Compare revisions

1ed6ac3f · d0e7c48e · 61a26c77 · b024feca · 354b3ee8 · 8e929945
--- a/README.md
+++ b/README.md
 # Warpzone Infrastruktur Konfiguration

 Die Infrastruktur der Warpzone wird nach und nach durch das Konfigurationstool Ansible aufgebaut.
-Diese Konfiguration wird von den verschiedenen Teams gemeinschaftlich genutzt und soll als zentrale Dokumentation dienen.
-
+Diese Konfiguration soll als zentrale Dokumentation dienen.

 ## Aktueller Status

-Aktuell ist nur der neue Websserver in der Konfiguration erfasst.
-Weitere Dienste (wie z.B. der bestehende Webserver und die interne Infrastruktur) sind noch nicht abgebildet.
+Alle Server sind erfasst

 ## Vorraussetzungen
 Installiertes ansible
@@ -22,7 +20,7 @@ ansible-galaxy collection install community.docker

 Ausführen von Rollen per
 ```
-ansible-playbook  site.yml -l webserver -t hackmd
+ansible-playbook -i hosts.yml site.yml -l webserver -t hackmd
 ```

 mit -l wird der hosts eingeschränkt mit -t der tag bzw die Rolle, alle tags stehen in der site.yml

--- a/ansible.cfg
+++ b/ansible.cfg
 [defaults]
 # some default values for ansible
-inventory = hosts
+inventory = hosts.yml
 interpreter_python = /usr/bin/python3
--- a/common/borgbackup/templates/borgbackup-create.sh
+++ b/common/borgbackup/templates/borgbackup-create.sh
@@ -11,7 +11,7 @@ export LAST_BACKUPS_PROM="/var/lib/prometheus/node-exporter/lastbackup.prom"

 echo "===[ Create Backup: {{ item.value.repo }} ]===" \
 && \
-borg create $1 $2 $3 --info --show-rc --stats --compression {{ item.value.compression }} {{ item.value.options }} {{ item.value.repo }}::$BACKUP_DATE \
+borg create $1 $2 $3 --info --show-rc --stats --exclude *lost+found --compression {{ item.value.compression }} {{ item.value.options }} {{ item.value.repo }}::$BACKUP_DATE \
 {% for directory in borgbackup_directories %}
 {{ directory }} \
 {% endfor %} \

--- a/common/borgbackup/templates/borgbackup-prometheus.sh
+++ b/common/borgbackup/templates/borgbackup-prometheus.sh
@@ -3,6 +3,9 @@
 export BORG_PASSPHRASE="{{repo_passphrase}}"
 export BORG_RSH="ssh -i /srv/borgbackup/repo_sshkey"

+# Force locale for correct formatting
+LANG=en_US.UTF-8
+
 # Metrics output file in the prometheus node-exporter directory 
 PROM_FILE="/var/lib/prometheus/node-exporter/borgbackup.prom"


--- a/intern/docker_graylog/tasks/main.yml
+++ b/intern/docker_graylog/tasks/main.yml
 ---

 - name: "create folder struct for {{ servicename }}"
-  file: 
-    path: "{{ basedir }}" 
+  file:
+    path: "{{ item }}"
    state: "directory"
-
- name: "create folder struct for {{ servicename }}"
-  file: 
-    path: "{{ basedir }}/{{ item }}" 
-    state: "directory"
-    owner: 508
-    group: 508
  with_items:
-    - "data"
-    - "logs"
+    - "{{ basedir }}"

- name: "create config files for {{ servicename }}"
-  template: 
+- name: "deploy {{ servicename }} config files"
+  template:
+    dest:  "{{ basedir }}/{{ item }}"
    src: "{{ item }}"
-    dest: "{{ basedir }}/{{ item }}"
+    mode: 0644
  with_items:
-    - docker-compose.yml 
+    - docker-compose.yml
+  register: config

- name: "start {{ servicename }} docker"
+# Start containers
+- name: "stop {{ servicename }} docker"
  docker_compose:
    project_src: "{{ basedir }}"
-    state: present
+    state: absent
+  when: config.changed

