common/borgbackup/templates/borgbackup-create.sh

@@ -11,7 +11,7 @@ export LAST_BACKUPS_PROM="/var/lib/prometheus/node-exporter/lastbackup.prom"
 
 echo "===[ Create Backup: {{ item.value.repo }} ]===" \
 && \
-borg create $1 $2 $3 --info --show-rc --stats --compression {{ item.value.compression }} {{ item.value.options }} {{ item.value.repo }}::$BACKUP_DATE \
+borg create $1 $2 $3 --info --show-rc --stats --exclude *lost+found --compression {{ item.value.compression }} {{ item.value.options }} {{ item.value.repo }}::$BACKUP_DATE \
 {% for directory in borgbackup_directories %}
 {{ directory }} \
 {% endfor %} \

common/docker/templates/daemon.json

@@ -6,7 +6,7 @@
       "max-file": "5"
     },
     "metrics-addr": "{{int_ip4}}:9323",
-    "experimental": true
-
+    "experimental": true,
+    "ip6tables": true
 }
 

common/docker_traefik/tasks/main.yml

@@ -37,11 +37,19 @@
     dest: "{{ basedir }}/{{ item }}"
   with_items:
     - docker-compose.yml
-    - traefik.yml 
-    - dynamic/redirect-default.yml
+    - traefik.yml
     - dynamic/tls.yml
   register: config
 
+- name: redirect-default ersstellen, wenn domain_default definiert ist
+  template:
+    src: "{{ item }}"
+    dest: "{{ basedir }}/{{ item }}"
+  with_items:
+    - dynamic/redirect-default.yml
+  when: domain_default is defined
+  register: config
+
 - name: "stop {{ servicename}} docker"
   docker_compose:
     project_src: "{{ basedir }}"

common/docker_traefik/templates/docker-compose.yml

@@ -3,7 +3,7 @@ version: '2.4'
 services:
 
     app:
-        image: traefik:v2.9.8
+        image: traefik:v3.0
         restart: always
         ports:
             - "80:80"

common/docker_traefik/templates/dynamic/tls.yml

@@ -14,7 +14,6 @@ tls:
     options:
         default:
             sniStrict: true
-            preferServerCipherSuites: true
             minVersion: "VersionTLS12"
             curvePreferences:
                 - "secp521r1"

common/wireguard/templates/webserver.conf

+[Interface]
+PrivateKey = {{ privatekey }}
+Address = 10.43.1.1 
+ListenPort = 51821
+
+[Peer]
+PublicKey = 9FLaGBXWjInPv4PFRuAJPPrPWruzocVrXg9lsmwGdX4=
+AllowedIPs = 10.43.1.2, 192.168.0.0/24, 10.0.0.0/23

