Christian Lempa 2 лет назад
Родитель
Сommit
d96ec0f78a
41 измененных файлов с 507 добавлено и 348 удалено
  1. 33 0
      .github/issue_template.md
  2. 5 5
      .github/pull_request_template.md
  3. 2 2
      CONTRIBUTING.md
  4. 23 17
      ansible/configuration/fail2ban/config-f2b-protect-sshd.yaml
  5. 17 15
      ansible/configuration/ssh/config-add-sshkey.yaml
  6. 18 16
      ansible/deployment/portainer/deploy-portainer.yaml
  7. 16 15
      ansible/deployment/traefik/deploy-traefik.yaml
  8. 11 9
      ansible/installation/inst-core.yaml
  9. 19 15
      ansible/installation/inst-docker-ubuntu.yaml
  10. 0 1
      ansible/installation/inst-k8s/inst-k8s.yaml
  11. 13 8
      ansible/installation/inst-microk8s.yaml
  12. 3 2
      ansible/installation/inst-qemu-agent.yaml
  13. 17 15
      ansible/installation/inst-vm-core.yaml
  14. 10 8
      ansible/installation/inst-wireguard.yaml
  15. 6 5
      ansible/installation/inst-zsh.yaml
  16. 13 8
      ansible/maintenance/maint-diskspace.yaml
  17. 4 3
      ansible/maintenance/maint-docker-clean.yaml
  18. 9 6
      ansible/maintenance/maint-reboot-required.yaml
  19. 7 6
      ansible/maintenance/maint-reboot.yaml
  20. 74 12
      ansible/notification/notify-discord.yaml
  21. 1 1
      ansible/update/upd-apt-dist.yaml
  22. 9 8
      ansible/update/upd-apt.yaml
  23. 17 17
      docker-compose/cadvisor/docker-compose.yaml
  24. 1 1
      docker-compose/duplicati/docker-compose.yaml
  25. 1 1
      docker-compose/grafana/docker-compose.yaml
  26. 1 1
      docker-compose/heimdall/docker-compose.yaml
  27. 2 1
      docker-compose/homeassistant/docker-compose.yaml
  28. 4 2
      docker-compose/nextcloud/docker-compose.yaml
  29. 1 1
      docker-compose/nginxproxymanager/docker-compose.yaml
  30. 9 9
      docker-compose/nodeexporter/docker-compose.yaml
  31. 8 1
      docker-compose/pihole/docker-compose.yaml
  32. 27 27
      docker-compose/prometheus/config/prometheus.yml
  33. 1 1
      docker-compose/prometheus/docker-compose.yaml
  34. 1 1
      docker-compose/uptimekuma/docker-compose.yaml
  35. 20 20
      vagrant/hyperv/ubuntu/docker/Vagrantfile
  36. 26 17
      vagrant/hyperv/ubuntu/docker/playbook.yaml
  37. 20 20
      vagrant/hyperv/ubuntu/microk8s-installed/Vagrantfile
  38. 13 8
      vagrant/hyperv/ubuntu/microk8s-installed/playbook.yaml
  39. 22 22
      vagrant/hyperv/ubuntu/plain-with-cockpit/Vagrantfile
  40. 8 6
      vagrant/hyperv/ubuntu/plain-with-cockpit/playbook.yaml
  41. 15 15
      vagrant/hyperv/ubuntu/plain/Vagrantfile

+ 33 - 0
.github/issue_template.md

@@ -0,0 +1,33 @@
+### Issue Reporting
+
+*Please write all text in English in order to facilitate communication and collaboration. Thank you!*
+
+#### Description
+
+[Provide a clear and concise description of the issue]
+
+#### Steps to Reproduce
+
+1. [First step]
+2. [Second step]
+3. [Any subsequent steps]
+
+#### Expected Behavior
+
+[Describe what you expected to happen]
+
+#### Actual Behavior
+
+[Describe what actually happened]
+
+#### Screenshots
+
+[If applicable, add screenshots to help explain the issue]
+
+#### Additional Information
+
+[Any additional information or context that can be helpful in resolving the issue]
+
+#### Environment
+
+[Include as many relevant details about the environment you experienced the bug in.]

+ 5 - 5
.github/pull_request_template.md

@@ -1,12 +1,12 @@
-Checklist:
+### Pull Request
 
-<!-- Please follow this checklist and put an x in each of the boxes, like this: [x]. It will help the moderators review your PR. -->
+*Please write all text in English in order to facilitate communication and collaboration, and follow this checklist. It will help the contributors to review your PR. Thank you!*
 
 - [ ] My pull request has a descriptive title. (unlike `Update index.md`). Check [this](https://www.conventionalcommits.org/en/v1.0.0/) guide regarding titles.
-- [ ] If applicable, I have tested these changes.
+- [ ] If applicable, I have tested these changes locally.
 
-<!--If your pull request closes a GitHub issue, replace the XXXXX below with the issue number.-->
+*If your pull request closes a GitHub issue, replace the XXXXX below with the issue number.*
 
 Closes #XXXXX
 
-<!-- You can add additional description of changes below this line -->
+---

+ 2 - 2
CONTRIBUTING.md

@@ -4,11 +4,11 @@
 
 - Although I do my best to keep up with the latest changes and releases, but if you find something that needs to update, please contribute.
 
