Compare revisions

renovatebot · renovatebot · renovatebot · renovatebot · jabertwo · jabertwo
--- a/README.md
+++ b/README.md
 # Warpzone Infrastruktur Konfiguration
 Die Infrastruktur der Warpzone wird nach und nach durch das Konfigurationstool Ansible aufgebaut.
-Diese Konfiguration wird von den verschiedenen Teams gemeinschaftlich genutzt und soll als zentrale Dokumentation dienen.
+Diese Konfiguration soll als zentrale Dokumentation dienen.
 ## Aktueller Status
-Aktuell ist nur der neue Websserver in der Konfiguration erfasst.
+Alle Server sind erfasst
-Weitere Dienste (wie z.B. der bestehende Webserver und die interne Infrastruktur) sind noch nicht abgebildet.
 ## Vorraussetzungen
 Installiertes ansible
@@ -22,7 +20,7 @@ ansible-galaxy collection install community.docker
 Ausführen von Rollen per
 ```
-ansible-playbook  site.yml -l webserver -t hackmd
+ansible-playbook -i hosts.yml site.yml -l webserver -t hackmd
 ```
 mit -l wird der hosts eingeschränkt mit -t der tag bzw die Rolle, alle tags stehen in der site.yml

--- a/ansible.cfg
+++ b/ansible.cfg
 [defaults]
 # some default values for ansible
-inventory = hosts
+inventory = hosts.yml
 interpreter_python = /usr/bin/python3
--- a/intern/docker_graylog/tasks/main.yml
+++ b/intern/docker_graylog/tasks/main.yml
 ---
 - name: "create folder struct for {{ servicename }}"
-  file: 
+  file:
-    path: "{{ basedir }}" 
+    path: "{{ item }}"
    state: "directory"
- name: "create folder struct for {{ servicename }}"
-  file: 
-    path: "{{ basedir }}/{{ item }}" 
-    state: "directory"
-    owner: 508
-    group: 508
  with_items:
-    - "data"
+    - "{{ basedir }}"
-    - "logs"
- name: "create config files for {{ servicename }}"
+- name: "deploy {{ servicename }} config files"
-  template: 
+  template:
+    dest:  "{{ basedir }}/{{ item }}"
    src: "{{ item }}"
-    dest: "{{ basedir }}/{{ item }}"
+    mode: 0644
  with_items:
-    - docker-compose.yml 
+    - docker-compose.yml
+  register: config
- name: "start {{ servicename }} docker"
+# Start containers
+- name: "stop {{ servicename }} docker"
  docker_compose:
    project_src: "{{ basedir }}"
-    state: present
+    state: absent
+  when: config.changed
+- name: "start {{ servicename }} docker"
+  docker_compose:
+    project_src: "{{ basedir }}"
+    state: present
\ No newline at end of file
--- a/common/crowdsec/templates/crowdsec/dashboard/Dockerfile
+++ b/common/crowdsec/templates/crowdsec/dashboard/Dockerfile
+FROM metabase/metabase:v0.46.6.2
+RUN mkdir /data/ && wget https://crowdsec-statics-assets.s3-eu-west-1.amazonaws.com/metabase_sqlite.zip && unzip metabase_sqlite.zip -d /data/
\ No newline at end of file
--- a/common/crowdsec/templates/docker-compose.yml
+++ b/common/crowdsec/templates/docker-compose.yml
+version: '3'
+services:
+  app:
+    image: crowdsecurity/crowdsec:v1.5.2
+    healthcheck:
+      test: ["CMD", "cscli", "version"]
+      interval: 20s
+      timeout: 2s
+      retries: 5
+      start_period: 10s
+    ports:
+      - "127.0.0.1:8080:8080"
+    environment:
+      COLLECTIONS: "crowdsecurity/traefik crowdsecurity/http-cve crowdsecurity/whitelist-good-actors crowdsecurity/iptables crowdsecurity/linux crowdsecurity/nginx crowdsecurity/sshd"
+      GID: "${GID-1000}"
+      CUSTOM_HOSTNAME: dSHB
+    volumes:
+      - /etc/localtime:/etc/localtime:ro  
+      - /var/log:/var/log:ro
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - /var/run/systemd/journal/socket:/var/run/systemd/journal/socket:ro
+      - {{ basedir }}/appdata/crowdsec/data:/var/lib/crowdsec/data
+      - {{ basedir }}/appdata/crowdsec/config:/etc/crowdsec
+      - {{ basedir }}/crowdsec-db:
+  dashboard:
+    build: ./crowdsec/dashboard
+    restart: always
+    environment:
