prepare graylog

.vscode/settings.json

@@ -1,5 +1,4 @@
 {
     "editor.fontFamily": "'JetBrains Mono', 'NotoMono NF', 'DejaVuSansMono NF', 'MesloLGS NF', 'Droid Sans Mono', 'monospace', monospace, 'Droid Sans Fallback'",
-    "editor.fontSize": 17,
-    "ansible.python.interpreterPath": "/bin/python"
+    "editor.fontSize": 17
 }

ansible.cfg

@@ -2,6 +2,6 @@
 inventory = /opt/ansible-pull/hosts
 log_path = ~/ansible.log
 retry_files_enabled = False
-deprecation_warnings = True
+deprecation_warnings=False
 [inventory]
 enable_plugins = ini

collections/requirements.yml

@@ -1,4 +0,0 @@
----
-collections:
-  - name: community.general
-    version: ">=6.0.0" # Es ist eine gute Praxis, eine Mindestversion anzugeben

global_handlers/aide.yml

@@ -1,42 +0,0 @@
----
-- name: system setup | aide | install aide package
-  tags: aide,hardening,system
-  package:
-    name: aide
-    state: present
-
-- name: system setup | aide | check if aide database exists
-  tags: aide,hardening,system
-  stat:
-    path: /var/lib/aide/aide.db
-  register: aide_db
-
-- name: system setup | aide | initialize aide database if it does not exist
-  tags: aide,hardening,system
-  block:
-    - name: system setup | aide | run aide --init (this may take a while)
-      command: aide --config /etc/aide/aide.conf --init
-      register: aide_init_result
-      changed_when: "'AIDE, version' in aide_init_result.stdout"
-      async: 1800 # Allow up to 30 minutes for initialization
-      poll: 15
-
-    - name: system setup | aide | copy new database to be the active one
-      copy:
-        src: /var/lib/aide/aide.db.new
-        dest: /var/lib/aide/aide.db
-        remote_src: true
-        owner: root
-        group: root
-        mode: '0600'
-      when: aide_init_result.changed
-  when: not aide_db.stat.exists
-
-- name: system setup | aide | schedule daily check
-  tags: aide,hardening,system
-  cron:
-    name: "AIDE daily check"
-    minute: "0"
-    hour: "5"
-    job: "/usr/bin/aide --config /etc/aide/aide.conf --check"
-    cron_file: aide_check # Creates /etc/cron.d/aide_check

global_handlers/global_handlers.yml

@@ -1,39 +1,9 @@
----
-- name: apt_update
-  apt:
-    update_cache: yes
-  when: ansible_os_family == "Debian"
-
-- name: restart_sshd
+- name: restart_nginx
   service:
-    name: "{{ openssh_service }}"
+    name: "nginx"
     state: restarted
 
-- name: restart_fail2ban
+- name: restart_snmpd
   service:
-    name: "fail2ban"
-    state: restarted
-
-- name: restart_logind
-  service:
-    name: "logind"
-    state: restarted
-
-- name: reload ufw
-  command: ufw reload
-  listen: "reload ufw firewall"
-
-- name: restart auditd
-  service:
-    name: auditd
-    state: restarted
-
-- name: restart rsyslog
-  ansible.builtin.service:
-    name: rsyslog
-    state: restarted
-
-- name: restart_telegraf
-  ansible.builtin.service:
-    name: "telegraf"
+    name: "snmpd"
     state: restarted

group_vars/server

@@ -1,12 +1 @@
-$ANSIBLE_VAULT;1.1;AES256
-33393965343936656232313034313838313330336565336265383361373666343366623535353432
-6465366237353937396136613539646634653233376339650a323436313066653566373335643766
-65376439303639363262333537373661656363366561613432643536373637653862356261613739
-3963643534613338300a313634353631373635333435346266613238633831356332633332376362
-30333434663365396639613336636138373964383063393862363531343866386537306664393863
-64653836613864636635346135633630313261623032613161613661303630623462336335366461
-30613366383265656264326432653339323736623933326132323866643939303233646237633936
-65373031386338323463623631656461653163333163666232656664386362663666373039613237
-64383437316463333630646333633162333836633639633564633762653134623430336661366233
-61353861363062616135383936343938663737336233376165336135653930636430346139393536
-663362613262363561376631616138366662
+mta_package: "ssmtp"

host_vars/LIFEBOOK-U939.yml

@@ -1 +0,0 @@
-lifebook-u939.yml

host_vars/TUXEDO-Book-XP1511.universe.local.yml

@@ -2,9 +2,7 @@
 ssh_port: 22
 ssh_users: rene
 
-copy_ssh_priv_keys: true
-
-# purpose selection
+#purpose selection
 database: false
 development: true
 dhcpserver: false
@@ -18,10 +16,10 @@ proxyserver: false
 video_editing: true
 webserver: false
 
-# shell selection
+#shell selection
 zsh: true
 
-# desktop environment selection
+#desktop environment selection
 cinnamon: false
 deepin: false
 gnome: false
@@ -29,7 +27,7 @@ kde: true
 mate: false
 xfce: false
 