-- If you’d like to contribute to this project, reach out to me on social media or [Discord](https://discord.gg/bz2SN7d), or create a pull request for the necessary changes.
+- If you’d like to contribute to this project, reach out to me on social media or [Discord](https://christianlempa.de/discord), or create a pull request for the necessary changes.
 
 ## Project overview
 
-To get an overview of the project, read the [README](https://github.com/xcad2k/boilerplates#readme).
+To get an overview of the project, read the [README](https://github.com/ChristianLempa/boilerplates#readme).
 
 ## Issues
 

+ 23 - 17
ansible/configuration/fail2ban/config-f2b-protect-sshd.yaml

@@ -1,19 +1,25 @@
 ---
-- name: install fail2ban and configure sshd
-  hosts: "{{ hosts }}"
-  become: yes
+- name: Install fail2ban and configure sshd
+  hosts: "{{ my_hosts | d([]) }}"
+  become: true
+
   tasks:
-  - name: install fail2ban
-    apt:
-      name:
-        - fail2ban
-      update_cache: yes
-  - name: copy fail2ban configfiles
-    copy:
-      src: configfiles/debian-sshd-default.conf
-      dest: /etc/fail2ban/jail.d/debian-sshd-default.conf
-  - name: restart fail2ban
-    systemd:
-      state: restarted
-      daemon_reload: yes
-      name: fail2ban
+    - name: Install fail2ban
+      ansible.builtin.apt:
+        name:
+          - fail2ban
+        update_cache: true
+
+    - name: Copy fail2ban config file
+      ansible.builtin.copy:
+        src: configfiles/debian-sshd-default.conf
+        dest: /etc/fail2ban/jail.d/debian-sshd-default.conf
+        mode: '0644'
+        owner: root
+        group: root
+
+    - name: Restart fail2ban
+      ansible.builtin.systemd_service:
+        state: restarted
+        daemon_reload: true
+        name: fail2ban

+ 17 - 15
ansible/configuration/ssh/config-add-sshkey.yaml

@@ -1,17 +1,19 @@
 ---
-- name: add ssh key
-  hosts: "{{ hosts }}"
-  become: yes
+- name: Add ssh key
+  hosts: "{{ my_hosts | d([]) }}"
+  become: true
+
   tasks:
-  - name: install public keys
-    ansible.posix.authorized_key:
-      user: "{{ lookup('env','USER') }}"
-      state: present
-      key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
-  - name: change sudoers file
-    lineinfile:
-      path: /etc/sudoers
-      state: present
-      regexp: '^%sudo'
-      line: '%sudo ALL=(ALL) NOPASSWD: ALL'
-      validate: /usr/sbin/visudo -cf %s
+    - name: Install public keys
+      ansible.posix.authorized_key:
+        user: "{{ lookup('env', 'USER') }}"
+        state: present
+        key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
+
+    - name: Change sudoers file
+      ansible.builtin.lineinfile:
+        path: /etc/sudoers
+        state: present
+        regexp: '^%sudo'
+        line: '%sudo ALL=(ALL) NOPASSWD: ALL'
+        validate: /usr/sbin/visudo -cf %s

+ 18 - 16
ansible/deployment/portainer/deploy-portainer.yaml

@@ -1,19 +1,21 @@
 ---
-- name: deploy portainer-ce latest
-  hosts: "{{ hosts }}"
-  become: yes
+- name: Deploy portainer-ce latest
+  hosts: "{{ my_hosts | d([]) }}"
+  become: true
   become_user: "{{ lookup('env','USER') }}"
+
   tasks:
-  - name: create new volume
-    community.docker.docker_volume:
-      name: portainer-data
-  - name: deploy portainer
-    community.docker.docker_container:
-      name: portainer
-      image: "docker.io/portainer/portainer-ce"
-      ports:
-        - "9443:9443"
-      volumes:
-        - /var/run/docker.sock:/var/run/docker.sock
-        - portainer-data:/data
-      restart_policy: unless-stopped
+    - name: Create new volume
+      community.docker.docker_volume:
+        name: portainer-data
+
+    - name: Deploy portainer
+      community.docker.docker_container:
+        name: portainer
+        image: "docker.io/portainer/portainer-ce"
+        ports:
+          - "9443:9443"
+        volumes:
+          - /var/run/docker.sock:/var/run/docker.sock
+          - portainer-data:/data
+        restart_policy: unless-stopped