+      MB_DB_FILE: /data/metabase.db
+      MGID: "${GID-1000}"
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
+      - traefik.http.routers.{{ servicename }}.entrypoints=websecure
+      - traefik.http.services.{{ servicename }}.loadbalancer.server.port=3000
+    volumes:
+      - crowdsec-db:/metabase-data/
\ No newline at end of file
--- a/common/docker_traefik/tasks/main.yml
+++ b/common/docker_traefik/tasks/main.yml
- include: ../functions/get_secret.yml
+- include_tasks: ../functions/get_secret.yml
  with_items:
    - { path: "{{ basedir }}/letsencrypt_notification_email",  length: -1 }
  when: selfSignedCN is not defined 

--- a/common/docker_traefik/templates/docker-compose.yml
+++ b/common/docker_traefik/templates/docker-compose.yml
@@ -3,7 +3,7 @@ version: '2.4'
 services:
    app:
-        image: traefik:v3.0
+        image: traefik:v3.0.0-beta3
        restart: always
        ports:
            - "80:80"

--- a/common/wireguard/tasks/main.yml
+++ b/common/wireguard/tasks/main.yml
@@ -53,6 +53,11 @@
  ansible.builtin.systemd:
    daemon_reload: true
+- name: "Stop systemd service for wg0"
+  ansible.builtin.systemd:
+    name: "wg-quick@wg0"
+    state: stopped
 - name: "Start systemd service for wg0"
  ansible.builtin.systemd:
    name: "wg-quick@wg0"

--- a/common/wireguard/templates/webserver.conf
+++ b/common/wireguard/templates/webserver.conf
@@ -5,4 +5,4 @@ ListenPort = 51821
 [Peer]
 PublicKey = 9FLaGBXWjInPv4PFRuAJPPrPWruzocVrXg9lsmwGdX4=
-AllowedIPs = 10.43.1.2, 192.168.0.0/24, 10.0.0.0/23
+AllowedIPs = 10.43.1.2, 192.168.0.0/24, 10.0.0.0/22
--- a/host_vars/ogg
+++ b/host_vars/ogg
@@ -57,9 +57,6 @@ alert:
    - { name: "esphome-dev_app_1" }    
    - { name: "fridgeserver_app_1" }    
    - { name: "grafana_app_1" }    
-    - { name: "graylog_graylog_1" }    
-    - { name: "graylog_mongodb_1" }    
-    - { name: "graylog_opensearch_1" }    
    - { name: "heimdall_app_1" }    
    - { name: "homeassistant_app_1" }    
    - { name: "homeassistant_influxdb_1" }    

--- a/host_vars/webserver
+++ b/host_vars/webserver
@@ -103,6 +103,7 @@ alert:
    - { name: "mail_mailman-nginx_1" }
    - { name: "matrix_ma1sd_1" }
    - { name: "matrix_db_1" }
+    - { name: "matrix_purgemediacache_1" }
    - { name: "matrix_synapse_1" }
    - { name: "matterbridge_cw_1" }
    - { name: "matterbridge_wz_1" }
@@ -120,7 +121,7 @@ alert:
    - { name: "workadventure_redis_1" }
  disks: 
    - { mountpoint: "/", warn: "5 GB", crit: "1 GB" }
-    - { mountpoint: "/srv", warn: "1 GB", crit: "500 MB" }
+    - { mountpoint: "/srv", warn: "5 GB", crit: "1 GB" }
 # Definition von Borgbackup Repositories 

--- a/hosts
+++ b/hosts
-# Nameskonvention für Server: Pratchett Name/Charaktere
-# Namensliste: https://wiki.lspace.org/List_of_Pratchett_characters
-# Nächste freie Namen: vimes, cake, colon, detritus, dibbler, dorfl, gaspode, quirm, cherry, nobby, ramkin, ron, shoe, slant, angua, vetinary, bursar, coin, dean, worblehat, luggage. mustrum, rincewind, wrangler, stibbons, whitlow  
-[test]
-[prod]
-# Interner Proxmox-Server
-# Für Verbindungen über den Webserver als Jumphost folgende Parameter ergänzen: 
-# ansible_ssh_common_args='-o ForwardAgent=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ProxyCommand="ssh -W %h:%p -q 159.69.57.51"'
-weatherwax   ansible_ssh_host=192.168.0.200
-# Server für interne Dienste
-# Container auf dem internen Proxmox Server 
-# Wichtige Optionen: Nesting = Yes, keyctl = enabled
-ogg          ansible_ssh_host=192.168.0.201
-# Server für VPN Verbindung zum Webserver 
-# Container auf dem internen Proxmox Server 
-# Wichtige Optionen: Nesting = Yes, keyctl = enabled
-carrot       ansible_ssh_host=192.168.0.202
-# Externe Server Warpzone
-# Öffentlicher Root Server Warpzone bei Hetzner 