-# application selection
+#application selection
 alacritty: true
 alsa: true
 autofs: true
@@ -40,7 +38,7 @@ broot: true
 chromium: true
 clonezilla: true
 cmatrix: true
-davinci_resolve: true
+davinci-resolve: true
 dbeaver: true
 digikam: true
 dislocker: true

host_vars/adguard.universe.local.yml

@@ -1,7 +1,3 @@
 ---
 netdata: false
 set_hosts: true
-
-agh_cpu: amd64
-agh_os: linux
-agh_channel: release

host_vars/agh01.universe.local.yml

@@ -1,3 +0,0 @@
----
-netdata: false
-set_hosts: true

host_vars/backup.universe.local.yml

@@ -0,0 +1,29 @@
+hosts_to_backup:
+  - { hostname: "mailcow", fqdn: "mewissen.site", ip: "192.168.3.8" }
+  - { hostname: "jitsi", fqdn: "mewimeet.de", ip: "192.168.3.10" }
+  - { hostname: "mewitoot", fqdn: "mewitoot.de", ip: "192.168.3.11" }
+  - { hostname: "coruscant", fqdn: "coruscant.universe.local" }
+  - { hostname: "ns1", fqdn: "ns1.universe.local" }
+  - { hostname: "docker01", fqdn: "docker01.universe.local" }
+  - { hostname: "pi-alert", fqdn: "pi-alert.universe.local" }
+  - { hostname: "mariadb01", fqdn: "mariadb01.universe.local" }
+  - { hostname: "mariadb02", fqdn: "mariadb02.universe.local" }
+  - { hostname: "mariadb03", fqdn: "mariadb03.universe.local" }
+  - { hostname: "icinga", fqdn: "icinga.universe.local" }
+  - { hostname: "samba-ad-dc", fqdn: "samba-ad-dc.universe.local" }
+  - { hostname: "webserver", fqdn: "webserver.universe.local" }
+  - { hostname: "elk-stack", fqdn: "elk-stack.universe.local" }
+  - { hostname: "netbox", fqdn: "netbox.universe.local" }
+  - { hostname: "haproxy01", fqdn: "haproxy01.universe.local" }
+  - { hostname: "haproxy02", fqdn: "haproxy02.universe.local" }
+  - { hostname: "librenms", fqdn: "librenms.universe.local" }
+  - { hostname: "pi-hole", fqdn: "pi-hole.universe.local" }
+  - { hostname: "adguard", fqdn: "adguard.universe.local" }
+  - { hostname: "grafana", fqdn: "grafana.universe.local" }
+  - { hostname: "nextcloud", fqdn: "nextcloud.universe.local" }
+  - { hostname: "dhcp-kea", fqdn: "dhcp-kea.universe.local" }
+  - { hostname: "dhcp-stork", fqdn: "dhcp-stork.universe.local" }
+  - { hostname: "unbound01", fqdn: "unbound01.universe.local" }
+  - { hostname: "unbound02", fqdn: "unbound02.universe.local" }
+  - { hostname: "mail", fqdn: "mail.universe.local" }
+  - { hostname: "graylog", fqdn: "graylog.universe.local" }

host_vars/caddy.universe.local.yml

@@ -1 +0,0 @@
-caddy: true

host_vars/dnspri.universe.local.yml

@@ -1,2 +0,0 @@
-powerdns_server: True
-powerdns_primary: True

host_vars/dnssec1.universe.local.yml

@@ -1,4 +0,0 @@
-powerdns_server: True
-powerdns_primary: False
-powerdns_secondary: True
-pdns_pri_server: "192.168.1.190"

host_vars/dnssec2.universe.local.yml

@@ -1 +0,0 @@
-dnssec1.universe.local.yml

host_vars/docker01.universe.local.yml

@@ -1,2 +1,2 @@
 ---
-run_portainer: false
+run_portainer: true

host_vars/docker02

@@ -1,3 +0,0 @@
----
-run_portainer: false
-run_portainer_agent: true

host_vars/docker02.universe.local.yml

@@ -1,3 +1,2 @@
 ---
 run_portainer: false
-run_portainer_agent: true

host_vars/drone.universe.local.yml

@@ -1 +0,0 @@
----

host_vars/graylog.universe.local.yml

@@ -1 +0,0 @@
----

host_vars/learningdjango.universe.local.yml

@@ -1,3 +0,0 @@
----
-netdata: true
-set_hosts: true

host_vars/lifebook-u939.universe.local.yml

@@ -1,71 +0,0 @@
----
-ssh_port: 22
-ssh_users: rene
-
-copy_ssh_priv_keys: true
-
-# purpose selection
-database: false
-development: false
-dhcpserver: false
-fileserver: false
-mailserver: false
-mobile: true
-nameserver: false
-photo_editing: false
-printspooler: false
-proxyserver: false
-video_editing: false
-webserver: false
-
-# shell selection
-zsh: true
-
-# desktop environment selection
-cinnamon: true
-deepin: false
-gnome: false
-kde: false
-mate: false
-xfce: false
-
-# application selection
-alacritty: true
-alsa: true
-autofs: true
-bashtop: true
-borgbackup: true
-brave: true
-broot: true
-chromium: true
-clonezilla: true
-cmatrix: true
-davinci_resolve: false
-dbeaver: false
-digikam: false
-dislocker: true
-docker: false
-exa: true
-filelight: true
-firefox: true
-games: true
-gimp: false
-google_chrome: false
-joplin: true
-keepass: false
-keepassxc: true
-libreoffice: true
-midnightcommander: true
-nextcloud_client: true
-nvidia: false
-obs: false
-pacaur: false
-ranger: true
-screenkey: true
-syncthing: true
-thunderbird: true
-vifm: true
-virtualbox: false
-vivaldi: false
-yay: false
-yubikey: true