+ 16 - 15
ansible/deployment/traefik/deploy-traefik.yaml

@@ -1,17 +1,18 @@
 ---
-- name: deploy traefik v2.5
-  hosts: "{{ hosts }}"
-  become: yes
+- name: Deploy traefik v2.5
+  hosts: "{{ my_hosts | d([]) }}"
+
   tasks:
-  - name: deploy traefik
-    become_user: "{{ lookup('env','USER') }}"
-    community.docker.docker_container:
-      name: traefik
-      image: "traefik:v2.5"
-      ports:
-        - "80:80"
-        - "443:443"
-      volumes:
-        - /var/run/docker.sock:/var/run/docker.sock
-        - /etc/traefik:/etc/traefik
-      restart_policy: unless-stopped
+    - name: Deploy traefik
+      community.docker.docker_container:
+        name: traefik
+        image: "traefik:v2.5"
+        ports:
+          - "80:80"
+          - "443:443"
+        volumes:
+          - /var/run/docker.sock:/var/run/docker.sock
+          - /etc/traefik:/etc/traefik
+        restart_policy: unless-stopped
+      become: true
+      become_user: "{{ lookup('env', 'USER') }}"

+ 11 - 9
ansible/installation/inst-core.yaml

@@ -1,10 +1,12 @@
-- name: install core packages
-  hosts: "{{ hosts }}"
-  become: yes
+---
+- name: Install core packages
+  hosts: "{{ my_hosts | d([]) }}"
+  become: true
+
   tasks:
-  - name: install core packages
-    apt:
-      name:
-        - prometheus-node-exporter
-        - nfs-common
-      update_cache: yes
+    - name: Install core packages
+      ansible.builtin.apt:
+        name:
+          - prometheus-node-exporter
+          - nfs-common
+        update_cache: true

+ 19 - 15
ansible/installation/inst-docker-ubuntu.yaml

@@ -1,29 +1,33 @@
 ---
-- name: install docker
-  hosts: "{{ hosts }}"
-  become: yes
+- name: Install docker
+  hosts: "{{ my_hosts | d([]) }}"
+  become: true
+
   tasks:
-    - name: install docker dependencies
-      apt:
+    - name: Install docker dependencies
+      ansible.builtin.apt:
         name:
           - apt-transport-https
           - ca-certificates
           - curl
           - gnupg-agent
           - software-properties-common
-        update_cache: yes
-    - name: add docker gpg key
-      apt_key:
+        update_cache: true
+
+    - name: Add docker gpg key
+      ansible.builtin.apt_key:
         url: https://download.docker.com/linux/ubuntu/gpg
         state: present
         keyring: /etc/apt/keyrings/docker.gpg
-    - name: add docker repository
-      apt_repository:
-        filename: docker 
-        repo: deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu {{ ansible_lsb.codename|lower }} stable
+
+    - name: Add docker repository
+      ansible.builtin.apt_repository:
+        filename: docker
+        repo: deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu {{ ansible_lsb.codename | lower }} stable
         state: present
-    - name: install docker engine
-      apt:
+
+    - name: Install docker engine
+      ansible.builtin.apt:
         name:
           - docker-ce
           - docker-ce-cli
@@ -31,4 +35,4 @@
           - docker-buildx-plugin
           - docker-scan-plugin
           - docker-compose-plugin
-        update_cache: yes
+        update_cache: true

+ 0 - 1
ansible/installation/inst-k8s/inst-k8s.yaml

@@ -1,5 +1,4 @@
 ---
-
 - name: Setup Prerequisites To Install Kubernetes
   hosts: instance
   become: true

+ 13 - 8
ansible/installation/inst-microk8s.yaml

@@ -1,11 +1,16 @@
 ---
-- name: install microk8s
-  hosts: "{{ hosts }}"
-  become: yes
+- name: Install microk8s
+  hosts: "{{ my_hosts | d([]) }}"
+  become: true
+
   tasks:
-    - name: install microk8s
-      snap:
-        classic: yes
+    - name: Install microk8s
+      community.general.snap:
+        classic: true
         name: microk8s
-    - name: add userpermissions
-      shell: "usermod -aG microk8s {{ lookup('env','USER') }}"
+
+    - name: Add user to group microk8s
+      ansible.builtin.user:
+        name: "{{ lookup('env', 'USER') }}"
+        groups: microk8s
+        append: true

+ 3 - 2
ansible/installation/inst-qemu-agent.yaml

@@ -2,9 +2,10 @@
 - name: Install qemu-guest-agent package
   hosts: all
   become: true
-  become_method: sudo
+  become_method: ansible.builtin.sudo
+
   tasks:
     - name: Install qemu-guest-agent
-      apt:
+      ansible.builtin.apt:
         name: qemu-guest-agent
         state: present

+ 17 - 15
ansible/installation/inst-vm-core.yaml

@@ -1,17 +1,19 @@
 ---
-- name: install core packages for virtual machines
-  hosts: "{{ hosts }}"
-  become: yes
+- name: Install core packages for virtual machines
+  hosts: "{{ my_hosts | d([]) }}"
+  become: true
+
   tasks:
-  - name: install packages
-    apt:
-      name:
-        - prometheus-node-exporter
-        - nfs-common
-        - qemu-guest-agent
-      update_cache: yes
-  - name: start guest qemu-guest-agent
-    service:
-      name: qemu-guest-agent
-      state: started
-      enabled: yes
+    - name: Install packages
+      ansible.builtin.apt:
+        name:
+          - prometheus-node-exporter
+          - nfs-common
+          - qemu-guest-agent
+        update_cache: true
+
+    - name: Start guest qemu-guest-agent
+      ansible.builtin.service:
+        name: qemu-guest-agent
+        state: started
+        enabled: true

