From 092e6bc94e41d088bdf7e60979cba758aefe403e Mon Sep 17 00:00:00 2001 From: Lucas Rausch Date: Sat, 21 Mar 2026 14:34:30 +0100 Subject: [PATCH] created roles and playbooks for schreinerei och. --- .gitignore | 1 + ansible.cfg | 6 + common.yml | 8 ++ common_first.yml | 14 ++ docker_npm.yml | 10 ++ docker_unifi.yml | 10 ++ group_vars/all.yml | 24 ++++ host_vars/vm-docker01.schreinerei-och.de.yml | 18 +++ inventory/main.yml | 16 +++ roles/common/files/sshd_config | 122 ++++++++++++++++++ roles/common/files/sudoers | 54 ++++++++ roles/common/readme.md | 26 ++++ roles/common/tasks/main.yml | 65 ++++++++++ roles/common/templates/hostname.j2 | 1 + roles/docker/tasks/main.yml | 38 ++++++ roles/docker/templates/docker.sources.j2 | 5 + roles/docker_npm/readme.md | 35 +++++ roles/docker_npm/tasks/main.yml | 28 ++++ .../templates/docker-compose.yml.j2 | 56 ++++++++ .../readme.md | 21 +++ .../tasks/main.yml | 31 +++++ .../templates/docker-compose.yml.j2 | 63 +++++++++ .../templates/mongo-init.js.j2 | 2 + ssh-keys/lucas.rausch.pub | 1 + 24 files changed, 655 insertions(+) create mode 100644 .gitignore create mode 100644 ansible.cfg create mode 100644 common.yml create mode 100644 common_first.yml create mode 100644 docker_npm.yml create mode 100644 docker_unifi.yml create mode 100644 group_vars/all.yml create mode 100644 host_vars/vm-docker01.schreinerei-och.de.yml create mode 100644 inventory/main.yml create mode 100644 roles/common/files/sshd_config create mode 100644 roles/common/files/sudoers create mode 100644 roles/common/readme.md create mode 100644 roles/common/tasks/main.yml create mode 100644 roles/common/templates/hostname.j2 create mode 100644 roles/docker/tasks/main.yml create mode 100644 roles/docker/templates/docker.sources.j2 create mode 100644 roles/docker_npm/readme.md create mode 100644 roles/docker_npm/tasks/main.yml create mode 100644 roles/docker_npm/templates/docker-compose.yml.j2 create mode 100644 roles/docker_unifi_network_application/readme.md create mode 100644 roles/docker_unifi_network_application/tasks/main.yml create mode 100644 roles/docker_unifi_network_application/templates/docker-compose.yml.j2 create mode 100644 roles/docker_unifi_network_application/templates/mongo-init.js.j2 create mode 100644 ssh-keys/lucas.rausch.pub diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..30a3d9c --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.vault-pass \ No newline at end of file diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..515053e --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,6 @@ +[defaults] +inventory = inventory +vault_password_file = .vault-pass +python_interpreter = /usr/bin/python3 +host_key_checking = False +remote_port = 9922 \ No newline at end of file diff --git a/common.yml b/common.yml new file mode 100644 index 0000000..ed659c1 --- /dev/null +++ b/common.yml @@ -0,0 +1,8 @@ +--- + +- name: Run common rolls for all hosts in common + hosts: common + become: true + roles: + - role: common + tags: common diff --git a/common_first.yml b/common_first.yml new file mode 100644 index 0000000..f4dcc41 --- /dev/null +++ b/common_first.yml @@ -0,0 +1,14 @@ +--- + +- name: Run common rolls for all common hosts + hosts: common_first + become: true + roles: + - role: common + tags: common + vars: + ansible_user: "{{ host_vars_common_init_ssh_user }}" + ansible_ssh_pass: "{{ host_vars_common_init_ssh_pass }}" + ansible_become_password: "{{ host_vars_common_init_ssh_pass }}" + ansible_port: 9922 + ansible_become_method: su diff --git a/docker_npm.yml b/docker_npm.yml new file mode 100644 index 0000000..236d04b --- /dev/null +++ b/docker_npm.yml @@ -0,0 +1,10 @@ +--- + +- name: Run Playbook for docker nginx-proxy-manager + hosts: npm + become: true + roles: + - role: docker + tags: docker + - role: docker_npm + tags: docker_npm diff --git a/docker_unifi.yml b/docker_unifi.yml new file mode 100644 index 0000000..aa05f01 --- /dev/null +++ b/docker_unifi.yml @@ -0,0 +1,10 @@ +--- + +- name: Deploy unifi network application + hosts: unifi + become: true + roles: + - role: docker + tags: docker + - role: docker_unifi_network_application + tags: docker_unifi_network_application diff --git a/group_vars/all.yml b/group_vars/all.yml new file mode 100644 index 0000000..c46bbf9 --- /dev/null +++ b/group_vars/all.yml @@ -0,0 +1,24 @@ +--- + +# vars for common roles + +group_vars_ssh_users: + - lucas.rausch + +# docker vars +docker_paths: + - /opt/docker/mounts + - /opt/docker/config +# end docker + +# npm +group_vars_npm_db_host: npm-db +group_vars_npm_db_name: npm-db +group_vars_npm_app_host: npm-app +group_vars_npm_docker_paths: + - /opt/docker/config/npm +# end npm + +# unifi vars +unifi_docker_paths: + - /opt/docker/config/unifi diff --git a/host_vars/vm-docker01.schreinerei-och.de.yml b/host_vars/vm-docker01.schreinerei-och.de.yml new file mode 100644 index 0000000..8c08b77 --- /dev/null +++ b/host_vars/vm-docker01.schreinerei-och.de.yml @@ -0,0 +1,18 @@ +--- + +host_vars_common_init_ssh_pass: Schr3in3rm3ister! +host_vars_common_init_ssh_user: och +proxy_type: npm + +# npm +host_vars_npm_db_root_password: Schr3in3rm3ister! +host_vars_npm_db_user: och +host_vars_npm_db_user_password: Schr3in3rm3ister! +# end npm + +# unifi vars +unifi_mongo_host: unifi-db +unifi_mongo_user: och +unifi_mongo_user_pass: Schr3in3rm3ister! +unifi_mongo_db_name: unifi-db +# end unifi vars \ No newline at end of file diff --git a/inventory/main.yml b/inventory/main.yml new file mode 100644 index 0000000..19c785a --- /dev/null +++ b/inventory/main.yml @@ -0,0 +1,16 @@ +--- + +all: + hosts: + vm-docker01.schreinerei-och.de: + ansible_host: 10.12.80.105 + children: + common_first: + hosts: + vm-docker01.schreinerei-och.de: + npm: + hosts: + vm-docker01.schreinerei-och.de: + unifi: + hosts: + vm-docker01.schreinerei-och.de: \ No newline at end of file diff --git a/roles/common/files/sshd_config b/roles/common/files/sshd_config new file mode 100644 index 0000000..1b77de5 --- /dev/null +++ b/roles/common/files/sshd_config @@ -0,0 +1,122 @@ +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/bin:/usr/games + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +Include /etc/ssh/sshd_config.d/*.conf + +Port 9922 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key + +# Ciphers and keying +#RekeyLimit default none + +# Logging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +#PermitRootLogin prohibit-password +PermitRootLogin no +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +PubkeyAuthentication yes + +# Expect .ssh/authorized_keys2 to be disregarded by default in future. +#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 + +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +#PermitEmptyPasswords no + +# Change to yes to enable challenge-response passwords (beware issues with +# some PAM modules and threads) +KbdInteractiveAuthentication no + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes +#GSSAPIStrictAcceptorCheck yes +#GSSAPIKeyExchange no + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the KbdInteractiveAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via KbdInteractiveAuthentication may bypass +# the setting of "PermitRootLogin prohibit-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and