host_vars/lifebook-u939.yml

@@ -1 +0,0 @@
-lifebook-u939.universe.local.yml

host_vars/mail.mewissen.site.yml

@@ -1,22 +1,17 @@
-$ANSIBLE_VAULT;1.1;AES256
-36303665633161336631373965373436653433326630666234393137316361616636396238303139
-3731666534646135346536663965306164383361333566350a666337353564643066646366643961
-32353636396134396531333939363338393331353735663363653636383333336333666361623330
-6662663864633664390a383033343563623732333064376331303536666633306139623865353539
-33613262316161653364326433303263616665316261323965336263313064656433383331653432
-36666461306437316137633261663062633734353130386432623463613366326363383431343433
-38633564646635666162353736643966656537313531336365303762663562623064316333303131
-61643439323238373837633566636563646537343533613262383832353338643934333939383464
-65303636613638643065303337316662373538653230363764633534656365356563393462333964
-39336464666337653263353434663039326663353638313161396439303733383265653961666361
-62366333373237643732303533326166353534303066303664613532666331646665643763323966
-38623730326630306536343530653234663864386662653130353334343363323232323966393363
-38353465643434613837653939376665303933376437346161656231313832643264653830663535
-63333165623036653566616266373162303035366632316135626131376162636637643334356131
-36636166366234343966343231366361383162633236626665653365393661346235626161333861
-32316465663465653933356561616366373735636664373962323939653234393661663834613136
-66383463626632333432343164333963373065373831656438616133326436646437326565356334
-32663262376163623530653363666331333838643764383661313935643935386463393037633439
-39613635623866396439613137376262393433306565336432343933306437346561653434313336
-30306262653833623739626534646162643537343666343735336138613661623461326664363561
-38636566613363303631643637613535316366636137376364613562646236333838
+---
+branch: master
+
+#ansible_cron_minute: "40"
+#ssh_port: 22
+#ssh_users: "user1 user2"
+copy_ssh_priv_keys: false
+
+# platform-specific
+linode_instance: false
+microcode_amd_install: false
+microcode_intel_install: false
+proxmox_instance: false
+raspberry_pi: false
+
+# server
+unattended_upgrades: true

host_vars/mewimeet.com.yml

@@ -1,26 +1,25 @@
-$ANSIBLE_VAULT;1.1;AES256
-61306233663762613238316535386561663239336432623063636665373333373834376462323062
-3262653861663137323539363633333263343132396564320a393939356234303136353832343266
-33336563613932646332356663386537633132323062643838363763616533396332666238323435
-6430633233333631300a313637636265303831613363333330336265336330636231643666643634
-31346662646634346138353231326534656438343033333363313132326165376536393264653335
-34363835303430353838366538626363636336323831306334373933303164633466613862333936
-30396238356438373235316137333439346238643939393330313236353666656635356632343561
-37316537663466653234363938313138353235356466386230323735646234653465393130636531
-38396631333365373632366563336538353163636235346638363439366338636266373836316236
-30373165643236306630323432643363613662376637353537633230356537343666656639616432
-30346539393034626538623362636665643630643666636135336463616130383530616135393366
-31356535313932313264386631313062353436653764653330353837326663353137386236386234
-63363331373736336538353331326531663262313330626636643061666561333566623635313836
-63306462363961396639326435666633633532326635356430386436336666343766626530333232
-36366466303666393262336334353935346433336633373035663433356561303766353930643736
-32633762393136393039653365626165636233323838303364666436393663656362343033363534
-38653832333063323765383036626563316637383636633339366235613439616138366633323636
-31356333363931613230393934356261633965393464336135333238616131333564343235633233
-34643863393962336461386439343333383763613730346661346430336133316262643939383065
-39633261313732653063336161383033323231626337663237323063656230366663366538306534
-36643665386234643138646636663537623262373839383731353866383562643363666561646630
-38313331653962613864323737613530353938663962636663396563356166643766626335396361
-66323230336333303730323730393532353562303636626330616336646635623662656462666430
-30613664346135653065623537646130323238333463393535343136373461653637613637663736
-3837
+---
+branch: master
+hostname: mewimeet.com
+
+ansible_cron_minute: "40"
+ssh_port: 22
+ssh_users: "user1 user2"
+
+# platform-specific
+linode_instance: true
+microcode_amd_install: false
+microcode_intel_install: false
+proxmox_instance: false
+raspberry_pi: false
+preinstalled: true
+
+# server
+set_hosts: true
+unattended_upgrades: true
+web_server: true
+netdata: true
+
+# VPN
+wireguard: true
+wg_local_ip: 192.168.3.6/32