-tiffany     ansible_ssh_host=159.69.57.15
-# Öffentlicher Webserver Warpzone 
-# VM auf Tiffany
-webserver   ansible_ssh_host=159.69.57.51 
-# Vorstands-VM
-# VM auf Tiffany
-# Auch erreichbar unter verwaltung.warpzone.ms
-verwaltung ansible_ssh_host=195.201.179.60
-# Physischer Server für Veranstaltungen / Camps 
-# warpzone.remote Proxmox-Server
-hex         ansible_ssh_host=10.111.10.100
-# Virtueller Server für Infrastruktur-Dienste auf Veranstaltungen / Camps
-# Container auf dem warpzone.remote Proxmox-Server 
-# Wichtige Optionen: Nesting = Yes, keyctl = enabled
-hix         ansible_ssh_host=10.111.10.101
--- a/hosts.yml
+++ b/hosts.yml
@@ -12,11 +12,13 @@ prod:
        # ansible_ssh_common_args='-o ForwardAgent=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ProxyCommand="ssh -W %h:%p -q 159.69.57.51"'
        weatherwax:
          ansible_ssh_host: 192.168.0.200
+          ansible_user: root
        # Externe Server Warpzone
        # Öffentlicher Root Server Warpzone bei Hetzner
        tiffany:
          ansible_ssh_host: 159.69.57.15
+          ansible_user: root
    vms:
      children:
@@ -27,12 +29,14 @@ prod:
            # Wichtige Optionen: Nesting = Yes, keyctl = enabled
            ogg:
              ansible_ssh_host: 192.168.0.201
+              ansible_user: root
            # Server für VPN Verbindung zum Webserver
            # Container auf dem internen Proxmox Server
            # Wichtige Optionen: Nesting = Yes, keyctl = enabled
            carrot:
              ansible_ssh_host: 192.168.0.202
+              ansible_user: root
        tiffany-vms:
          hosts:
@@ -40,12 +44,14 @@ prod:
            # VM auf Tiffany
            webserver:
              ansible_ssh_host: 159.69.57.51
+              ansible_user: root
            # Vorstands-VM
            # VM auf Tiffany
            # Auch erreichbar unter verwaltung.warpzone.ms
            verwaltung:
              ansible_ssh_host: 195.201.179.60
+              ansible_user: root
 event:
  children:
@@ -55,6 +61,7 @@ event:
        # warpzone.remote Proxmox-Server
        hex:
          ansible_ssh_host: 10.111.10.100
+          ansible_user: root
    vms:
      hosts:
@@ -63,3 +70,4 @@ event:
        # Wichtige Optionen: Nesting = Yes, keyctl = enabled
        hix:
          ansible_ssh_host: 10.111.10.101
+          ansible_user: root
\ No newline at end of file
--- a/intern/docker_grafana/templates/docker-compose.yml
+++ b/intern/docker_grafana/templates/docker-compose.yml
@@ -4,7 +4,7 @@ services:
  app:
-    image: grafana/grafana:9.4.3
+    image: grafana/grafana:9.5.6
    restart: always
    volumes:
      - "{{ basedir }}/grafana.ini:/etc/grafana/grafana.ini"

--- a/intern/docker_graylog/templates/docker-compose.yml
+++ b/intern/docker_graylog/templates/docker-compose.yml
-version: "3"
-services:
-  mongodb:
-    image: "mongo:6.0.4"
-    restart: "always"
-  opensearch:
-    image: "opensearchproject/opensearch:2.6.0"
-    environment:
-      - "TZ=Europe/Berlin"
-      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
-      - "bootstrap.memory_lock=true"
-      - "discovery.type=single-node"
-      - "action.auto_create_index=false"
-      - "plugins.security.ssl.http.enabled=false"
-      - "plugins.security.disabled=true"
-    restart: "always"
-  graylog:
-    hostname: "server"
-    image: "graylog/graylog:5.0.5"
-    entrypoint: "/usr/bin/tini -- wait-for-it opensearch:9200 --  /docker-entrypoint.sh"
-    environment:
-      TZ: "Europe/Berlin"
-      GRAYLOG_NODE_ID_FILE: "/usr/share/graylog/data/config/node-id"
-      GRAYLOG_PASSWORD_SECRET: "warpzonewarpzone"
-      GRAYLOG_ROOT_PASSWORD_SHA2: "26230bc6e5e044e6e3cef7c76a2800fdf2d3952ef03e85c83491b99eef149c40"
-      GRAYLOG_HTTP_BIND_ADDRESS: "0.0.0.0:9000"
