öffentlicher Root Server Warpzone bei Hetzner 
-tiffany     ansible_ssh_host=159.69.57.15
-
-# Öffentlicher Webserver Warpzone 
-# VM auf Tiffany
-webserver   ansible_ssh_host=159.69.57.51 
-
-# Vorstands-VM
-# VM auf Tiffany
-# Auch erreichbar unter verwaltung.warpzone.ms
-verwaltung ansible_ssh_host=195.201.179.60
-
-