host_vars/mewimeet.de.yml

@@ -1,30 +1,27 @@
-$ANSIBLE_VAULT;1.1;AES256
-37623231323337643262313535353365666336346530326262633831333230303838343639623239
-6236376565363635633362626465383334323966303930340a363162386161653035363264313861
-31616565633638633531623932303264386638363161363366386265333661373965666564306461
-6565613533343734350a393330306162626633666531326334613764313162323833646235396361
-66386564373561366364663239613566303238333735633362663936636566643033656331646266
-35636462393831663933353535373732373862383739613930393665616138313263383766343738
-38383431636461636139363436663962656131363239303134396632323838653362353738653733
-30643435346565303463653035656637653030636564303736393962333230633935306237366231
-30653331346335373931666632346466643266633561663830643739353530633131393163656138
-31613061633633646130646339386561386539356533393966316433353030626463363532663764
-65363965303538303161306666373462356336643832343138636663616436356635653464333233
-38303938393665353562343436626338333934303162643063623862323534393262343432336634
-39353639626337373331616261303762333938386366633634393961626135613837303435313164
-37333230313466373831373738313131666631613234383165333931336565646635306136363238
-33386433323561353838353063653034613933636665333734343133623261626263313631336434
-35386262623733666364633366626630353835376131663535316666633363346565303433623061
-36663165633039326230356538336265666336346132383935663963633661336431313830316666
-32623430333433633266323437626630613461313764383230666230343963306266306138333436
-38656631336232356461343362663533386165633763366136376330316330303530336538643739
-65336333383363343839366536643835353235613665636530393565633234633930653030313830
-66656439636166656364356130333761333634386130353636646464346464373239616637623963
-32316330393330346133613763636237656463656363386439623964633564356564663132346233
-34373138663065303363666466333638376561613838646164373334383630323032386165613234
-62636530356665336333376263346130653637373665303136333437363062633831323433643432
-33643238383230373461333735623833336134383233663630363431613366306533393164626666
-37643334313965333461636433343331366639353838386630623533383864353663646433363430
-65393437353031393235613933393236356637646334656261616135323533313238306536366561
-35346531346431643038383431336463653165656230346265373463383462396437623563626438
-65653432336538346237383461386336636665303866613664653765393539656134
+---
+branch: master
+hostname: mewimeet.de
+
+ansible_cron_minute: "40"
+ssh_port: 22
+ssh_users: "user1 user2"
+
+# platform-specific
+linode_instance: true
+microcode_amd_install: false
+microcode_intel_install: false
+proxmox_instance: false
+raspberry_pi: false
+preinstalled: true
+
+# server
+set_hosts: true
+unattended_upgrades: true
+web_server: true
+netdata: true
+bind: true
+unbound: true
+
+# VPN
+wireguard: true
+wg_local_ip: 192.168.3.10/24

host_vars/mewitoot.de.yml

@@ -1,33 +1,30 @@
-$ANSIBLE_VAULT;1.1;AES256
-35316331613562646337303937613236363263393739626530333265356566623430316533383031
-3166386236376266336664313737633436303634383034630a653739323136393865343961306161
-33656165646637343532643131653536363561313535653665666234656332633266333835353239
-6336303531636138390a656339653330316566663231383065643866333861653333663463363764
-38363833383133303966633764396436393138633435356164363365646439373835393236313961
-66666366643863313962636135646266333938663532353061663865313131646132336637386431
-66396236646633386465386333343564346163363437313433626361366565653533653536363865
-31643837663339336562303464333834626336323231663238613437306262663463633866343131
-32393534616265393439383035393132326430313432393832663335626536323261313336653732
-61303537353933363534343234373962623463613836393336333261643234393838653666333233
-37326133356231316634643263316366353065343433653030333339663832646537386631663531
-63306162616632343833356361666433323031376463316138336438643133313932346162633134
-62306337623064323533326562316232633334353761383336336662393664653839653335646466
-66633431316436626137643562336662653763396232333434303734613931623634356438313331
-36663236646162633030663766376639666538306132353863613563336530323765643665656466
-36643332626166353432313661313330366161626334353831323034323766363266653762346362
-30656337383638623038313838323462316132383430383337636638366239323731666235623663
-36303963613365633233653031353436363636333965356462353130303066303861316436363330
-36383735333439663433356366643430306333656433643539346632663064323636373731633230
-31303663613138396531623463306131636430366630626331313665323761396561386636353562
-34663430333661333765613235383231366264353564333031333966356338653135616637616363
-34323930613136643433363861636630313233613763653765643238343839353930336235613032
-64356361646639343763643166626632353663363561656638643731396563363639353466386533
-35343262666564383964353631363038363235643531663830313263633661303161323166643237
-66396166336362323137353839396165333936376265316461663630636532633632326336393565
-38613330383064626233306166383435346531643638323563336139653537643033376434666164
-30643933366631373461393533343364343266366161363961316162386236356231656662653366
-62333765326262653463323131666161663334633337663431383836363962656664643033636564
-61643230353764346236393664336232623636643030356339643466356566336638626536643161
-34643465376633616538366332386135623764313433326262363564663332346162306136656235
-65353264623239663735346166653633356333373464616433333364326530373263343231346530
-37363761623535623534
+---
+branch: master
+hostname: mewitoot.de
+set_hosts: True
+
+ansible_cron_minute: "40"
+ssh_port: 22
+ssh_users: "user1 user2"
+
+# platform-specific
+linode_instance: true
+microcode_amd_install: false
+microcode_intel_install: false
+proxmox_instance: false
+raspberry_pi: false
+
+# server
+unattended_upgrades: true
+web_server: true
+netdata: true
+bind: true
+unbound: true
+
+# VPN
+wireguard: true
+wg_local_ip: 192.168.3.11/24
+
+# Application
+migration: true
+mastodon_host: "{{ hostname }}"

host_vars/pixelfed.universe.local.yml

@@ -1,3 +0,0 @@
----
-run_portainer: false
-run_portainer_agent: true

host_vars/pve-ha.universe.local.yml

@@ -1,2 +0,0 @@
----
-is_proxmox: true

host_vars/pve2.universe.local.yml

@@ -1,2 +0,0 @@
----
-is_proxmox: true

host_vars/truenas.universe.local.yml

@@ -1 +0,0 @@
----

hosts

@@ -6,44 +6,22 @@ glustertest
 
 [server]
 AdGuard.universe.local
-agh01.universe.local
-dhcp-stork.universe.local
-elk-stack.universe.local
+pve.universe.local
+netbox.universe.local
+samba-ad-dc.universe.local
+librenms.universe.local
 grafana.universe.local
-graylog.universe.local
 haproxy01.universe.local
 haproxy02.universe.local
-learningdjango.universe.local
-librenms.universe.local
-netbox.universe.local
-ntfy.universe.local
-paperless.universe.local
-pi-alert.universe.local
-pi-alert-lan.universe.local
-pi-hole.universe.local
-pixelfed.universe.local
-pve.universe.local
-pve2.universe.local
-pve-ha.universe.local
-samba.universe.local
-samba-ad-dc1.universe.local
-samba-ad-dc2.universe.local
-shinobi.universe.local
-step-ca.universe.local
-truenas.universe.local
-wazuh.universe.local
-zoneminder.universe.local
+elk-stack.universe.local
 