group_vars/prod

@@ -32,40 +32,40 @@ global_domains:
 # Globale Mail konfiguration 
 mail_domains:
   warpzonems:
-    maildomain: warpzone.ms 
-    mxserver: mailserver.warpzone.ms
-    mxhostname: webserver
-    spf: v=spf1 mx ~all
-    dmarc: v=DMARC1; p=none;
+    maildomain: "warpzone.ms" 
+    mxserver: "mailserver.warpzone.ms"
+    mxhostname: "webserver"
+    spf: "v=spf1 mx a:mailserver.warpzone.ms ip4:{{ hostvars['webserver'].ext_ip4 }} ip6:{{ hostvars['webserver'].ext_ip6 }} -all"
+    dmarc: "v=DMARC1; p=none;"
     dkim:
-      - { selector: "dkim", value: "v=DKIM1;k=rsa;t=s;s=email;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+ZvoSoa2LwBbzQMD9laVy8hUGbvhe1LkL/6SIk3Ks8GfiT7p+hdlbcvo+noBR4gvbmSWwn3yBxOnGCtSH+iP0q7HHrmeEXJqGkLK25zZh1EO8bZqIHi2NX/LnN7dJTO8C27CRLME+YtWdrDaerIWXsHk7U+qD1ZuM5Q+FgAzsQ5uxQVlD6sO3IU" }
+      - { selector: "dkim", value: "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxNnNZElbWq9EonFULbr8vWWykKmZEylRwjo4lYx/lXsGDFWBuNh2s6gFF10OuHWtavokjvh/7sFidNaRYQkn3uwHmylBWFn7Jr2lPWY8PBEoIeAZZx5qHaDWxJVgzE7maFyXAswDGXcR/DRTn2xR6osNXOovjGeYXq/atR/45iwfgkhqAaXaV1uP/K9y\" \"y2sZ2dRtGEwCKsWbP26cOZ6MUcADszgUTEp59iKey79m0uwi0IpA8WjEKVwbMcf/6fBw1ejIEjVUX+bami2fQ6RPl4uEyloco4paV3w/vww2hh4VchCFLYAEKMkZOZs/eTDGsjaMguwHbPeVJjkpX2T6WQIDAQAB" }
   member_warpzonems:
-    maildomain: member.warpzone.ms 
-    mxserver: mailserver.warpzone.ms
-    mxhostname: webserver
-    spf: v=spf1 mx ~all
-    dmarc: v=DMARC1; p=none;
+    maildomain: "member.warpzone.ms" 
+    mxserver: "mailserver.warpzone.ms"
+    mxhostname: "webserver"
+    spf: "v=spf1 mx a:mailserver.warpzone.ms ip4:{{ hostvars['webserver'].ext_ip4 }} ip6:{{ hostvars['webserver'].ext_ip6 }} -all"
     dkim:
-      - { selector: "dkim", value: "v=DKIM1;k=rsa;t=s;s=email;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8lZDykC3gbxSHMwTNO7QrDytlO9Sg66nEXpIv1/GqQrj3T1i3tTn05XxpJbRXUMuooaP6xZqt2OR3f/Wex6d4WwHH4Z1YuvyKDUWewynGZ3Ge+Vca8T0LBdDw7DZWtkXv94SHPWLyPWuuBXQs2nAgrMn3rtlwKovEsOqg85mFNb1EVm9Rgj9TB2" }
+      - { selector: "dkim", value: "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu334a+uJ5b7D8UTz3Up6A8EjZhEnXaIpiIcKAGPXXD2ZBGmkWfUNcwDcfMoDErH6ntXzf0uH2VMvaajB/wdKLyly1irDKoyjLA3hJb5wnF9Gh0anL1qxY6UA189vWsw+2JlZJWyQ3IcaQ720SM3OrrK4AL3gRItieSEQ+23m5aW0P6sgUuMXTmmKLbd4\" \"DzZ14Emw293TD2p4gJtgxW/6EfIfcUU+/jP1NNm9gksyzynH1pJXPwVruo9u4QujEQiPqtVsVtrtUm1kbnW+pexj3eKOLLEHGZ+p5AZ/jtALk9pJfNumm/XHFK5PTZDBIipXOYvuG8RdwsaCQRezGKy04QIDAQAB" }
   lists_warpzonems:
-    maildomain: lists.warpzone.ms 
-    mxserver: mailserver.warpzone.ms
-    mxhostname: webserver
-    spf: v=spf1 mx ~all
-    dmarc: v=DMARC1; p=none;
+    maildomain: "lists.warpzone.ms" 
+    mxserver: "mailserver.warpzone.ms"
+    mxhostname: "webserver"
+    spf: "v=spf1 mx a:mailserver.warpzone.ms ip4:{{ hostvars['webserver'].ext_ip4 }} ip6:{{ hostvars['webserver'].ext_ip6 }} -all"
+    dkim:
+      - { selector: "dkim", value: "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoO7SXkUkM17Y1Vi/cvO48IJmlReGWSaYHY+wEldLHt80TiXP0AGZ8nG+DshXi1J2D5xjn8cJu4VqgDrLFnsRJyGYKmi7yVukANVg6gjYlET4y5+UU7Vk2W3xhN2U/8F0rcyynALzQa8i4Y/wEI0qkgHyE6+lITmglJvlj6tgp4YYK2TBH3Zo//PukOmU\" \"6gG/qu0+6p+CepvqzfGT2l1duov5a2+DJJzlJTULJ5D5Blsmg/0GeC81gZ4QDC3S8aaM5Pw3I3lQCSJT4Q4Ge6Ues4ccagNrdnZhtHNaVFGdL1mR1k+G784gpMZphPj5MylNEpA3V4bD7/Ygf4GuAvHdMwIDAQAB" }
 #  chaostreffmuensterde:
 #    maildomain: chaostreff-muenster.de 
-#    mxserver: mailserver.warpzone.ms
-#    mxhostname: webserver
-#    spf: v=spf1 mx ~all
+#    mxserver: "mailserver.warpzone.ms"
+#    mxhostname: "webserver"
+#    spf: "v=spf1 mx a:mailserver.warpzone.ms ip4:{{ hostvars['webserver'].ext_ip4 }} ip6:{{ hostvars['webserver'].ext_ip6 }} -all"
 #    dmarc: v=DMARC1; p=none;
 #    dkim:
 #      - { selector: "dkim", value: "v=DKIM1;k=rsa;t=s;s=email;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/OBnxYygjhKeZVyvhDAO1/O1XwyYEhQx3bW/rO/Wmp8ZzP/eQh3dljDEibj1KsfdUhfgTIU8CnTKLayb8B07MMzhBklpg8WUV2LrDmpndfhixizjaxzwBj/dhtiZE7e4BwhOPOmdBQ0cCIvNhMcQcCa1RgCpX/g5Ii0AtQ2zCPMTSOW5YWn+VY" }
 #  lists_chaostreffmuensterde:
-#    maildomain: lists.chaostreff-muenster.de 
-#    mxserver: mailserver.warpzone.ms
-#    mxhostname: webserver
-#    spf: v=spf1 mx ~all
+#    maildomain: "lists.chaostreff-muenster.de"
+#    mxserver: "mailserver.warpzone.ms"
+#    mxhostname: "webserver"
+#    spf: "v=spf1 mx a:mailserver.warpzone.ms ip4:{{ hostvars['webserver'].ext_ip4 }} ip6:{{ hostvars['webserver'].ext_ip6 }} -all"
 #    dmarc: v=DMARC1; p=none;
 