+ 10 - 8
ansible/installation/inst-wireguard.yaml

@@ -1,14 +1,16 @@
 ---
-- name: install wireguard
-  hosts: "{{ hosts }}"
-  become: yes
+- name: Install wireguard
+  hosts: "{{ my_hosts | d([]) }}"
+  become: true
+
   tasks:
-    - name: install wireguard
-      apt:
+    - name: Install wireguard
+      ansible.builtin.apt:
         name: wireguard
-        update_cache: yes
-    - name: generate private and public keypair
-      shell: |
+        update_cache: true
+
+    - name: Generate private and public keypair
+      ansible.builtin.shell: |
         wg genkey | tee privatekey | wg pubkey > publickey
         chmod 0400 privatekey
         chmod 0400 publickey

+ 6 - 5
ansible/installation/inst-zsh.yaml

@@ -1,10 +1,11 @@
 ---
-- name: install zsh
-  hosts: "{{ hosts }}"
-  become: yes
+- name: Install zsh
+  hosts: "{{ my_hosts | d([]) }}"
+  become: true
+
   tasks:
-    - name: install zsh
-      apt:
+    - name: Install zsh
+      ansible.builtin.apt:
         name: zsh
         state: present
         update_cache: true

+ 13 - 8
ansible/maintenance/maint-diskspace.yaml

@@ -1,14 +1,19 @@
 ---
-- name: check disk space
-  hosts: "{{ hosts }}"
+- name: Check disk space
+  hosts: "{{ my_hosts | d([]) }}"
+
   tasks:
-    - name: get disk usage
-      command: df -h
+    - name: Check disk space available
+      ansible.builtin.shell:
+        cmd: |
+          set -euo pipefail
+          df -Ph / | awk 'NR==2 {print $5}'
+        executable: /bin/bash
+      changed_when: false
+      check_mode: false
       register: disk_usage
-    - name: check disk space available
-      shell: df -Ph / | awk 'NR==2 {print $5}'
-      register: disk_usage
-    # - name: send discord message when disk space is over 80%
+
+    # - name: Send discord message when disk space is over 80%
     #   uri:
     #     url: "your-webhook"
     #     method: POST

+ 4 - 3
ansible/maintenance/maint-docker-clean.yaml

@@ -1,8 +1,9 @@
 ---
-- name: clean docker
-  hosts: "{{ hosts }}"
+- name: Clean docker
+  hosts: "{{ my_hosts | d([]) }}"
+
   tasks:
-    - name: prune non-dangling images
+    - name: Prune non-dangling images
       community.docker.docker_prune:
         containers: false
         images: true

+ 9 - 6
ansible/maintenance/maint-reboot-required.yaml

@@ -1,13 +1,16 @@
 ---
-- name: check if system reboot is required
-  hosts: "{{ hosts }}"
-  become: yes
+- name: Check if system reboot is required
+  hosts: "{{ my_hosts | d([]) }}"
+  become: true
+
   tasks:
-    - name: check if system reboot is required
+    - name: Check if system reboot is required
       become: true
-      stat:
+      ansible.builtin.stat:
         path: /var/run/reboot-required
       register: reboot_required
-    - debug:
+
+    - name: Report if reboot is required
+      ansible.builtin.debug:
         msg: "Reboot is required"
       when: reboot_required.stat.exists

+ 7 - 6
ansible/maintenance/maint-reboot.yaml

@@ -1,8 +1,9 @@
 ---
-- name: reboot machine
-  hosts: "{{ hosts }}"
-  become: yes
+- name: Reboot machine
+  hosts: "{{ my_hosts | d([]) }}"
+  become: true
+
   tasks:
-  - name: reboot machine
-    reboot:
-      reboot_timeout: 3600
+    - name: Reboot machine
+      ansible.builtin.reboot:
+        reboot_timeout: 3600