 [server:children]
 auth
 backup
-bastionhost
 cluster
 database
 dhcpserver
 docker
-domaincontroller
-drone
 fileserver
 icinga
 jitsimeet
@@ -52,20 +30,16 @@ mastodon
 nameserver
 printspooler
 proxyserver
-reverseproxy
-webservers
+webserver
 
 [auth]
 freeradius.universe.local
 
-[bastionhost]
-bastion.universe.local
-newbastion.universe.local
-
 [backup]
 backup.universe.local
 
 [database]
+coruscant.universe.local
 mariadb01.universe.local
 mariadb02.universe.local
 mariadb03.universe.local
@@ -76,22 +50,16 @@ endorvm.universe.local
 tuxedo-book-xp1511.universe.local
 
 [dhcpserver]
+coruscant.universe.local
 dhcp-kea.universe.local
 
 [docker]
 docker01.universe.local
-docker02
-
-[domaincontroller]
-samba-ad-dc.universe.local
-samba-ad-dc1.universe.local
-samba-ad-dc2.universe.local
-
-[drone]
-drone.universe.local
+docker02.universe.local
 
 [fileserver]
-nfs-server.universe.local
+coruscant.universe.local
+samba-ad-dc.universe.local
 
 [glustertest]
 glustertest01.universe.local
@@ -111,6 +79,7 @@ icinga_satellite
 mewimeet.de jitsi_fqdn=mewimeet.de
 
 [mailserver]
+coruscant.universe.local
 mail.mewissen.site
 mailcow.universe.local
 mail.universe.local
@@ -121,47 +90,34 @@ ubuntu-test.universe.local
 
 [mobile]
 tuxedo-book-xp1511.universe.local
-lifebook-u939.universe.local
-LIFEBOOK-U939
 
 [nameserver]
-dnspri.universe.local
-dnssec1.universe.local
-dnssec2.universe.local
+coruscant.universe.local
 mewimeet.de
 mewitoot.de
 ns1.universe.local
 unbound01.universe.local
 unbound02.universe.local
 
-[omada_controller]
-omada.universe.local
-
 [photo_editing]
 endor.universe.local
 endorvm.universe.local
 tuxedo-book-xp1511.universe.local
 
-[podman_servers]
-podman01.universe.local
-podman02.universe.local
-
 [printspooler]
+coruscant.universe.local
 
 [proxyserver]
-tinyproxy.universe.local
-
-[reverseproxy]
-caddy.universe.local
+coruscant.universe.local
 
 [video_editing]
 endor.universe.local
 endorvm.universe.local
 tuxedo-book-xp1511.universe.local
 
-[webservers]
+[webserver]
+coruscant.universe.local
 nextcloud.universe.local
-searx.universe.local 
 webserver.universe.local
 
 [workstation:children]

local.yml

@@ -1,76 +1,39 @@
 ---
 - hosts: all
   handlers:
-    - ansible.builtin.import_tasks: global_handlers/global_handlers.yml
+    - import_tasks: global_handlers/global_handlers.yml
   connection: local
   vars_files:
-    - "{{ lookup('first_found', ['os_vars/' + (ansible_distribution | lower) + '.yml'], errors='ignore') }}"
+    - "os_vars/{{ ansible_distribution | lower }}.yml"
   become: true
-  vars:
-    ansible_reboot_cooldown_minutes: 15 # Cooldown in Minuten
-    ansible_pull_marker_file: /var/tmp/ansible_pull.last_run
 
   pre_tasks:
-    - name: pre-run | get status of marker file
-      ansible.builtin.stat:
-        path: "{{ ansible_pull_marker_file }}"
-      register: marker_file_stat
-      tags: always
-
-    - name: pre-run | check if last run was within cooldown period
-      ansible.builtin.meta: end_play
-      when:
-        - marker_file_stat.stat.exists
-        - (ansible_date_time.epoch | int) - (marker_file_stat.stat.mtime | int) < (ansible_reboot_cooldown_minutes | int * 60)
-      tags: always
-
-    - name: pre-run | set marker file path as a cached fact
-      ansible.builtin.set_fact:
-        ansible_pull_marker_file: "{{ ansible_pull_marker_file }}"
-        cacheable: true
-      tags: always
-
-    - name: pre-run | update apt repository (debian, ubuntu, etc.) # noqa no-changed-when
-      ansible.builtin.apt: update_cache=yes
-      #changed_when: false
-      when: ansible_distribution in ["Debian", "Ubuntu", "Linux Mint"]
-      ignore_errors: True
+    - name: pre-run | update apt repository (debian, ubuntu, etc.)
+      apt: update_cache=yes
+      changed_when: false
+      when: ansible_distribution in ["Debian", "Ubuntu"]
+    - name: pre-run | upgrade system (debian, ubuntu, etc.)
+      apt: upgrade=dist
+      changed_when: false
+      when: ansible_distribution in ["Debian", "Ubuntu"]
     - name: pre-run | update pacman repository (arch)
-      community.general.pacman: update_cache=yes
-      #changed_when: false
+      pacman: update_cache=yes
+      changed_when: false
       when: ansible_distribution == 'Archlinux'
-      ignore_errors: True
     - name: pre-run |update portage repository (gentoo)
       portage:
         sync: yes
       when: ansible_distribution == 'Gentoo'
   ignore_errors: True
 