+- name: "start {{ servicename }} docker"
+  docker_compose:
+    project_src: "{{ basedir }}"
+    state: present
\ No newline at end of file
--- a/common/crowdsec/templates/crowdsec/dashboard/Dockerfile
+++ b/common/crowdsec/templates/crowdsec/dashboard/Dockerfile
+FROM metabase/metabase:v0.46.6.2
+
+RUN mkdir /data/ && wget https://crowdsec-statics-assets.s3-eu-west-1.amazonaws.com/metabase_sqlite.zip && unzip metabase_sqlite.zip -d /data/
\ No newline at end of file
--- a/common/crowdsec/templates/docker-compose.yml
+++ b/common/crowdsec/templates/docker-compose.yml
+version: '3'
+
+services:
+  app:
+    image: crowdsecurity/crowdsec:v1.5.2
+    healthcheck:
+      test: ["CMD", "cscli", "version"]
+      interval: 20s
+      timeout: 2s
+      retries: 5
+      start_period: 10s
+    ports:
+      - "127.0.0.1:8080:8080"
+    environment:
+      COLLECTIONS: "crowdsecurity/traefik crowdsecurity/http-cve crowdsecurity/whitelist-good-actors crowdsecurity/iptables crowdsecurity/linux crowdsecurity/nginx crowdsecurity/sshd"
+      GID: "${GID-1000}"
+      CUSTOM_HOSTNAME: dSHB
+    volumes:
+      - /etc/localtime:/etc/localtime:ro  
+      - /var/log:/var/log:ro
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - /var/run/systemd/journal/socket:/var/run/systemd/journal/socket:ro
+      - {{ basedir }}/appdata/crowdsec/data:/var/lib/crowdsec/data
+      - {{ basedir }}/appdata/crowdsec/config:/etc/crowdsec
+      - {{ basedir }}/crowdsec-db:
+  
+  dashboard:
+    build: ./crowdsec/dashboard
+    restart: always
+    environment:
+      MB_DB_FILE: /data/metabase.db
+      MGID: "${GID-1000}"
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
+      - traefik.http.routers.{{ servicename }}.entrypoints=websecure
+      - traefik.http.services.{{ servicename }}.loadbalancer.server.port=3000
+    volumes:
+      - crowdsec-db:/metabase-data/
\ No newline at end of file
--- a/common/docker/templates/daemon.json
+++ b/common/docker/templates/daemon.json
@@ -6,7 +6,7 @@
      "max-file": "5"
    },
    "metrics-addr": "{{int_ip4}}:9323",
-    "experimental": true
-
+    "experimental": true,
+    "ip6tables": true
 }

--- a/common/docker_traefik/tasks/main.yml
+++ b/common/docker_traefik/tasks/main.yml

- include: ../functions/get_secret.yml
+- include_tasks: ../functions/get_secret.yml
  with_items:
    - { path: "{{ basedir }}/letsencrypt_notification_email",  length: -1 }
  when: selfSignedCN is not defined 
@@ -37,11 +37,19 @@
    dest: "{{ basedir }}/{{ item }}"
  with_items:
    - docker-compose.yml
-    - traefik.yml 
-    - dynamic/redirect-default.yml
+    - traefik.yml
    - dynamic/tls.yml
  register: config

+- name: redirect-default ersstellen, wenn domain_default definiert ist
+  template:
+    src: "{{ item }}"
+    dest: "{{ basedir }}/{{ item }}"
+  with_items:
+    - dynamic/redirect-default.yml
+  when: domain_default is defined
+  register: config
+
 - name: "stop {{ servicename}} docker"
  docker_compose:
    project_src: "{{ basedir }}"

--- a/common/docker_traefik/templates/docker-compose.yml
+++ b/common/docker_traefik/templates/docker-compose.yml
@@ -3,7 +3,7 @@ version: '2.4'
 services:

    app:
-        image: traefik:v2.9.8
+        image: traefik:v3.0.0-beta3
        restart: always
        ports:
            - "80:80"

--- a/common/docker_traefik/templates/dynamic/tls.yml
+++ b/common/docker_traefik/templates/dynamic/tls.yml
@@ -14,7 +14,6 @@ tls:
    options:
        default:
            sniStrict: true
-            preferServerCipherSuites: true
            minVersion: "VersionTLS12"
            curvePreferences:
                - "secp521r1"

--- a/common/wireguard/tasks/main.yml
+++ b/common/wireguard/tasks/main.yml
@@ -53,6 +53,11 @@
  ansible.builtin.systemd:
    daemon_reload: true

+- name: "Stop systemd service for wg0"
+  ansible.builtin.systemd:
+    name: "wg-quick@wg0"
+    state: stopped
+
 - name: "Start systemd service for wg0"
  ansible.builtin.systemd:
    name: "wg-quick@wg0"