-      GRAYLOG_HTTP_EXTERNAL_URI: "http://graylog.warpzone.lan/"
-      GRAYLOG_ELASTICSEARCH_HOSTS: "http://opensearch:9200"
-      GRAYLOG_MONGODB_URI: "mongodb://mongodb:27017/graylog"
-    ports:
-      - "514:5140/udp"   # Syslog
-      - "514:5140/tcp"   # Syslog
-    restart: "always"
-    labels:
-      - traefik.enable=true
-      - traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
-      - traefik.http.routers.{{ servicename }}.entrypoints=websecure
-      - traefik.http.services.{{ servicename }}.loadbalancer.server.port=9000
-    networks:
-      - web
-      - default
-networks:
-  web:
-    external: true
--- a/intern/docker_homeassistant/tasks/main.yml
+++ b/intern/docker_homeassistant/tasks/main.yml
 ---
- include: ../functions/get_secret.yml
+- include_tasks: ../functions/get_secret.yml
  with_items:
   - { path: "{{ basedir }}/warpai_status_update_key",     length: -1 }
   - { path: "{{ basedir }}/homeassistant_admin_password", length: 12 }

--- a/intern/docker_homeassistant/templates/config/configuration.yaml
+++ b/intern/docker_homeassistant/templates/config/configuration.yaml
@@ -79,6 +79,12 @@ rest_command:
  set_zone_status_closed: 
    url: "https://api.warpzone.ms/setstatus?newstatus=CLOSED&update_key={{ warpai_status_update_key }}"
    method: GET 
+  set_lounge_matrix_off:
+    url: "http://led-matrix.warpzone.lan/play/off.png"
+    method: GET
+  set_lounge_matrix_on:
+    url: "http://led-matrix.warpzone.lan/skip"
+    method: GET
 # https://www.home-assistant.io/integrations/telegram/
 telegram_bot:
@@ -453,15 +459,14 @@ automation ansible:
                option: Red static
    mode: restart
+  # WLED rot lounge
-  # WLED rot
+  - alias: ANSIBLE_WLED_lounge_red
-  - alias: ANSIBLE_WLED_red
+    description: WLED rot in der lounge
-    description: WLED rot
    trigger:
      - type: turned_on
        platform: device
        device_id: 33915e12bd114226dcd4718e77a27779
-        entity_id: binary_sensor.button_4
+        entity_id: binary_sensor.button_5
        domain: binary_sensor
    condition: []
    action:
@@ -474,24 +479,51 @@ automation ansible:
          effect: Solid
        target:
          area_id:
-            - hackcenter
            - kuche
            - lounge
            - serverrack
+    mode: queued
+    max: 30
+  # WLED rot im hackcenter
+  - alias: ANSIBLE_WLED_hackcenter_red
+    description: WLED rot im hackcenter
+    trigger:
+      - type: turned_on
+        platform: device
+        device_id: 33915e12bd114226dcd4718e77a27779
+        entity_id: binary_sensor.button_2
+        domain: binary_sensor
+    condition: []
+    action:
+      - service: light.turn_on
+        data:
+          rgb_color:
+            - 255
+            - 0
+            - 0
+          effect: Solid
+        target:
+          area_id:
+            - hackcenter
            - eingang
    mode: queued
    max: 30
-  # WLED gruen
+  # WLED gruen lounge
-  - alias: ANSIBLE_WLED_green
+  - alias: ANSIBLE_WLED_lounge_green
-    description: WLED gruen
+    description: WLED gruen in der lounge
    trigger:
      - type: turned_on
        platform: device
        device_id: 33915e12bd114226dcd4718e77a27779
        entity_id: binary_sensor.button_5
        domain: binary_sensor
+        for:
+          hours: 0
+          minutes: 0
+          seconds: 1
    condition: []
    action:
      - service: light.turn_on
@@ -503,23 +535,55 @@ automation ansible:
          effect: Solid
        target:
          area_id:
-            - hackcenter
            - kuche
            - lounge
            - serverrack
+    mode: queued
+    max: 30
+  # WLED gruen hackcenter
+  - alias: ANSIBLE_WLED_hackcenter_green
+    description: WLED gruen im hackcenter
+    trigger:
+      - type: turned_on