-
-- hosts: all:!database
-  pre_tasks:
-    - name: pre-run | upgrade system (debian, ubuntu, etc.)
-      ansible.builtin.apt: upgrade=dist
-      #changed_when: false
-      when: ansible_distribution in ["Debian", "Ubuntu", "Linux Mint"]
-      ignore_errors: True
-    - name: pre-run | upgrade system (arch)
-      community.general.pacman: upgrade=true
-      when: ansible_distribution == 'Archlinux'
-      ignore_errors: True
-
 # run roles
 - hosts: all
-  handlers:
-    - ansible.builtin.import_tasks: global_handlers/global_handlers.yml
   tags: base
   become: true
   roles:
     - base
 
 # - hosts: workstation
-#   handlers:
-#     - import_tasks: global_handlers/global_handlers.yml
 #   tags: workstation
 #   become: true
 #   roles:
@@ -81,52 +44,28 @@
   become: true
   roles:
     - server
-  handlers:
-    - ansible.builtin.import_tasks: global_handlers/global_handlers.yml
-
-- hosts: bastionhost
-  tags: server,bastionhost
-  handlers:
-    - ansible.builtin.import_tasks: global_handlers/global_handlers.yml
-  become: true
-  roles:
-    - bastionhost
-  post_tasks:
-    - name: Update AIDE database if changes were made
-      ansible.builtin.include_role:
-        name: bastionhost
-        tasks_from: system_setup/aide_update.yml
-      when: (aide_db_needs_update is defined and aide_db_needs_update) and (aide_db is defined and aide_db.stat.exists)
 
 - hosts: nameserver
   tags: server,nameserver
-  handlers:
-    - ansible.builtin.import_tasks: global_handlers/global_handlers.yml
   become: true
   roles:
     - nameserver
 
-- hosts: webservers
-  tags: server,webservers
+- hosts: webserver
+  tags: server,webserver
   become: true
-  handlers:
-    - ansible.builtin.import_tasks: global_handlers/global_handlers.yml
   roles:
-    - webservers
+    - webserver
 
 - hosts: mailserver
   tags: server,mailserver
   become: true
-  handlers:
-    - ansible.builtin.import_tasks: global_handlers/global_handlers.yml
   roles:
     - mailserver
 
 - hosts: database
   tags: server,database
   become: true
-  handlers:
-    - ansible.builtin.import_tasks: global_handlers/global_handlers.yml
   roles:
     - database
 
@@ -138,28 +77,10 @@
 
 - hosts: docker
   tags: server,docker
-  handlers:
-    - ansible.builtin.import_tasks: global_handlers/global_handlers.yml
   become: true
   roles:
     - docker
 
-- hosts: podman_servers
-  tags: server,podman
-  become: true
-  handlers:
-    - ansible.builtin.import_tasks: global_handlers/global_handlers.yml
-  roles:
-    - podman
-
-- hosts: drone
-  tags: server,docker,drone
-  become: true
-  handlers:
-    - ansible.builtin.import_tasks: global_handlers/global_handlers.yml
-  roles:
-    - drone
-
 # - hosts: fileserver
 #   tags: server,fileserver
 #   become: true
@@ -168,8 +89,6 @@
 
 - hosts: mastodon
   tags: server,mastodon
-  handlers:
-    - ansible.builtin.import_tasks: global_handlers/global_handlers.yml
   become: true
   roles:
     - mastodon
@@ -181,37 +100,17 @@
 #     - printspooler
 
 - hosts: jitsimeet
-  tags: server,jitsimeet,webservers
-  handlers:
-    - ansible.builtin.import_tasks: global_handlers/global_handlers.yml
+  tags: server,jitsimeet,webserver
   become: true
   roles:
     - jitsimeet
 
-- hosts: omada_controller
-  tags: server,omada_controller
-  become: true
-  handlers:
-    - ansible.builtin.import_tasks: global_handlers/global_handlers.yml
-  roles:
-    - omada-controller
-
 - hosts: backup
   tags: server,backup
   become: true
-  handlers:
-    - ansible.builtin.import_tasks: global_handlers/global_handlers.yml
   roles:
     - backup
 
-- hosts: reverseproxy
-  tags: server,reverseproxy
-  become: true
-  handlers:
-    - ansible.builtin.import_tasks: global_handlers/global_handlers.yml
-  roles:
-    - reverseproxy
-
 # - hosts: proxyserver
 #   tags: server,proxyserver
 #   become: true
@@ -221,26 +120,21 @@
 # end of roles; cleanup and reporting
 - hosts: all
   become: true
-  post_tasks:
+  tasks:
     - name: cleanup package cache (debian and ubuntu)
       tags: always
-      ansible.builtin.apt:
+      apt:
         autoclean: yes
       changed_when: false
-      when: ansible_distribution in ["Debian", "Pop!_OS", "Ubuntu", "Linux Mint"]
+      when: ansible_distribution in ["Debian", "Pop!_OS", "Ubuntu"]
 
     - name: autoremove orphan packages (debian and ubuntu)
       tags: always
-      ansible.builtin.apt:
+      apt:
         autoremove: yes
         purge: yes
-      when: ansible_distribution in ["Debian", "Pop!_OS", "Ubuntu", "Linux Mint"]
+      when: ansible_distribution in ["Debian", "Pop!_OS", "Ubuntu"]
 