--- a/common/wireguard/templates/webserver.conf
+++ b/common/wireguard/templates/webserver.conf
+[Interface]
+PrivateKey = {{ privatekey }}
+Address = 10.43.1.1 
+ListenPort = 51821
+
+[Peer]
+PublicKey = 9FLaGBXWjInPv4PFRuAJPPrPWruzocVrXg9lsmwGdX4=
+AllowedIPs = 10.43.1.2, 192.168.0.0/24, 10.0.0.0/22
--- a/group_vars/prod
+++ b/group_vars/prod
@@ -32,40 +32,40 @@ global_domains:
 # Globale Mail konfiguration 
 mail_domains:
  warpzonems:
-    maildomain: warpzone.ms 
-    mxserver: mailserver.warpzone.ms
-    mxhostname: webserver
-    spf: v=spf1 mx ~all
-    dmarc: v=DMARC1; p=none;
+    maildomain: "warpzone.ms" 
+    mxserver: "mailserver.warpzone.ms"
+    mxhostname: "webserver"
+    spf: "v=spf1 mx a:mailserver.warpzone.ms ip4:{{ hostvars['webserver'].ext_ip4 }} ip6:{{ hostvars['webserver'].ext_ip6 }} -all"
+    dmarc: "v=DMARC1; p=none;"
    dkim:
-      - { selector: "dkim", value: "v=DKIM1;k=rsa;t=s;s=email;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+ZvoSoa2LwBbzQMD9laVy8hUGbvhe1LkL/6SIk3Ks8GfiT7p+hdlbcvo+noBR4gvbmSWwn3yBxOnGCtSH+iP0q7HHrmeEXJqGkLK25zZh1EO8bZqIHi2NX/LnN7dJTO8C27CRLME+YtWdrDaerIWXsHk7U+qD1ZuM5Q+FgAzsQ5uxQVlD6sO3IU" }
+      - { selector: "dkim", value: "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxNnNZElbWq9EonFULbr8vWWykKmZEylRwjo4lYx/lXsGDFWBuNh2s6gFF10OuHWtavokjvh/7sFidNaRYQkn3uwHmylBWFn7Jr2lPWY8PBEoIeAZZx5qHaDWxJVgzE7maFyXAswDGXcR/DRTn2xR6osNXOovjGeYXq/atR/45iwfgkhqAaXaV1uP/K9y\" \"y2sZ2dRtGEwCKsWbP26cOZ6MUcADszgUTEp59iKey79m0uwi0IpA8WjEKVwbMcf/6fBw1ejIEjVUX+bami2fQ6RPl4uEyloco4paV3w/vww2hh4VchCFLYAEKMkZOZs/eTDGsjaMguwHbPeVJjkpX2T6WQIDAQAB" }
  member_warpzonems:
-    maildomain: member.warpzone.ms 
-    mxserver: mailserver.warpzone.ms
-    mxhostname: webserver
-    spf: v=spf1 mx ~all
-    dmarc: v=DMARC1; p=none;
+    maildomain: "member.warpzone.ms" 
+    mxserver: "mailserver.warpzone.ms"
+    mxhostname: "webserver"
+    spf: "v=spf1 mx a:mailserver.warpzone.ms ip4:{{ hostvars['webserver'].ext_ip4 }} ip6:{{ hostvars['webserver'].ext_ip6 }} -all"
    dkim:
-      - { selector: "dkim", value: "v=DKIM1;k=rsa;t=s;s=email;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8lZDykC3gbxSHMwTNO7QrDytlO9Sg66nEXpIv1/GqQrj3T1i3tTn05XxpJbRXUMuooaP6xZqt2OR3f/Wex6d4WwHH4Z1YuvyKDUWewynGZ3Ge+Vca8T0LBdDw7DZWtkXv94SHPWLyPWuuBXQs2nAgrMn3rtlwKovEsOqg85mFNb1EVm9Rgj9TB2" }