KbdInteractiveAuthentication to 'no'. +UsePAM yes + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +X11Forwarding yes +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PermitTTY yes +PrintMotd no +#PrintLastLog yes +#TCPKeepAlive yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS no +#PidFile /run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#VersionAddendum none + +# no default banner path +#Banner none + +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + +# override default of no subsystems +Subsystem sftp /usr/lib/openssh/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server \ No newline at end of file diff --git a/roles/common/files/sudoers b/roles/common/files/sudoers new file mode 100644 index 0000000..a47f9d3 --- /dev/null +++ b/roles/common/files/sudoers @@ -0,0 +1,54 @@ +# +# This file MUST be edited with the 'visudo' command as root. +# +# Please consider adding local content in /etc/sudoers.d/ instead of +# directly modifying this file. +# +# See the man page for details on how to write a sudoers file. +# +Defaults env_reset +Defaults mail_badpass +Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin" +Defaults use_pty + +# This preserves proxy settings from user environments of root +# equivalent users (group sudo) +#Defaults:%sudo env_keep += "http_proxy https_proxy ftp_proxy all_proxy no_proxy" + +# This allows running arbitrary commands, but so does ALL, and it means +# different sudoers have their choice of editor respected. +#Defaults:%sudo env_keep += "EDITOR" + +# Completely harmless preservation of a user preference. +#Defaults:%sudo env_keep += "GREP_COLOR" + +# While you shouldn't normally run git as root, you need to with etckeeper +#Defaults:%sudo env_keep += "GIT_AUTHOR_* GIT_COMMITTER_*" + +# Per-user preferences; root won't have sensible values for them. +#Defaults:%sudo env_keep += "EMAIL DEBEMAIL DEBFULLNAME" + +# "sudo scp" or "sudo rsync" should be able to use your SSH agent. +#Defaults:%sudo env_keep += "SSH_AGENT_PID SSH_AUTH_SOCK" + +# Ditto for GPG agent +#Defaults:%sudo env_keep += "GPG_AGENT_INFO" + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL:ALL) ALL + +# Members of the admin group may gain root privileges +%admin ALL=(ALL) ALL + +# Allow members of group sudo to execute any command +%sudo ALL=(ALL:ALL) NOPASSWD: ALL + +# See sudoers(5) for more information on "@include" directives: + +@includedir /etc/sudoers.d \ No newline at end of file diff --git a/roles/common/readme.md b/roles/common/readme.md new file mode 100644 index 0000000..202441d --- /dev/null +++ b/roles/common/readme.md @@ -0,0 +1,26 @@ +# Readme + +## general information + +This role is created to give each host the exact same roleout of apps, services and users. + +## on the first run + +on the first run you have to execute the playbook "common_first.yml" This *HAS TO BE DONE* so that all users and ssh-keys are deployed so you can administrate the server effectively. + +### set the following for the first run +1. Create inventory group 'common_first' - also check that your hosts are reachable via network. If they are reachable via external, dont forget to set your ansible_port +2. Enter the hostname of your server/client +3. run the playbook +4. remove the server/client from the inventory group +5. reboot the server/client so the hostname is overwritten + +### (host)vars for first run +host_vars_init_ssh_user: +host_vars_init_ssh_pass: +ansible_port: +> every linux pc has an initial user that is created on setup. Be sure to set those variables correctly + +## variables for common role +### group