-    - name: post-run | update marker file timestamp on successful run
-      file:
-        path: "{{ ansible_pull_marker_file }}"
-        state: touch
-      tags: always
     # - name: send completion alert
     #   include_tasks: playbooks/send_completion_alert.yml
     #   tags: always

os_vars/archlinux.yml

@@ -1,2 +0,0 @@
-aur_helper: "paru"
-aur_build_user: "aur_builder"

os_vars/debian.yml

@@ -1,4 +1,4 @@
-snmp_user: Debian-snmp
+snmp-user: Debian-snmp
 mta_package: ssmtp
 
 redis_pkgs:

os_vars/linux mint.yml

@@ -1 +0,0 @@
-ubuntu.yml

os_vars/ubuntu.yml

@@ -1,4 +1,4 @@
-snmp_user: Debian-snmp
+snmp-user: Debian-snmp
 mta_package: ssmtp
 
 redis_pkgs:

roles/backup/files/config/adguard_excludes.txt

@@ -1 +0,0 @@
-querylog.json

roles/backup/files/config/adguard_includes.txt

@@ -1 +1,3 @@
+/etc
 /opt/AdGuardHome
+/var/spool/cron/crontabs

roles/backup/files/config/agh01_excludes.txt

@@ -1 +0,0 @@
-querylog.json

roles/backup/files/config/agh01_includes.txt

@@ -1 +0,0 @@
-/opt/AdGuardHome

roles/backup/files/config/backup_remote.conf

@@ -0,0 +1,28 @@
+mailcow;/opt/backup/config/mailcow_includes.txt;/opt/backup/config/mailcow_excludes.txt
+jitsi;/opt/backup/config/jitsi_includes.txt;/opt/backup/config/jitsi_excludes.txt
+mewitoot;/opt/backup/config/mewitoot_includes.txt;/opt/backup/config/mewitoot_excludes.txt
+coruscant;/opt/backup/config/coruscant_includes.txt;/opt/backup/config/coruscant_excludes.txt
+ns1;/opt/backup/config/ns1_includes.txt;/opt/backup/config/ns1_excludes.txt
+docker01;/opt/backup/config/docker01_includes.txt;/opt/backup/config/docker01_excludes.txt
+pi-alert;/opt/backup/config/pi-alert_includes.txt;/opt/backup/config/pi-alert_excludes.txt
+mariadb01;/opt/backup/config/mariadb01_includes.txt;/opt/backup/config/mariadb01_excludes.txt
+mariadb02;/opt/backup/config/mariadb02_includes.txt;/opt/backup/config/mariadb02_excludes.txt
+mariadb03;/opt/backup/config/mariadb03_includes.txt;/opt/backup/config/mariadb03_excludes.txt
+icinga;/opt/backup/config/icinga_includes.txt;/opt/backup/config/icinga_excludes.txt
+samba-ad-dc;/opt/backup/config/samba-ad-dc_includes.txt;/opt/backup/config/samba-ad-dc_excludes.txt
+webserver;/opt/backup/config/webserver_includes.txt;/opt/backup/config/webserver_excludes.txt
+elk-stack;/opt/backup/config/elk-stack_includes.txt;/opt/backup/config/elk-stack_excludes.txt
+netbox;/opt/backup/config/netbox_includes.txt;/opt/backup/config/netbox_excludes.txt
+haproxy01;/opt/backup/config/haproxy01_includes.txt;/opt/backup/config/haproxy01_excludes.txt
+haproxy02;/opt/backup/config/haproxy02_includes.txt;/opt/backup/config/haproxy02_excludes.txt
+librenms;/opt/backup/config/librenms_includes.txt;/opt/backup/config/librenms_excludes.txt
+pi-hole;/opt/backup/config/pi-hole_includes.txt;/opt/backup/config/pi-hole_excludes.txt
+adguard;/opt/backup/config/adguard_includes.txt;/opt/backup/config/adguard_excludes.txt
+grafana;/opt/backup/config/grafana_includes.txt;/opt/backup/config/grafana_excludes.txt
+nextcloud;/opt/backup/config/nextcloud_includes.txt;/opt/backup/config/nextcloud_excludes.txt
+dhcp-kea;/opt/backup/config/dhcp-kea_includes.txt;/opt/backup/config/dhcp-kea_excludes.txt
+dhcp-stork;/opt/backup/config/dhcp-stork_includes.txt;/opt/backup/config/dhcp-stork_excludes.txt
+unbound01;/opt/backup/config/unbound01_includes.txt;/opt/backup/config/unbound01_excludes.txt
+unbound02;/opt/backup/config/unbound02_includes.txt;/opt/backup/config/unbound02_excludes.txt
+mail;/opt/backup/config/mail_includes.txt;/opt/backup/config/mail_excludes.txt
+graylog;/opt/backup/config/graylog_includes.txt;/opt/backup/config/graylog_excludes.txt

roles/backup/files/config/coruscant_excludes.txt

@@ -6,6 +6,8 @@
 /root/backup/
 files_versions/
 files_trashbin/
+lost\+found
+*.bak
 .local/share/Steam/Steamapps
 grav.log
 