+      - { selector: "dkim", value: "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu334a+uJ5b7D8UTz3Up6A8EjZhEnXaIpiIcKAGPXXD2ZBGmkWfUNcwDcfMoDErH6ntXzf0uH2VMvaajB/wdKLyly1irDKoyjLA3hJb5wnF9Gh0anL1qxY6UA189vWsw+2JlZJWyQ3IcaQ720SM3OrrK4AL3gRItieSEQ+23m5aW0P6sgUuMXTmmKLbd4\" \"DzZ14Emw293TD2p4gJtgxW/6EfIfcUU+/jP1NNm9gksyzynH1pJXPwVruo9u4QujEQiPqtVsVtrtUm1kbnW+pexj3eKOLLEHGZ+p5AZ/jtALk9pJfNumm/XHFK5PTZDBIipXOYvuG8RdwsaCQRezGKy04QIDAQAB" }
  lists_warpzonems:
-    maildomain: lists.warpzone.ms 
-    mxserver: mailserver.warpzone.ms
-    mxhostname: webserver
-    spf: v=spf1 mx ~all
-    dmarc: v=DMARC1; p=none;
+    maildomain: "lists.warpzone.ms" 
+    mxserver: "mailserver.warpzone.ms"
+    mxhostname: "webserver"
+    spf: "v=spf1 mx a:mailserver.warpzone.ms ip4:{{ hostvars['webserver'].ext_ip4 }} ip6:{{ hostvars['webserver'].ext_ip6 }} -all"
+    dkim:
+      - { selector: "dkim", value: "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoO7SXkUkM17Y1Vi/cvO48IJmlReGWSaYHY+wEldLHt80TiXP0AGZ8nG+DshXi1J2D5xjn8cJu4VqgDrLFnsRJyGYKmi7yVukANVg6gjYlET4y5+UU7Vk2W3xhN2U/8F0rcyynALzQa8i4Y/wEI0qkgHyE6+lITmglJvlj6tgp4YYK2TBH3Zo//PukOmU\" \"6gG/qu0+6p+CepvqzfGT2l1duov5a2+DJJzlJTULJ5D5Blsmg/0GeC81gZ4QDC3S8aaM5Pw3I3lQCSJT4Q4Ge6Ues4ccagNrdnZhtHNaVFGdL1mR1k+G784gpMZphPj5MylNEpA3V4bD7/Ygf4GuAvHdMwIDAQAB" }
 #  chaostreffmuensterde:
 #    maildomain: chaostreff-muenster.de 
-#    mxserver: mailserver.warpzone.ms
-#    mxhostname: webserver
-#    spf: v=spf1 mx ~all
+#    mxserver: "mailserver.warpzone.ms"
+#    mxhostname: "webserver"
+#    spf: "v=spf1 mx a:mailserver.warpzone.ms ip4:{{ hostvars['webserver'].ext_ip4 }} ip6:{{ hostvars['webserver'].ext_ip6 }} -all"
 #    dmarc: v=DMARC1; p=none;
 #    dkim:
 #      - { selector: "dkim", value: "v=DKIM1;k=rsa;t=s;s=email;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/OBnxYygjhKeZVyvhDAO1/O1XwyYEhQx3bW/rO/Wmp8ZzP/eQh3dljDEibj1KsfdUhfgTIU8CnTKLayb8B07MMzhBklpg8WUV2LrDmpndfhixizjaxzwBj/dhtiZE7e4BwhOPOmdBQ0cCIvNhMcQcCa1RgCpX/g5Ii0AtQ2zCPMTSOW5YWn+VY" }
 #  lists_chaostreffmuensterde:
-#    maildomain: lists.chaostreff-muenster.de 
-#    mxserver: mailserver.warpzone.ms
-#    mxhostname: webserver
-#    spf: v=spf1 mx ~all
+#    maildomain: "lists.chaostreff-muenster.de"
+#    mxserver: "mailserver.warpzone.ms"
+#    mxhostname: "webserver"
+#    spf: "v=spf1 mx a:mailserver.warpzone.ms ip4:{{ hostvars['webserver'].ext_ip4 }} ip6:{{ hostvars['webserver'].ext_ip6 }} -all"
 #    dmarc: v=DMARC1; p=none;