+        platform: device
+        device_id: 33915e12bd114226dcd4718e77a27779
+        entity_id: binary_sensor.button_2
+        domain: binary_sensor
+        for:
+          hours: 0
+          minutes: 0
+          seconds: 1
+    condition: []
+    action:
+      - service: light.turn_on
+        data:
+          rgb_color:
+            - 0
+            - 255
+            - 0
+          effect: Solid
+        target:
+          area_id:
+            - hackcenter
            - eingang
    mode: queued
    max: 30
-  # WLED blue
-  - alias: ANSIBLE_WLED_blue
+  # WLED blue lounge
-    description: wLED blau
+  - alias: ANSIBLE_WLED_lounge_blue
+    description: wLED blau in der lounge
    trigger:
      - type: turned_on
        platform: device
        device_id: 33915e12bd114226dcd4718e77a27779
-        entity_id: binary_sensor.button_6
+        entity_id: binary_sensor.button_5
        domain: binary_sensor
+        for:
+          hours: 0
+          minutes: 0
+          seconds: 2
    condition: []
    action:
      - service: light.turn_on
@@ -531,23 +595,55 @@ automation ansible:
          effect: Solid
        target:
          area_id:
-            - hackcenter
            - kuche
            - lounge
            - serverrack
-            - eingang
    mode: queued
    max: 30
-  # WLED white
+  # WLED blue hackcenter
-  - alias: ANSIBLE_WLED_white
+  - alias: ANSIBLE_WLED_hackcenter_blue
-    description: WLED weiss
+    description: wLED blau im hackcenter
    trigger:
      - type: turned_on
        platform: device
        device_id: 33915e12bd114226dcd4718e77a27779
        entity_id: binary_sensor.button_2
        domain: binary_sensor
+        for:
+          hours: 0
+          minutes: 0
+          seconds: 2
+    condition: []
+    action:
+      - service: light.turn_on
+        data:
+          rgb_color:
+            - 0
+            - 0
+            - 255
+          effect: Solid
+        target:
+          area_id:
+            - hackcenter
+            - eingang
+    mode: queued
+    max: 30
+  # WLED white lounge
+  - alias: ANSIBLE_WLED_lounge_white
+    description: WLED weiss in der lounge
+    trigger:
+      - type: turned_on
+        platform: device
+        device_id: 33915e12bd114226dcd4718e77a27779
+        entity_id: binary_sensor.button_5
+        domain: binary_sensor
+        for:
+          hours: 0
+          minutes: 0
+          seconds: 3
    condition: []
    action:
      - service: light.turn_on
@@ -559,45 +655,98 @@ automation ansible:
          effect: Solid
        target:
          area_id:
-            - hackcenter
            - kuche
            - lounge
            - serverrack
-            - eingang
    mode: queued
    max: 30
+  # WLED white hackcenter
+  - alias: ANSIBLE_WLED_hackcenter_white
+    description: WLED weiss im hackcenter
+    trigger:
+      - type: turned_on
+        platform: device
+        device_id: 33915e12bd114226dcd4718e77a27779
+        entity_id: binary_sensor.button_2
+        domain: binary_sensor
+        for:
+          hours: 0
+          minutes: 0
+          seconds: 3
+    condition: []
+    action:
+      - service: light.turn_on
+        data:
+          rgb_color:
+            - 255
+            - 255
+            - 255
+          effect: Solid
+        target:
+          area_id:
+            - hackcenter
+            - eingang
+    mode: queued
+    max: 30
-  # WLED off
+  # WLED off lounge
-  - alias: ANSIBLE_WLED_off
+  - alias: ANSIBLE_WLED_lounge_off
-    description: WLED aus
+    description: WLED aus in der lounge
    trigger:
      - type: turned_on
        platform: device
        device_id: 33915e12bd114226dcd4718e77a27779
-        entity_id: binary_sensor.button_3
+        entity_id: binary_sensor.button_6