vars +group_vars_ssh_users: \ No newline at end of file diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml new file mode 100644 index 0000000..ba95ead --- /dev/null +++ b/roles/common/tasks/main.yml @@ -0,0 +1,65 @@ +--- + +- name: Common | Install common packages + ansible.builtin.apt: + update_cache: true + name: + - molly-guard + - dnsutils + - sudo + - nano + - tree + - screen + - python3 + - curl + - gnupg + - ca-certificates + - cloud-utils + - rsync + - htop + - unzip + +- name: Common | Allow to sudo with ssh-key + ansible.builtin.copy: + src: sudoers + dest: /etc/sudoers + owner: root + group: root + mode: '0440' + +- name: Common | Change sshd port + ansible.builtin.copy: + src: sshd_config + dest: /etc/ssh/sshd_config + owner: root + group: root + mode: '0644' + +- name: Common | Change hostname + ansible.builtin.template: + src: hostname.j2 + dest: /etc/hostname + owner: root + group: root + mode: '0644' + +- name: Common | Restart sshd service + ansible.builtin.service: + name: sshd + state: restarted + +- name: Common | Deploy users + ansible.builtin.user: + name: "{{ item }}" + shell: /bin/bash + groups: sudo + append: true + create_home: true + with_items: "{{ group_vars_ssh_users }}" + +- name: Deploy SSHKeys for users + ansible.posix.authorized_key: + user: "{{ item }}" + state: present + key: "{{ lookup('file', 'ssh-keys/{{ item }}.pub') }}" + with_items: "{{ group_vars_ssh_users }}" diff --git a/roles/common/templates/hostname.j2 b/roles/common/templates/hostname.j2 new file mode 100644 index 0000000..e36aae6 --- /dev/null +++ b/roles/common/templates/hostname.j2 @@ -0,0 +1 @@ +"{{ inventory_hostname }}" \ No newline at end of file diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml new file mode 100644 index 0000000..63327bb --- /dev/null +++ b/roles/docker/tasks/main.yml @@ -0,0 +1,38 @@ +--- + +- name: Füge Docker GPG-Schlüssel hinzu + ansible.builtin.get_url: + url: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg" + dest: /etc/apt/keyrings/docker.asc + owner: root + group: root + mode: '0755' + +- name: Füge Docker-Repository hinzu + ansible.builtin.template: + src: docker.sources.j2 + dest: /etc/apt/sources.list.d/docker.sources + owner: root + group: root + mode: '0755' + +- name: Docker | Install common packages + ansible.builtin.apt: + update_cache: true + state: present + package: "{{ item }}" + loop: + - docker-ce + - docker-ce-cli + - containerd.io + - docker-buildx-plugin + - docker-compose-plugin + +- name: Docker | Deploy docker folders + ansible.builtin.file: + state: directory + path: "{{ item }}" + owner: root + group: root + mode: '0755' + with_items: "{{ docker_paths }}" diff --git a/roles/docker/templates/docker.sources.j2 b/roles/docker/templates/docker.sources.j2 new file mode 100644 index 0000000..82d38e9 --- /dev/null +++ b/roles/docker/templates/docker.sources.j2 @@ -0,0 +1,5 @@ +Types: deb +URIs: https://download.docker.com/linux/{{ ansible_distribution | lower }} +Suites: {{ ansible_distribution_release | lower }} +Components: stable +Signed-By: /etc/apt/keyrings/docker.asc \ No newline at end of file diff --git a/roles/docker_npm/readme.md b/roles/docker_npm/readme.md new file mode 100644 index 0000000..d0e918b --- /dev/null +++ b/roles/docker_npm/readme.md @@ -0,0 +1,35 @@ +# Readme + +## General + +this playbook is used to deploy docker and nginxproxymanager as docker containers on any hosts. + +## inventory + +setup a group in your inventory with the name: npm +also if this container is deployed, some other roles will be trying to use the variable 'proxy_type', be sure to set it in your host vars