 
@@ -113,3 +113,10 @@ esphome_devices:
   - { id: "lounge",        name: "Lounge",        groups: "gLounge",        sensors: [ "Temp", "pressure", "humidity" ] }
   - { id: "status",        name: "Status/Strom",  groups: "gHauptraum",     sensors: [ "stromverbrauch", "warpzone_status" ] }
   - { id: "vortragsraum",  name: "Vortragsraum",  groups: "gVortragsraum",  sensors: [ "Temp", "pressure", "humidity" ] }
+
+# Global eQ3 Max configuration 
+eq3max:
+  cube_host: 192.168.0.15
+  devices_heizung:
+    - { name: "E-Werkstatt-Mitte", id: "MEQ1814738" }
+#    - { name: "HeizungKlo", id: "OEQ0663079" }

host_vars/carrot

@@ -6,9 +6,9 @@ motd_lines:
   - "Haupt-IP @ eth0: {{ansible_eth0.ipv4.address}}"
 
 debian_sources:
-  - "deb http://ftp2.de.debian.org/debian/ bullseye main contrib non-free"
-  - "deb http://ftp.debian.org/debian bullseye-updates main contrib non-free"
-  - "deb http://security.debian.org/ bullseye-security main contrib non-free"
+  - "deb http://ftp2.de.debian.org/debian/ bookworm main contrib non-free"
+  - "deb http://ftp.debian.org/debian bookworm-updates main contrib non-free"
+  - "deb http://security.debian.org/ bookworm-security main contrib non-free"
 
 debian_keys_id:
 