+ 74 - 12
ansible/notification/notify-discord.yaml

@@ -1,14 +1,76 @@
 ---
-- name: notify discord
-  hosts: "{{ hosts }}"
+# This Ansible playbook demonstrates how to send Discord notifications
+# using the `community.general.discord` module.
+# https://docs.ansible.com/ansible/latest/collections/community/general/discord_module.html
+#
+# If you need guidance how to create your own Discord server, see
+# https://support.discord.com/hc/en-us/articles/204849977-How-do-I-create-a-server
+#
+# In order to generate a webhook, please see
+# https://support.discord.com/hc/en-us/articles/360045093012-Server-Integrations-Page
+
+- name: Notify discord
+
+  hosts: "{{ my_hosts | d([]) }}"
+
+  vars:
+    # The name that will be shown as sender of the notification. Note
+    # that some usernames are blocked by Discord, for example it must
+    # not contain the word `discord`.
+    notify_discord_username: Ansible
+
+    # Your Discord webhook URL should have following format. Please
+    # extract following segments of the URL path and set it as value of
+    # the following variables:
+    #
+    # https://discord.com/api/webhooks/nnnnnnnnnn/xxxxxxxxxxxxxxxxxxxxxxxxxxx
+    #                                  |        | |                         |
+    #   notify_discord_webhook_id <----'--------' |                         |
+    #                                             |                         |
+    #   notify_discord_webhook_token <------------'-------------------------'
+    #
+    # Security advise: if you commit this data to a repository it is
+    # strongly recommended to encrypt `notify_discord_webhook_token` using
+    # Ansible Vault.
+    notify_discord_webhook_id: ''
+    notify_discord_webhook_token: ''
+
+    # Do not modify following regular expressions unless you know what
+    # you're doing. Those are to ensure that whatever you've set as
+    # `notify_discord_webhook_id` and `notify_discord_webhook_token`
+    # complies with the Discord API Specification (as of 2024-02-25).
+    #
+    # https://github.com/discord/discord-api-spec/blob/fe9917381e47285b56d98cb72ae3cfe7db9ea19c/specs/openapi.json#L7524-L7531
+    # https://github.com/discord/discord-api-spec/blob/fe9917381e47285b56d98cb72ae3cfe7db9ea19c/specs/openapi.json#L24817-L24821
+    notify_discord_webhook_id_regex: '^0|[1-9][0-9]*$'
+    # https://github.com/discord/discord-api-spec/blob/fe9917381e47285b56d98cb72ae3cfe7db9ea19c/specs/openapi.json#L7532-L7541
+    notify_discord_webhook_token_regex: '^[a-zA-Z0-9_-]+$'
+
+    # The content of the notification
+    notify_discord_webhook_content: |-
+      **Message from `{{ inventory_hostname }}` by *Ansible* ** :tada:
+      Just a test, adjust it to your liking.
+
+      You can use any Markdown formatting here [supported by Discord](
+      https://support.discord.com/hc/en-us/articles/210298617-Markdown-Text-101-Chat-Formatting-Bold-Italic-Underline).
+
+    # Delegate the sending of the Dicord notification to following host
+    # which must be able to access the public internet on destination
+    # port 443/tcp. When `localhost` is specified, this is sent from
+    # the Ansible Controller, but you can pick any host listed in the
+    # Ansible inventory.
+    notify_discord_send_from_host: localhost
+
   tasks:
-    - name: send discord message
-      uri:
-        url: "your-webhook"
-        method: POST
-        body_format: json
-        body: '{"content": "your-message"}'
-        headers:
-          Content-Type: application/json
-        status_code: 204
-      # when: your-condition
+    - name: Send Discord message
+      community.general.discord:
+        username: "{{ notify_discord_username }}"
+        webhook_id: "{{ notify_discord_webhook_id }}"
+        webhook_token: "{{ notify_discord_webhook_token }}"
+        content: "{{ notify_discord_webhook_content }}"
+      delegate_to: "{{ notify_discord_send_from_host }}"
+      when:
+        - notify_discord_webhook_id is match(notify_discord_webhook_id_regex)
+        - notify_discord_webhook_token is match(notify_discord_webhook_token_regex)
+        - notify_discord_webhook_content | length > 0
+        - notify_discord_send_from_host is in (['localhost'] + groups['all'])

+ 1 - 1
ansible/update/upd-apt-dist.yaml

@@ -1 +1 @@
-
+---

+ 9 - 8
ansible/update/upd-apt.yaml

@@ -1,26 +1,27 @@
 ---
 - name: Update and upgrade apt packages
-  hosts: all 
+  hosts: all
+
   tasks:
     - name: Update packages with apt
       when: ansible_pkg_mgr == 'apt'
-      apt:
-        update_cache: yes
+      ansible.builtin.apt:
+        update_cache: true
 
     - name: Update packages with yum
       when: ansible_pkg_mgr == 'yum'
-      yum:
+      ansible.builtin.yum:
         name: '*'
-        state: latest
+        state: latest # noqa: package-latest
 
     - name: Upgrade packages with apt
       when: ansible_pkg_mgr == 'apt'
-      apt:
+      ansible.builtin.apt:
         upgrade: dist
 
     - name: Upgrade packages with yum
       when: ansible_pkg_mgr == 'yum'
-      yum:
+      ansible.builtin.yum:
         name: '*'
-        state: latest
+        state: latest # noqa: package-latest
         exclude: kernel*

+ 17 - 17
docker-compose/cadvisor/docker-compose.yaml

@@ -1,17 +1,17 @@
----
-services:
-  cadvisor:
-    image: gcr.io/cadvisor/cadvisor:v0.47.0     
-    container_name: cadvisor
-    ports:
-      - 8080:8080
-    volumes:
-      - /:/rootfs:ro
-      - /var/run:/var/run:ro
-      - /sys:/sys:ro
-      - /var/lib/docker/:/var/lib/docker:ro
-      - /dev/disk/:/dev/disk:ro
-    devices:
-      - /dev/kmsg
-    privileged: true
-    restart: unless-stopped
+---
+services:
+  cadvisor:
+    image: gcr.io/cadvisor/cadvisor:v0.47.0
+    container_name: cadvisor
+    ports:
+      - 8080:8080
+    volumes:
+      - /:/rootfs:ro
+      - /var/run:/var/run:ro
+      - /sys:/sys:ro
+      - /var/lib/docker/:/var/lib/docker:ro
+      - /dev/disk/:/dev/disk:ro
+    devices:
+      - /dev/kmsg
+    privileged: true
+    restart: unless-stopped