        domain: binary_sensor
+        for:
+          hours: 0
+          minutes: 0
+          seconds: 0
    condition: []
    action:
      - service: light.turn_off
        target:
          area_id:
-            - hackcenter
            - kuche
            - lounge
            - serverrack
+      - service: rest_command.set_lounge_matrix_off
+        data: {}
+    mode: queued
+    max: 30
+  # WLED off hackcenter
+  - alias: ANSIBLE_WLED_hackcenter_off
+    description: WLED aus im hackcenter
+    trigger:
+      - type: turned_on
+        platform: device
+        device_id: 33915e12bd114226dcd4718e77a27779
+        entity_id: binary_sensor.button_3
+        domain: binary_sensor
+        for:
+          hours: 0
+          minutes: 0
+          seconds: 0
+    condition: []
+    action:
+      - service: light.turn_off
+        target:
+          area_id:
+            - hackcenter
            - eingang
    mode: queued
    max: 30
-  # WLED default
+  # WLED default Lounge
-  - alias: "ANSIBLE_WLED_default"
+  - alias: "ANSIBLE_WLED_lounge_default"
-    description: WLED Default effect
+    description: WLED Default effect in der Lounge
    trigger:
      - type: turned_on
        platform: device
        device_id: 33915e12bd114226dcd4718e77a27779
-        entity_id: binary_sensor.button_1
+        entity_id: binary_sensor.button_4
        domain: binary_sensor
        for:
          hours: 0
@@ -609,37 +758,32 @@ automation ansible:
        data: {}
        target:
          area_id:
-            - hackcenter
            - kuche
            - lounge
            - serverriack
-            - eingang
      - service: select.select_option
        data:
          option: default
        target:
          entity_id:
-            - select.icicles_preset
            - select.kueche_preset
-            - select.lightsaber01_preset
-            - select.lightsaber02_preset
-            - select.loetecke_preset
            - select.loungedecke_preset
            - select.rack_preset
-            - select.schild_preset
            - select.theke_preset
-            - select.trocknerschlauch_preset
            - select.warpcubes_preset
            - select.loungetisch_preset
            - select.matrix01_preset
            - select.vorhang_preset
            - select.lampan_preset
            - select.clock_preset
+            - select.fernseher01_preset
+      - service: rest_command.set_lounge_matrix_on
+        data: {}
    mode: single
-  # WLED meteor
+  # WLED default hackcenter
-  - alias: "ANSIBLE_WLED_Meteor"
+  - alias: "ANSIBLE_WLED_hackcenter_default"
-    description: WLED Meteor effect
+    description: WLED Default effect im hackcenter
    trigger:
      - type: turned_on
        platform: device
@@ -649,7 +793,7 @@ automation ansible:
        for:
          hours: 0
          minutes: 0
-          seconds: 10
+          seconds: 0
    condition: []
    action:
      - service: light.turn_on
@@ -657,31 +801,110 @@ automation ansible:
        target:
          area_id:
            - hackcenter
+            - eingang
+      - service: select.select_option
+        data:
+          option: default
+        target:
+          entity_id:
+            - select.icicles_preset
+            - select.lightsaber01_preset
+            - select.lightsaber02_preset
+            - select.loetecke_preset
+            - select.schild_preset
+            - select.trocknerschlauch_preset
+      - service: light.turn_on
+        data:
+          rgb_color:
+            - 255
+            - 160
+            - 0
+        target:
+          device_id: d1d266daf7d11e675319fdae0226a197
+    mode: single
+  # WLED meteor lounge
+  - alias: "ANSIBLE_WLED_lounge_Meteor"
+    description: WLED Meteor effect in der Lounge