@@ -35,8 +35,8 @@ administratorenteam:
 # Monitoring aktivieren
 alert:
   load:
-    warn: 2
-    crit: 4
+    warn: 15
+    crit: 30
   disks:
     - { mountpoint: "/", warn: "5 GB", crit: "1 GB" }
 

host_vars/hex

@@ -6,15 +6,15 @@ motd_lines:
   - "IPs: {{ansible_vmbr0.ipv4.address}}"
 
 debian_sources: 
-  - "deb http://deb.debian.org/debian/ bullseye main non-free contrib"
-  - "deb http://security.debian.org/debian-security bullseye-security main contrib non-free"
-  - "deb http://deb.debian.org/debian/ bullseye-updates main contrib non-free"
-  - "deb http://download.proxmox.com/debian/pve bullseye pve-no-subscription"
+  - "deb http://deb.debian.org/debian/ bookworm main non-free contrib"
+  - "deb http://security.debian.org/debian-security bookworm-security main contrib non-free"
+  - "deb http://deb.debian.org/debian/ bookworm-updates main contrib non-free"
+  - "deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription"
 
 debian_keys_id:
 
 debian_keys_url:
-  - "https://enterprise.proxmox.com/debian/proxmox-release-bullseye.gpg"
+  - "https://enterprise.proxmox.com/debian/proxmox-release-bookworm.gpg"
 
 
 # Art des Hosts: physical, vm, docker 

host_vars/hix

@@ -6,10 +6,10 @@ motd_lines:
   - "Haupt-IP @ eth0: {{ansible_eth0.ipv4.address}}"
 
 debian_sources:
-  - "deb http://ftp2.de.debian.org/debian/ bullseye main contrib non-free"
-  - "deb http://ftp.debian.org/debian bullseye-updates main contrib non-free"
-  - "deb http://security.debian.org/ bullseye-security main contrib non-free"
-  - "deb https://download.docker.com/linux/debian bullseye stable"
+  - "deb http://ftp2.de.debian.org/debian/ bookworm main contrib non-free"
+  - "deb http://ftp.debian.org/debian bookworm-updates main contrib non-free"
+  - "deb http://security.debian.org/ bookworm-security main contrib non-free"
+  - "deb https://download.docker.com/linux/debian bookworm stable"
 
 debian_keys_id:
 

host_vars/ogg

@@ -6,10 +6,10 @@ motd_lines:
   - "Haupt-IP @ eth0: {{ansible_eth0.ipv4.address}}"
 
 debian_sources:
-  - "deb http://ftp2.de.debian.org/debian/ bullseye main contrib non-free"
-  - "deb http://ftp.debian.org/debian bullseye-updates main contrib non-free"
-  - "deb http://security.debian.org/ bullseye-security main contrib non-free"
-  - "deb https://download.docker.com/linux/debian bullseye stable"
+  - "deb http://ftp2.de.debian.org/debian/ bookworm main contrib non-free"
+  - "deb http://ftp.debian.org/debian bookworm-updates main contrib non-free"
+  - "deb http://security.debian.org/ bookworm-security main contrib non-free"
+  - "deb https://download.docker.com/linux/debian bookworm stable"
 
 debian_keys_id:
 
@@ -49,8 +49,8 @@ docker:
 # Monitoring aktivieren
 alert:
   load:
-    warn: 2
-    crit: 4
+    warn: 15
+    crit: 30
   containers:
     - { name: "dockerstats_app_1" }    
     - { name: "esphome_app_1" }    
@@ -63,6 +63,9 @@ alert:
     - { name: "heimdall_app_1" }    
     - { name: "homeassistant_app_1" }    
     - { name: "homeassistant_influxdb_1" }    
+    - { name: "homematic_app_1" }    
+    - { name: "homematic_influxdb_1" }    
+    - { name: "homematic_telegraf_1" }    
     - { name: "mqtt_app_1" } 
     - { name: "mqtt_influxdb_1" } 
     - { name: "mqtt_tgbinary_1" } 
@@ -83,21 +86,21 @@ borgbackup_repos:
   borgbase:
 
     # URL des Repos
-    repo: "juxt0t1v@juxt0t1v.repo.borgbase.com:repo"
+    repo: "apu4cibr@apu4cibr.repo.borgbase.com:repo"
 
     # Repo-spezifische Optionen zum Aufruf von Borgbackup
     # z.B. bei Sicherungen zu rsync.net ist --remote-path=borg1 erforderlich
     options: ""
 