@@ -113,3 +113,10 @@ esphome_devices:
  - { id: "lounge",        name: "Lounge",        groups: "gLounge",        sensors: [ "Temp", "pressure", "humidity" ] }
  - { id: "status",        name: "Status/Strom",  groups: "gHauptraum",     sensors: [ "stromverbrauch", "warpzone_status" ] }
  - { id: "vortragsraum",  name: "Vortragsraum",  groups: "gVortragsraum",  sensors: [ "Temp", "pressure", "humidity" ] }
+
+# Global eQ3 Max configuration 
+eq3max:
+  cube_host: 192.168.0.15
+  devices_heizung:
+    - { name: "E-Werkstatt-Mitte", id: "MEQ1814738" }
+#    - { name: "HeizungKlo", id: "OEQ0663079" }
--- a/host_vars/carrot
+++ b/host_vars/carrot
@@ -6,9 +6,9 @@ motd_lines:
  - "Haupt-IP @ eth0: {{ansible_eth0.ipv4.address}}"

 debian_sources:
-  - "deb http://ftp2.de.debian.org/debian/ bullseye main contrib non-free"
-  - "deb http://ftp.debian.org/debian bullseye-updates main contrib non-free"
-  - "deb http://security.debian.org/ bullseye-security main contrib non-free"
+  - "deb http://ftp2.de.debian.org/debian/ bookworm main contrib non-free"
+  - "deb http://ftp.debian.org/debian bookworm-updates main contrib non-free"
+  - "deb http://security.debian.org/ bookworm-security main contrib non-free"

 debian_keys_id:

@@ -35,8 +35,8 @@ administratorenteam:
 # Monitoring aktivieren
 alert:
  load:
-    warn: 2
-    crit: 4
+    warn: 15
+    crit: 30
  disks:
    - { mountpoint: "/", warn: "5 GB", crit: "1 GB" }

--- a/host_vars/hex
+++ b/host_vars/hex
@@ -6,15 +6,15 @@ motd_lines:
  - "IPs: {{ansible_vmbr0.ipv4.address}}"

 debian_sources: 
-  - "deb http://deb.debian.org/debian/ bullseye main non-free contrib"
-  - "deb http://security.debian.org/debian-security bullseye-security main contrib non-free"
-  - "deb http://deb.debian.org/debian/ bullseye-updates main contrib non-free"
-  - "deb http://download.proxmox.com/debian/pve bullseye pve-no-subscription"
+  - "deb http://deb.debian.org/debian/ bookworm main non-free contrib"
+  - "deb http://security.debian.org/debian-security bookworm-security main contrib non-free"
+  - "deb http://deb.debian.org/debian/ bookworm-updates main contrib non-free"
+  - "deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription"

 debian_keys_id:

 debian_keys_url:
-  - "https://enterprise.proxmox.com/debian/proxmox-release-bullseye.gpg"
+  - "https://enterprise.proxmox.com/debian/proxmox-release-bookworm.gpg"


 # Art des Hosts: physical, vm, docker 

--- a/host_vars/hix
+++ b/host_vars/hix
@@ -6,10 +6,10 @@ motd_lines:
  - "Haupt-IP @ eth0: {{ansible_eth0.ipv4.address}}"

 debian_sources:
-  - "deb http://ftp2.de.debian.org/debian/ bullseye main contrib non-free"
-  - "deb http://ftp.debian.org/debian bullseye-updates main contrib non-free"
-  - "deb http://security.debian.org/ bullseye-security main contrib non-free"
-  - "deb https://download.docker.com/linux/debian bullseye stable"
+  - "deb http://ftp2.de.debian.org/debian/ bookworm main contrib non-free"
+  - "deb http://ftp.debian.org/debian bookworm-updates main contrib non-free"
+  - "deb http://security.debian.org/ bookworm-security main contrib non-free"
+  - "deb https://download.docker.com/linux/debian bookworm stable"

 debian_keys_id:


--- a/host_vars/ogg
+++ b/host_vars/ogg
@@ -6,10 +6,10 @@ motd_lines:
  - "Haupt-IP @ eth0: {{ansible_eth0.ipv4.address}}"

 debian_sources:
-  - "deb http://ftp2.de.debian.org/debian/ bullseye main contrib non-free"
-  - "deb http://ftp.debian.org/debian bullseye-updates main contrib non-free"
-  - "deb http://security.debian.org/ bullseye-security main contrib non-free"
-  - "deb https://download.docker.com/linux/debian bullseye stable"
+  - "deb http://ftp2.de.debian.org/debian/ bookworm main contrib non-free"
+  - "deb http://ftp.debian.org/debian bookworm-updates main contrib non-free"
+  - "deb http://security.debian.org/ bookworm-security main contrib non-free"
+  - "deb https://download.docker.com/linux/debian bookworm stable"

 debian_keys_id:

@@ -49,17 +49,14 @@ docker:
 # Monitoring aktivieren
 alert:
  load:
-    warn: 2
-    crit: 4
+    warn: 15
+    crit: 30
  containers:
    - { name: "dockerstats_app_1" }    
    - { name: "esphome_app_1" }    
    - { name: "esphome-dev_app_1" }    
    - { name: "fridgeserver_app_1" }    
    - { name: "grafana_app_1" }    
-    - { name: "graylog_graylog_1" }    
-    - { name: "graylog_mongodb_1" }    
-    - { name: "graylog_opensearch_1" }    
    - { name: "heimdall_app_1" }    
    - { name: "homeassistant_app_1" }    
    - { name: "homeassistant_influxdb_1" }    
@@ -83,21 +80,21 @@ borgbackup_repos:
  borgbase:

    # URL des Repos
-    repo: "juxt0t1v@juxt0t1v.repo.borgbase.com:repo"
+    repo: "apu4cibr@apu4cibr.repo.borgbase.com:repo"

    # Repo-spezifische Optionen zum Aufruf von Borgbackup
    # z.B. bei Sicherungen zu rsync.net ist --remote-path=borg1 erforderlich
    options: ""

    # Compression Options, z,b. "zlib,5, "zstd,5"
-    compression: "zlib,5"
+    compression: "zstd,5"

    # Prune Optionen
    prune: "--keep-within=2d --keep-daily=7 --keep-weekly=4 --keep-monthly=6"

    # Backup Schedule
    weekday: "*"
-    hour: "*/4"
+    hour: "6"
    minute: "40"

    #  Zusätzliche Verzeichnisse, die nur in diesem Backup gesichtert werden sollen
@@ -105,8 +102,8 @@ borgbackup_repos:

    # Monitoring
    alert: true
-    warning_age: 10
-    critical_age: 20
+    warning_age: 36
+    critical_age: 60
    warning_count: 10
    critical_count: 5


--- a/host_vars/tiffany
+++ b/host_vars/tiffany
@@ -6,15 +6,15 @@ motd_lines:
  - "Öffentliche IPs: {{ansible_enp35s0.ipv4.address}} / {{ansible_enp35s0.ipv6[0].address}}"

 debian_sources: 
-  - "deb http://ftp2.de.debian.org/debian/ bullseye main contrib non-free"
-  - "deb http://ftp.debian.org/debian bullseye-updates main contrib non-free"
-  - "deb http://security.debian.org/ bullseye-security main contrib non-free"
-  - "deb http://download.proxmox.com/debian/pve bullseye pve-no-subscription"
+  - "deb http://ftp2.de.debian.org/debian/ bookworm main contrib non-free"
+  - "deb http://ftp.debian.org/debian bookworm-updates main contrib non-free"
+  - "deb http://security.debian.org/ bookworm-security main contrib non-free"
+  - "deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription"

 debian_keys_id:

 debian_keys_url:
-  - "http://download.proxmox.com/debian/proxmox-release-bullseye.gpg"
+  - "http://download.proxmox.com/debian/proxmox-release-bookworm.gpg"


 # Art des Hosts: physical, vm, docker 

--- a/host_vars/verwaltung
+++ b/host_vars/verwaltung
@@ -6,10 +6,10 @@ motd_lines:
  - "Öffentliche IPs: {{ansible_ens18.ipv4.address}} / {{ansible_ens18.ipv6[0].address}}"

 debian_sources: 
-  - "deb http://ftp2.de.debian.org/debian/ bullseye main contrib non-free"
-  - "deb http://ftp.debian.org/debian bullseye-updates main contrib non-free"
-  - "deb http://security.debian.org/ bullseye-security main contrib non-free"
-  - "deb https://download.docker.com/linux/debian bullseye stable"
+  - "deb http://ftp2.de.debian.org/debian/ bookworm main contrib non-free"
+  - "deb http://ftp.debian.org/debian bookworm-updates main contrib non-free"
+  - "deb http://security.debian.org/ bookworm-security main contrib non-free"
+  - "deb https://download.docker.com/linux/debian bookworm stable"

 debian_keys_id:
  
@@ -63,8 +63,8 @@ docker:
 # Monitoring aktivieren 
 alert:  
  load: 
-    warn: 8
-    crit: 16
+    warn: 5
+    crit: 10
  containers:
    - { name: "dockerstats_app_1" }
    - { name: "gitea_app_1" }
No results found