to 'npm' + +## vars + +### group vars + +```` +group_vars_npm_db_host: +group_vars_npm_db_name: +group_vars_npm_app_host: +group_vars_npm_docker_paths: + - /opt/docker/config/npm +```` + +### host vars +host_vars_npm_db_root_password: +host_vars_npm_db_user: +host_vars_npm_db_user_password: + +## first start + +login to your npm after the deployment + +url: http://ip/hostname:8082 +user: admin@example.com +pass: changeme \ No newline at end of file diff --git a/roles/docker_npm/tasks/main.yml b/roles/docker_npm/tasks/main.yml new file mode 100644 index 0000000..f8f60bd --- /dev/null +++ b/roles/docker_npm/tasks/main.yml @@ -0,0 +1,28 @@ +--- + +- name: NPM | create project folders + ansible.builtin.file: + state: directory + mode: '0755' + path: "{{ item }}" + owner: root + group: root + with_items: "{{ group_vars_npm_docker_paths }}" + +- name: NPM | create docker network "proxy" + community.docker.docker_network: + name: proxy + state: present + +- name: NPM | copy docker-compose file + ansible.builtin.template: + src: docker-compose.yml.j2 + dest: /opt/docker/config/npm/docker-compose.yml + owner: root + group: root + mode: '0644' + +- name: NPM | start docker container + community.docker.docker_compose_v2: + project_src: /opt/docker/config/npm + state: present diff --git a/roles/docker_npm/templates/docker-compose.yml.j2 b/roles/docker_npm/templates/docker-compose.yml.j2 new file mode 100644 index 0000000..a54d0be --- /dev/null +++ b/roles/docker_npm/templates/docker-compose.yml.j2 @@ -0,0 +1,56 @@ +--- + +services: + {{ group_vars_npm_db_host }}: + image: 'jc21/mariadb-aria:latest' + restart: unless-stopped + networks: + - npm + container_name: {{ group_vars_npm_db_host }} + environment: + MYSQL_ROOT_PASSWORD: {{ host_vars_npm_db_root_password }} + MYSQL_DATABASE: {{ group_vars_npm_db_name }} + MYSQL_USER: {{ host_vars_npm_db_user}} + MYSQL_PASSWORD: {{ host_vars_npm_db_user_password }} + MARIADB_AUTO_UPGRADE: '1' + volumes: + - mysql:/var/lib/mysql + + {{ group_vars_npm_app_host }}: + image: 'jc21/nginx-proxy-manager:latest' + restart: unless-stopped + container_name: {{ group_vars_npm_app_host }} + networks: + - npm + - proxy + ports: + - '80:80' # Public HTTP Port + - '443:443' # Public HTTPS Port + - '8082:81' # Admin Web Port + environment: + DB_MYSQL_HOST: {{ group_vars_npm_db_host }} + DB_MYSQL_PORT: 3306 + DB_MYSQL_USER: {{ host_vars_npm_db_user }} + DB_MYSQL_PASSWORD: {{ host_vars_npm_db_user_password }} + DB_MYSQL_NAME: nginx + DISABLE_IPV6: 'true' + volumes: + - data:/data + - letsencrypt:/etc/letsencrypt + - custom:/etc/nginx/custom + depends_on: + - {{ group_vars_npm_db_host }} +networks: + proxy: + external: true + npm: + +volumes: + data: + driver: local + letsencrypt: + driver: local + custom: + driver: local + mysql: + driver: local \ No newline at end of file diff --git a/roles/docker_unifi_network_application/readme.md b/roles/docker_unifi_network_application/readme.md new file mode 100644 index 0000000..400b4f9 --- /dev/null +++ b/roles/docker_unifi_network_application/readme.md @@ -0,0 +1,21 @@ +# Readme + +## General + +This playbook will deploy the unifi network application as docker container on the hosts which are speicified in your inventory under the name ````unifi ```` + +it also changes the way that the unifi network application will be reachable after the deployment. if you set the variable proxy_type in your vars, the default port 8443 will be changed to 18443 + +## vars + +### group vars + +unifi_docker_paths: + - /opt/docker/config/unifi + +### host vars + +unifi_mongo_host: +unifi_mongo_user: +unifi_mongo_user_pass: +unifi_mongo_db_name: diff --git a/roles/docker_unifi_network_application/tasks/main.yml b/roles/docker_unifi_network_application/tasks/main.yml new file mode 100644 index 0000000..cfb0273 --- /dev/null +++ b/roles/docker_unifi_network_application/tasks/main.yml @@ -0,0 +1,31 @@ +--- + +- name: Unifi | create project paths + ansible.builtin.file: + state: directory + path: "{{ item }}" + owner: root + group: root + mode: '0755' + with_items: "{{ unifi_docker_paths }}" + +- name: Unifi | copy mongo-init.js + ansible.builtin.template: + src: mongo-init.js.j2 + dest: /opt/docker/config/unifi/mongo-init.js + mode: '0644' + +- name: Unifi | copy unifi docker-compose.yml + ansible.builtin.template: + src: docker-compose.yml.j2 + dest: /opt/docker/config/unifi/docker-compose.yml + mode: '0644' + +- name: Unifi | create docker proxy network if not available + community.docker.docker_network: + name: proxy + +- name: Unifi | start docker container + community.docker.docker_compose_v2: + project_src: /opt/docker/config/unifi/ + state: present diff --git a/roles/docker_unifi_network_application/templates/docker-compose.yml.j2 b/roles/docker_unifi_network_application/templates/docker-compose.yml.j2 new file mode 100644 index 0000000..9222228 --- /dev/null +++ b/roles/docker_unifi_network_application/templates/docker-compose.yml.j2 @@ -0,0 +1,63 @@ +--- + +services: + unifi-db: + image: mongo:8.0-rc + container_name: {{ unifi_mongo_host }} + networks: + - unifi-network + volumes: + - db:/data/db + - ./mongo-init.js:/docker-entrypoint-initdb.d/mongo-init.js:ro + restart: unless-stopped + + unifi-network-application: + image: lscr.io/linuxserver/unifi-network-application:latest + container_name: unifi-network-application + networks: + - unifi-network +{% if proxy_type is defined %} + - proxy +{% endif %} + environment: + - PUID=1000 + - PGID=1000 + - TZ=Etc/UTC + - MONGO_USER={{ unifi_mongo_user }} + - MONGO_PASS={{ unifi_mongo_user_pass }} + - MONGO_HOST={{ unifi_mongo_host }} + - MONGO_PORT=27017 + - MONGO_DBNAME={{ unifi_mongo_db_name }} + volumes: + - config:/config +{% if proxy_type is defined %} + expose: + - 8443 +{% endif %} + ports: +{% if proxy_type %} + - 18443:8443 +{% else %} + - 8443:8443 +{% endif %} + - 3478:3478/udp + - 10001:10001/udp + - 8080:8080 + - 1900:1900/udp #optional + - 8843:8843 #optional + - 8880:8880 #optional + - 6789:6789 #optional + - 5514:5514/udp #optional + restart: unless-stopped +networks: + unifi-network: +{% if proxy_type is defined %} + proxy: + external: true +{% endif %} + +volumes: + config: + driver: local + db: + driver: local \ No newline at end of file diff --git a/roles/docker_unifi_network_application/templates/mongo-init.js.j2 b/roles/docker_unifi_network_application/templates/mongo-init.js.j2 new file mode 100644 index 0000000..349988e --- /dev/null +++ b/roles/docker_unifi_network_application/templates/mongo-init.js.j2 @@ -0,0 +1,2 @@ +db.getSiblingDB("{{ unifi_mongo_db_name }}").createUser({user: '{{ unifi_mongo_user }}', pwd: '{{ unifi_mongo_user_pass }}', roles: [{role: "dbOwner", db: "{{ unifi_mongo_db_name }}"}]}); +db.getSiblingDB("{{ unifi_mongo_db_name }}_stat").createUser({user: '{{ unifi_mongo_user }}', pwd: '{{ unifi_mongo_user_pass }}', roles: [{role: "dbOwner", db: "{{ unifi_mongo_db_name }}_stat"}]}); \ No newline at end of file diff --git a/ssh-keys/lucas.rausch.pub b/ssh-keys/lucas.rausch.pub new file mode 100644 index 0000000..e7b7503 --- /dev/null +++ b/ssh-keys/lucas.rausch.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBKyajijGYPokp4DQwIKCO5Vj05SRzD7PznigrTKUHK9 lucas@rausch.tech \ No newline at end of file