+ 1 - 1
docker-compose/duplicati/docker-compose.yaml

@@ -1,7 +1,7 @@
 ---
 services:
   duplicati:
-    image: ghcr.io/linuxserver/duplicati
+    image: lscr.io/linuxserver/duplicati:2.0.7
     container_name: duplicati
     environment:
       - PUID=1000

+ 1 - 1
docker-compose/grafana/docker-compose.yaml

@@ -4,7 +4,7 @@ volumes:
     driver: local
 services:
   grafana:
-    image: grafana/grafana-oss:10.3.3
+    image: docker.io/grafana/grafana-oss:10.4.0
     container_name: grafana
     ports:
       - "3000:3000"

+ 1 - 1
docker-compose/heimdall/docker-compose.yaml

@@ -1,7 +1,7 @@
 ---
 services:
   heimdall:
-    image: lscr.io/linuxserver/heimdall:2.5.6
+    image: lscr.io/linuxserver/heimdall:2.6.1
     container_name: heimdall
     environment:
       - PUID=1000

+ 2 - 1
docker-compose/homeassistant/docker-compose.yaml

@@ -2,10 +2,11 @@
 services:
   homeassistant:
     container_name: homeassistant
-    image: "ghcr.io/home-assistant/home-assistant:2023.6"
+    image: ghcr.io/home-assistant/home-assistant:2024.3.1
     volumes:
       - ./config:/config
       - /etc/localtime:/etc/localtime:ro
+      - /run/dbus:/run/dbus:ro
     # devices:
     #   - /dev/ttyACMO  # (optional) Add serial devices to the container
     privileged: true

+ 4 - 2
docker-compose/nextcloud/docker-compose.yaml

@@ -4,7 +4,7 @@ volumes:
   nextcloud-db:
 services:
   nextcloud-app:
-    image: nextcloud:latest
+    image: docker.io/library/nextcloud:28.0.3-apache
     container_name: nextcloud-app
     ports:
       - 80:80
@@ -17,7 +17,9 @@ services:
       - MYSQL_HOST=nextcloud-db
     restart: unless-stopped
   nextcloud-db:
-    image: mariadb:latest
+    # See compatibility matrix for Nextcloud 28
+    # https://docs.nextcloud.com/server/28/admin_manual/installation/system_requirements.html
+    image: docker.io/library/mariadb:10.11.7
     container_name: nextcloud-db
     command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
     volumes:

+ 1 - 1
docker-compose/nginxproxymanager/docker-compose.yaml

@@ -5,7 +5,7 @@ volumes:
   nginxproxymanager-db:
 services:
   nginxproxymanager:
-    image: jc21/nginx-proxy-manager:2.10.3
+    image: docker.io/jc21/nginx-proxy-manager:2.11.1
     ports:
       - 80:80
       - 81:81

+ 9 - 9
docker-compose/nodeexporter/docker-compose.yaml

@@ -1,10 +1,10 @@
----
-services:
-  node_exporter:
-    image: quay.io/prometheus/node-exporter:v1.5.0
-    container_name: node_exporter
-    command: "--path.rootfs=/host"
-    pid: host
-    restart: unless-stopped
-    volumes:
+---
+services:
+  node_exporter:
+    image: quay.io/prometheus/node-exporter:v1.7.0
+    container_name: node_exporter
+    command: "--path.rootfs=/host"
+    pid: host
+    restart: unless-stopped
+    volumes:
       - /:/host:ro,rslave

+ 8 - 1
docker-compose/pihole/docker-compose.yaml

@@ -1,5 +1,12 @@
+---
 version: '3'
 
+volumes:
+  dnsmasq:
+    driver: local
+  etcd:
+    driver: local
+
 services:
   pihole:
     container_name: pihole
@@ -14,6 +21,6 @@ services:
       - TZ=Europe/Berlin
       - WEBPASSWORD=your-secret-password
     volumes:
-      - etcd:/etc/pihole
       - dnsmasq:/etc/dnsmasq.d
+      - etcd:/etc/pihole
     restart: unless-stopped