+    trigger:
+      - type: turned_on
+        platform: device
+        device_id: 33915e12bd114226dcd4718e77a27779
+        entity_id: binary_sensor.button_4
+        domain: binary_sensor
+        for:
+          hours: 0
+          minutes: 0
+          seconds: 2
+    condition: []
+    action:
+      - service: light.turn_on
+        data: {}
+        target:
+          area_id:
            - kuche
            - lounge
            - serverrack
-            - eingang
      - service: select.select_option
        data:
          option: Meteor
        target:
          entity_id:
-            - select.icicles_preset
            - select.kueche_preset
-            - select.lightsaber01_preset
-            - select.lightsaber02_preset
            - select.loetecke_preset
            - select.loungedecke_preset
            - select.rack_preset
-            - select.schild_preset
            - select.theke_preset
-            - select.trocknerschlauch_preset
            - select.warpcubes_preset
            - select.loungetisch_preset
            - select.matrix01_preset
            - select.vorhang_preset
            - select.lampan_preset
            - select.clock_preset
+            - select.fernseher01_preset
+    mode: single
+  # WLED meteor Hackcenter
+  - alias: "ANSIBLE_WLED_Hackcenter_Meteor"
+    description: WLED Meteor effect im Hackcenter
+    trigger:
+      - type: turned_on
+        platform: device
+        device_id: 33915e12bd114226dcd4718e77a27779
+        entity_id: binary_sensor.button_1
+        domain: binary_sensor
+        for:
+          hours: 0
+          minutes: 0
+          seconds: 2
+    condition: []
+    action:
+      - service: light.turn_on
+        data: {}
+        target:
+          area_id:
+            - hackcenter
+            - eingang
+      - service: select.select_option
+        data:
+          option: Meteor
+        target:
+          entity_id:
+            - select.icicles_preset
+            - select.lightsaber01_preset
+            - select.lightsaber02_preset
+            - select.loetecke_preset
+            - select.schild_preset
+            - select.trocknerschlauch_preset
+      - service: light.turn_on
+        data:
+          rgb_color:
+            - 255
+            - 0
+            - 238
+        target:
+          device_id: d1d266daf7d11e675319fdae0226a197
    mode: single
  # WLED Zonenstatus
@@ -795,8 +1018,4 @@ automation ansible:
              - type: turn_off
                device_id: 7ba91dde6b1413340fdc66f2984dfd00
                entity_id: light.brightness
                domain: light
-              - type: turn_off
\ No newline at end of file
-                device_id: f65f71ef46e86492b79d75223670013a
-                entity_id: switch.licht_hackcenter
-                domain: switch
\ No newline at end of file
--- a/intern/docker_homeassistant/templates/docker-compose.yml
+++ b/intern/docker_homeassistant/templates/docker-compose.yml
@@ -26,7 +26,7 @@ services:
  influxdb:
-    image: influxdb:2.6.1
+    image: influxdb:2.7.1
    restart: always
    ports:
      - "{{ int_ip4 }}:{{ influxdb_port }}:8086"

--- a/intern/docker_mqtt/tasks/main.yml
+++ b/intern/docker_mqtt/tasks/main.yml
 ---
- include: ../functions/get_secret.yml
+- include_tasks: ../functions/get_secret.yml
  with_items:
   - { path: "{{ basedir }}/influxdb_password", length: 12 }
   - { path: "{{ basedir }}/influxdb_token", length: 24 }

--- a/intern/docker_nodered/templates/docker-compose.yml
+++ b/intern/docker_nodered/templates/docker-compose.yml
@@ -9,7 +9,7 @@ version: "3"
 services:
  app:
-    image: nodered/node-red:2.2.3
+    image: nodered/node-red:3.0.2
    restart: always
    volumes:
      - "{{ basedir }}/data:/data"
No results found