roles/backup/files/config/coruscant_includes.txt

@@ -2,6 +2,8 @@
 /Daten/ossn
 /Daten/owncloud
 /Daten/tdps
+/etc
+/home
 /opt/docker-compose-projects/available/Rocket.Chat
 /opt/docker-compose-projects/available/docker-matrix-data-v0.9
 /opt/docker-compose-projects/available/docker-matrix-data-v1.0
@@ -19,10 +21,12 @@
 /opt/docker-compose-projects/available/searx
 /opt/librenms
 /opt/tdps/tdps.config
+/root
 /usr/share/icingaweb2
 /var/git
 /var/lib/docker/volumes
 /var/lib/icinga2
 /var/lib/samba
+/var/spool/cron
 /var/svn
 /var/www

roles/backup/files/config/dhcp-kea_includes.txt

@@ -0,0 +1,2 @@
+/etc
+/var/spool/cron/crontabs

roles/backup/files/config/dhcp-stork_includes.txt

@@ -0,0 +1,2 @@
+/etc
+/var/spool/cron/crontabs

roles/backup/files/config/docker01_includes.txt

@@ -1,2 +1,4 @@
+/etc
 /opt/docker
 /var/lib/docker/volumes
+/var/spool/cron/crontabs

roles/backup/files/config/docker02_excludes .txt

@@ -1 +0,0 @@
-peertube.test

roles/backup/files/config/docker02_includes.txt

@@ -1,2 +0,0 @@
-/opt/docker
-/var/lib/docker/volumes

roles/backup/files/config/elk-stack_includes.txt

@@ -0,0 +1,2 @@
+/etc
+/var/spool/cron/crontabs

roles/backup/files/config/generic_excludes.txt

@@ -1,3 +0,0 @@
-lost\+found
-*.bak
-.debug

roles/backup/files/config/generic_includes.txt

@@ -1,4 +0,0 @@
-/etc
-/home
-/root
-/var/spool/cron

roles/backup/files/config/grafana_includes.txt

@@ -0,0 +1,2 @@
+/etc
+/var/spool/cron/crontabs

roles/backup/files/config/graylog_includes.txt

@@ -0,0 +1,2 @@
+/etc
+/var/spool/cron/crontabs

roles/backup/files/config/haproxy01_includes.txt

@@ -0,0 +1,2 @@
+/etc
+/var/spool/cron/crontabs

roles/backup/files/config/haproxy02_includes.txt

@@ -0,0 +1,2 @@
+/etc
+/var/spool/cron/crontabs

roles/backup/files/config/icinga_includes.txt

@@ -1,8 +1,4 @@
-/usr/share/icinga-L10n
-/usr/share/icinga-php
-/usr/share/icinga2
-/usr/share/icinga2-ido-mysql
-/usr/share/icingadb
-/usr/share/icingadb-redis
-/usr/share/icingaweb2
+/etc
+/usr/share/icinga*
 /usr/lib/icinga2
+/var/spool/cron/crontabs

roles/backup/files/config/jitsi_excludes.txt

@@ -0,0 +1 @@
+*.bak

roles/backup/files/config/jitsi_includes.txt

@@ -1,3 +1,6 @@
+/etc
+/home
+/root
 /usr/share/jicofo
 /usr/share/jitsi-meet
 /usr/share/jitsi-meet-prosody
@@ -5,4 +8,5 @@
 /usr/share/jitsi-meet-web-config
 /usr/share/jitsi-videobridge
 /var/lib/prosody
+/var/spool/cron
 /var/www

roles/backup/files/config/librenms_includes.txt

@@ -0,0 +1,2 @@
+/etc
+/var/spool/cron/crontabs

roles/backup/files/config/mail_includes.txt

@@ -1 +1,4 @@
+/etc
+/home
+/var/spool/cron/crontabs
 /var/spool/postfix

roles/backup/files/config/mailcow_includes.txt

@@ -1,3 +1,6 @@
+/etc
+/home
 /opt/backup
 /opt/mailcow-dockerized
 /var/lib/docker/volumes
+/var/spool/cron/crontabs

roles/backup/files/config/mariadb01_includes.txt

@@ -0,0 +1,2 @@
+/etc
+/var/spool/cron/crontabs

roles/backup/files/config/mariadb02_includes.txt

@@ -0,0 +1,2 @@
+/etc
+/var/spool/cron/crontabs

roles/backup/files/config/mariadb03_includes.txt

@@ -0,0 +1,2 @@
+/etc
+/var/spool/cron/crontabs

roles/backup/files/config/mewitoot_excludes.txt

@@ -0,0 +1 @@
+*.bak

roles/backup/files/config/mewitoot_includes.txt

@@ -1,3 +1,7 @@
+/etc
+/home
+/root
 /var/backups/postgresql
 /var/cache/bind
 /var/lib/bind
+/var/spool/cron

roles/backup/files/config/netbox_includes.txt

@@ -0,0 +1,2 @@
+/etc
+/var/spool/cron/crontabs

roles/backup/files/config/nextcloud_includes.txt

@@ -1 +1,2 @@
-/var/www/nextcloud
+/etc
+/var/spool/cron/crontabs

roles/backup/files/config/ns1_includes.txt

@@ -1 +1,3 @@
+/etc
 /var/named
+/var/spool/cron/crontabs

roles/backup/files/config/paperless_includes.txt

@@ -1,5 +0,0 @@
-/opt/paperless
-/opt/paperless-consume
-/opt/paperless-data
-/opt/paperless-media
-/opt/paperless-static

roles/backup/files/config/pi-alert_includes.txt

@@ -0,0 +1,2 @@
+/etc
+/var/spool/cron/crontabs

roles/backup/files/config/pi-hole_includes.txt

@@ -0,0 +1,2 @@
+/etc
+/var/spool/cron/crontabs

roles/backup/files/config/pixelfed_includes.txt

@@ -1 +0,0 @@
-/srv/http/pixelfed