     # Compression Options, z,b. "zlib,5, "zstd,5"
-    compression: "zlib,5"
+    compression: "zstd,5"
 
     # Prune Optionen
     prune: "--keep-within=2d --keep-daily=7 --keep-weekly=4 --keep-monthly=6"
 
     # Backup Schedule
     weekday: "*"
-    hour: "*/4"
+    hour: "6"
     minute: "40"
 
     #  Zusätzliche Verzeichnisse, die nur in diesem Backup gesichtert werden sollen
@@ -105,8 +108,8 @@ borgbackup_repos:
 
     # Monitoring
     alert: true
-    warning_age: 10
-    critical_age: 20
+    warning_age: 36
+    critical_age: 60
     warning_count: 10
     critical_count: 5
 

host_vars/tiffany

@@ -6,15 +6,15 @@ motd_lines:
   - "Öffentliche IPs: {{ansible_enp35s0.ipv4.address}} / {{ansible_enp35s0.ipv6[0].address}}"
 
 debian_sources: 
-  - "deb http://ftp2.de.debian.org/debian/ bullseye main contrib non-free"
-  - "deb http://ftp.debian.org/debian bullseye-updates main contrib non-free"
-  - "deb http://security.debian.org/ bullseye-security main contrib non-free"
-  - "deb http://download.proxmox.com/debian/pve bullseye pve-no-subscription"
+  - "deb http://ftp2.de.debian.org/debian/ bookworm main contrib non-free"
+  - "deb http://ftp.debian.org/debian bookworm-updates main contrib non-free"
+  - "deb http://security.debian.org/ bookworm-security main contrib non-free"
+  - "deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription"
 
 debian_keys_id:
 
 debian_keys_url:
-  - "http://download.proxmox.com/debian/proxmox-release-bullseye.gpg"
+  - "http://download.proxmox.com/debian/proxmox-release-bookworm.gpg"
 
 
 # Art des Hosts: physical, vm, docker 

host_vars/verwaltung

@@ -6,10 +6,10 @@ motd_lines:
   - "Öffentliche IPs: {{ansible_ens18.ipv4.address}} / {{ansible_ens18.ipv6[0].address}}"
 
 debian_sources: 
-  - "deb http://ftp2.de.debian.org/debian/ bullseye main contrib non-free"
-  - "deb http://ftp.debian.org/debian bullseye-updates main contrib non-free"
-  - "deb http://security.debian.org/ bullseye-security main contrib non-free"
-  - "deb https://download.docker.com/linux/debian bullseye stable"
+  - "deb http://ftp2.de.debian.org/debian/ bookworm main contrib non-free"
+  - "deb http://ftp.debian.org/debian bookworm-updates main contrib non-free"
+  - "deb http://security.debian.org/ bookworm-security main contrib non-free"
+  - "deb https://download.docker.com/linux/debian bookworm stable"
 
 debian_keys_id:
   
@@ -63,8 +63,8 @@ docker:
 # Monitoring aktivieren 
 alert:  
   load: 
-    warn: 8
-    crit: 16
+    warn: 5
+    crit: 10
   containers:
     - { name: "dockerstats_app_1" }
     - { name: "gitea_app_1" }

host_vars/weatherwax

@@ -6,15 +6,15 @@ motd_lines:
   - "IPs: {{ansible_bond0.ipv4.address}}"
 
 debian_sources: 
-  - "deb http://deb.debian.org/debian/ bullseye main non-free contrib"
-  - "deb http://security.debian.org/debian-security bullseye-security main contrib non-free"
-  - "deb http://deb.debian.org/debian/ bullseye-updates main contrib non-free"
-  - "deb http://download.proxmox.com/debian/pve bullseye pve-no-subscription"
+  - "deb http://deb.debian.org/debian/ bookworm main non-free contrib"
+  - "deb http://security.debian.org/debian-security bookworm-security main contrib non-free"
+  - "deb http://deb.debian.org/debian/ bookworm-updates main contrib non-free"
+  - "deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription"
 
 debian_keys_id:
 
 debian_keys_url:
-  - "https://enterprise.proxmox.com/debian/proxmox-release-bullseye.gpg"
+  - "https://enterprise.proxmox.com/debian/proxmox-release-bookworm.gpg"
 