+ 27 - 27
docker-compose/prometheus/config/prometheus.yml

@@ -1,27 +1,27 @@
-global:
-  scrape_interval:     15s # By default, scrape targets every 15 seconds.
-
-  # Attach these labels to any time series or alerts when communicating with
-  # external systems (federation, remote storage, Alertmanager).
-  # external_labels:
-  #  monitor: 'codelab-monitor'
-
-# A scrape configuration containing exactly one endpoint to scrape:
-# Here it's Prometheus itself.
-scrape_configs:
-  # The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
-  - job_name: 'prometheus'
-    # Override the global default and scrape targets from this job every 5 seconds.
-    scrape_interval: 5s
-    static_configs:
-      - targets: ['localhost:9090']
-
-  # Example job for node_exporter
-  # - job_name: 'node_exporter'
-  #   static_configs:
-  #     - targets: ['node_exporter:9100']
-
-  # Example job for cadvisor
-  # - job_name: 'cadvisor'
-  #   static_configs:
-  #     - targets: ['cadvisor:8080']
+global:
+  scrape_interval:     15s # By default, scrape targets every 15 seconds.
+
+  # Attach these labels to any time series or alerts when communicating with
+  # external systems (federation, remote storage, Alertmanager).
+  # external_labels:
+  #  monitor: 'codelab-monitor'
+
+# A scrape configuration containing exactly one endpoint to scrape:
+# Here it's Prometheus itself.
+scrape_configs:
+  # The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
+  - job_name: 'prometheus'
+    # Override the global default and scrape targets from this job every 5 seconds.
+    scrape_interval: 5s
+    static_configs:
+      - targets: ['localhost:9090']
+
+  # Example job for node_exporter
+  # - job_name: 'node_exporter'
+  #   static_configs:
+  #     - targets: ['node_exporter:9100']
+
+  # Example job for cadvisor
+  # - job_name: 'cadvisor'
+  #   static_configs:
+  #     - targets: ['cadvisor:8080']

+ 1 - 1
docker-compose/prometheus/docker-compose.yaml

@@ -4,7 +4,7 @@ volumes:
     driver: local
 services:
   prometheus:
-    image: prom/prometheus:v2.50.0
+    image: prom/prometheus:v2.50.1
     container_name: prometheus
     ports:
       - 9090:9090

+ 1 - 1
docker-compose/uptimekuma/docker-compose.yaml

@@ -4,7 +4,7 @@ volumes:
     driver: local
 services:
   uptimekuma:
-    image: louislam/uptime-kuma:latest
+    image: louislam/uptime-kuma:1.23.11
     container_name: uptimekuma
     ports:
       - 3001:3001

+ 20 - 20
vagrant/hyperv/ubuntu/docker/Vagrantfile

@@ -1,20 +1,20 @@
-# -*- mode: ruby -*-
-# vi: set ft=ruby :
-
-Vagrant.configure("2") do |config|
-  config.vm.box = "generic/ubuntu2004"
-  config.vm.network "public_network"
-  config.vm.synced_folder ".", "/vagrant_data", disabled: true
-  config.vm.provider "hyperv"
-  config.vm.provider "hyperv" do |h|
-    h.enable_virtualization_extensions = false
-    h.linked_clone = true
-    h.memory = 2048
-    h.vmname = "ubuntu_docker_1"
-  end
-
-  config.vm.provision "ansible" do |a|
-    a.verbose = "v"
-    a.playbook = "playbook.yaml"
-  end
-end
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+Vagrant.configure("2") do |config|
+  config.vm.box = "generic/ubuntu2004"
+  config.vm.network "public_network"
+  config.vm.synced_folder ".", "/vagrant_data", disabled: true
+  config.vm.provider "hyperv"
+  config.vm.provider "hyperv" do |h|
+    h.enable_virtualization_extensions = false
+    h.linked_clone = true
+    h.memory = 2048
+    h.vmname = "ubuntu_docker_1"
+  end
+
+  config.vm.provision "ansible" do |a|
+    a.verbose = "v"
+    a.playbook = "playbook.yaml"
+  end
+end

+ 26 - 17
vagrant/hyperv/ubuntu/docker/playbook.yaml

@@ -1,29 +1,38 @@
 ---
-- hosts: all
-  become: yes
+- name: Install Docker
+  hosts: all
+  become: true
+
   tasks:
-    - name: install prerequisites
-      apt:
+    - name: Install prerequisites
+      ansible.builtin.apt:
         name:
           - apt-transport-https
-          - ca-certificates 
-          - curl 
+          - ca-certificates
+          - curl
           - gnupg-agent
           - software-properties-common
-        update_cache: yes
-    - name: add apt-key
-      apt_key:
+        update_cache: true
+
+    - name: Add apt-key
+      ansible.builtin.apt_key:
         url: https://download.docker.com/linux/ubuntu/gpg
-    - name: add docker repo
-      apt_repository:
+
+    - name: Add docker repo
+      ansible.builtin.apt_repository:
         repo: deb https://download.docker.com/linux/ubuntu focal stable
-    - name: install docker 
-      apt:
-        name: 
+
+    - name: Install docker
+      ansible.builtin.apt:
+        name:
           - docker-ce
           - docker-ce-cli
           - containerd.io
           - docker-compose
-        update_cache: yes
-    - name: add userpermissions
-      shell: "usermod -aG docker vagrant"
+        update_cache: true
+
+    - name: Add user vagrant to group docker
+      ansible.builtin.user:
+        name: vagrant
+        groups: docker
+        append: true