 
 # Art des Hosts: physical, vm, docker 
@@ -32,8 +32,8 @@ administratorenteam:
 # Monitoring aktivieren
 alert:
   load:
-    warn: 4
-    crit: 8
+    warn: 20
+    crit: 40
   disks:
     - { mountpoint: "/",         warn: "10 GB", crit: "3 GB" }
     # btrfs currently no data from node exporter 

host_vars/webserver

@@ -6,10 +6,10 @@ motd_lines:
   - "Öffentliche IPs: {{ansible_ens18.ipv4.address}} / {{ansible_ens18.ipv6[0].address}}"
 
 debian_sources: 
-  - "deb http://ftp2.de.debian.org/debian/ bullseye main contrib non-free"
-  - "deb http://ftp.debian.org/debian bullseye-updates main contrib non-free"
-  - "deb http://security.debian.org/ bullseye-security main contrib non-free"
-  - "deb https://download.docker.com/linux/debian bullseye stable"
+  - "deb http://ftp2.de.debian.org/debian/ bookworm main contrib non-free"
+  - "deb http://ftp.debian.org/debian bookworm-updates main contrib non-free"
+  - "deb http://security.debian.org/ bookworm-security main contrib non-free"
+  - "deb https://download.docker.com/linux/debian bookworm stable"
 
 debian_keys_id:
 
@@ -68,8 +68,8 @@ docker:
 # Monitoring aktivieren 
 alert:  
   load: 
-    warn: 8
-    crit: 16
+    warn: 5
+    crit: 10
   containers:
     - { name: "coturn_coturn_1" }
     - { name: "dockerstats_app_1" }

intern/docker_esphome/templates/config/esphome_plug08.yaml

@@ -15,10 +15,6 @@
       payload: "OFF"
       then:
         - switch.turn_off: relay
-    - topic: warpzone/door/status
-      payload: "CLOSED"
-      then:
-        - switch.turn_off: relay
         
 substitutions:
   plug_name: {{ devicename }}

intern/docker_homeassistant/templates/config/configuration.yaml

@@ -54,6 +54,14 @@ influxdb:
   token: {{ influxdb_token }}
   default_measurement: units
 
+
+# eQ3 Max 
+maxcube:
+  gateways:
+    - host: {{ eq3max.cube_host }}
+      port: 62910
+      scan_interval: 60
+
 # zonenstatus wird vom hauptschalter gesteuert, switch02 ping ist nicht mehr notwendig
 # https://www.home-assistant.io/integrations/ping/
 #binary_sensor:

intern/docker_homeassistant/templates/docker-compose.yml

@@ -5,8 +5,10 @@ services:
   
   app:
 
-    image: homeassistant/home-assistant:2023.3
+    image: homeassistant/home-assistant:2023.6
     restart: always
+    ports:
+      - "{{ int_ip4 }}:{{ homematic_callback_port }}:{{ homematic_callback_port }}"
     volumes:
       - "/etc/localtime:/etc/localtime:ro"
       - "{{ basedir }}/config:/config"

remote/docker_homeassistant/templates/docker-compose.yml

@@ -5,7 +5,7 @@ services:
   
   app:
 
-    image: homeassistant/home-assistant:2023.3.3
+    image: homeassistant/home-assistant:2023.6.1
     restart: always
     volumes:
       - "/etc/localtime:/etc/localtime:ro"

site.yml

@@ -92,7 +92,8 @@
         servicename: homeassistant, 
         basedir: /srv/homeassistant,
         domain: "ha.warpzone.lan",
-        influxdb_port: 38086
+        homematic_callback_port: 8060,
+        influxdb_port: 38086       
       }
     - { 
         role: intern/docker_mqtt, tags: mqtt, 
@@ -146,6 +147,7 @@
     - { role: common/kvm-guest, tags: kvm-guest }
     - { role: common/openvpn, tags: openvpn }
     - { role: common/prometheus-node, tags: prometheus-node }
+    - { role: common/wireguard, tags: wireguard }
     - { 
         role: common/docker_dockerstats, tags: dockerstats, 
         servicename: dockerstats, 
@@ -268,7 +270,6 @@
         servicename: traefik,
         basedir: /srv/traefik,
         domain: "warpzone.ms",
-        domain_default: "www.warpzone.ms" 
       }      
     - { 
         role: verwaltung/docker_gitea, tags: gitea,