+ 20 - 20
vagrant/hyperv/ubuntu/microk8s-installed/Vagrantfile

@@ -1,20 +1,20 @@
-# -*- mode: ruby -*-
-# vi: set ft=ruby :
-
-Vagrant.configure("2") do |config|
-  config.vm.box = "generic/ubuntu2004"
-  config.vm.network "public_network"
-  config.vm.synced_folder ".", "/vagrant_data", disabled: true
-  config.vm.provider "hyperv"
-  config.vm.provider "hyperv" do |h|
-    h.enable_virtualization_extensions = false
-    h.linked_clone = true
-    h.memory = 2048
-    h.vmname = "ubuntu_plain_1"
-  end
-
-  config.vm.provision "ansible" do |a|
-    a.verbose = "v"
-    a.playbook = "playbook.yaml"
-  end
-end
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+Vagrant.configure("2") do |config|
+  config.vm.box = "generic/ubuntu2004"
+  config.vm.network "public_network"
+  config.vm.synced_folder ".", "/vagrant_data", disabled: true
+  config.vm.provider "hyperv"
+  config.vm.provider "hyperv" do |h|
+    h.enable_virtualization_extensions = false
+    h.linked_clone = true
+    h.memory = 2048
+    h.vmname = "ubuntu_plain_1"
+  end
+
+  config.vm.provision "ansible" do |a|
+    a.verbose = "v"
+    a.playbook = "playbook.yaml"
+  end
+end

+ 13 - 8
vagrant/hyperv/ubuntu/microk8s-installed/playbook.yaml

@@ -1,11 +1,16 @@
 ---
-- hosts: all
-  become: yes
+- name: Install microk8s
+  hosts: all
+  become: true
+
   tasks:
-  - name: install microk8s
-    snap:
-      classic: yes
-      name: microk8s
-  - name: add userpermissions
-    shell: "usermod -aG microk8s vagrant"
+    - name: Install microk8s
+      community.general.snap:
+        classic: true
+        name: microk8s
 
+    - name: Add user vagrant to group microk8s
+      ansible.builtin.user:
+        name: vagrant
+        groups: microk8s
+        append: true

+ 22 - 22
vagrant/hyperv/ubuntu/plain-with-cockpit/Vagrantfile

@@ -1,22 +1,22 @@
-# -*- mode: ruby -*-
-# vi: set ft=ruby :
-
-Vagrant.configure("2") do |config|
-  config.vm.box = "generic/ubuntu2004"
-  config.vm.network "public_network", bridge: "BRIDGE"
-  config.vm.synced_folder ".", "/vagrant_data", disabled: true
-  config.vm.provider "hyperv"
-  config.vm.hostname = "ubuntu_plan-with-cockpit-1"
-
-  config.vm.provider "hyperv" do |h|
-    h.enable_virtualization_extensions = false
-    h.linked_clone = true
-    h.memory = 2048
-    h.vmname = "ubuntu_plan-with-cockpit-1"
-  end
-
-  config.vm.provision "ansible" do |a|
-    a.verbose = "v"
-    a.playbook = "playbook.yaml"
-  end
-end
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+Vagrant.configure("2") do |config|
+  config.vm.box = "generic/ubuntu2004"
+  config.vm.network "public_network", bridge: "BRIDGE"
+  config.vm.synced_folder ".", "/vagrant_data", disabled: true
+  config.vm.provider "hyperv"
+  config.vm.hostname = "ubuntu_plan-with-cockpit-1"
+
+  config.vm.provider "hyperv" do |h|
+    h.enable_virtualization_extensions = false
+    h.linked_clone = true
+    h.memory = 2048
+    h.vmname = "ubuntu_plan-with-cockpit-1"
+  end
+
+  config.vm.provision "ansible" do |a|
+    a.verbose = "v"
+    a.playbook = "playbook.yaml"
+  end
+end

+ 8 - 6
vagrant/hyperv/ubuntu/plain-with-cockpit/playbook.yaml

@@ -1,8 +1,10 @@
 ---
-- hosts: all
-  become: yes
+- name: Install Cockpit
+  hosts: all
+  become: true
+
   tasks:
-  - name: install cockpit
-    apt:
-      name: cockpit
-      update_cache: yes
+    - name: Install cockpit
+      ansible.builtin.apt:
+        name: cockpit
+        update_cache: true

+ 15 - 15
vagrant/hyperv/ubuntu/plain/Vagrantfile

@@ -1,15 +1,15 @@
-# -*- mode: ruby -*-
-# vi: set ft=ruby :
-
-Vagrant.configure("2") do |config|
-  config.vm.box = "generic/ubuntu2004"
-  config.vm.network "public_network"
-  config.vm.synced_folder ".", "/vagrant_data", disabled: true
-  config.vm.provider "hyperv"
-  config.vm.provider "hyperv" do |h|
-    h.enable_virtualization_extensions = false
-    h.linked_clone = true
-    h.memory = 2048
-    h.vmname = "ubuntu_plain_1"
-  end
-end
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+Vagrant.configure("2") do |config|
+  config.vm.box = "generic/ubuntu2004"
+  config.vm.network "public_network"
+  config.vm.synced_folder ".", "/vagrant_data", disabled: true
+  config.vm.provider "hyperv"
+  config.vm.provider "hyperv" do |h|
+    h.enable_virtualization_extensions = false
+    h.linked_clone = true
+    h.memory = 2048
+    h.vmname = "ubuntu_plain_1"
+  end
+end