From 0a62a8d248a640f8c284b4f953caa63a32173aed Mon Sep 17 00:00:00 2001
From: = <=>
Date: Tue, 10 Jun 2025 21:05:04 +0200
Subject: [PATCH 01/19] add install_ssh role

---
 roles/server_install_ssh/defaults/main.yml    |  8 ++++
 roles/server_install_ssh/handlers/main.yml    |  5 +++
 roles/server_install_ssh/meta/main.yml        |  0
 roles/server_install_ssh/tasks/main.yml       | 41 +++++++++++++++++++
 .../templates/sshd_config.j2                  | 18 ++++++++
 roles/server_install_ssh/vars/main.yml        |  0
 6 files changed, 72 insertions(+)
 create mode 100644 roles/server_install_ssh/defaults/main.yml
 create mode 100644 roles/server_install_ssh/handlers/main.yml
 create mode 100644 roles/server_install_ssh/meta/main.yml
 create mode 100644 roles/server_install_ssh/tasks/main.yml
 create mode 100644 roles/server_install_ssh/templates/sshd_config.j2
 create mode 100644 roles/server_install_ssh/vars/main.yml

diff --git a/roles/server_install_ssh/defaults/main.yml b/roles/server_install_ssh/defaults/main.yml
new file mode 100644
index 0000000..9003640
--- /dev/null
+++ b/roles/server_install_ssh/defaults/main.yml
@@ -0,0 +1,8 @@
+# Standard-SSH-Benutzer
+ssh_user: skulladmin
+
+# Platzhalter-Key
+ssh_public_key: ""
+
+# SSH-Port
+ssh_port: 22
\ No newline at end of file
diff --git a/roles/server_install_ssh/handlers/main.yml b/roles/server_install_ssh/handlers/main.yml
new file mode 100644
index 0000000..9c4c94c
--- /dev/null
+++ b/roles/server_install_ssh/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: Restart SSH
+  service:
+    name: ssh
+    state: restarted
\ No newline at end of file
diff --git a/roles/server_install_ssh/meta/main.yml b/roles/server_install_ssh/meta/main.yml
new file mode 100644
index 0000000..e69de29
diff --git a/roles/server_install_ssh/tasks/main.yml b/roles/server_install_ssh/tasks/main.yml
new file mode 100644
index 0000000..0122e9d
--- /dev/null
+++ b/roles/server_install_ssh/tasks/main.yml
@@ -0,0 +1,41 @@
+---
+- name: Paketlisten aktualisieren
+  apt:
+    update_cache: yes
+    cache_valid_time: 3600
+
+- name: OpenSSH Server installieren
+  apt:
+    name: openssh-server
+    state: present
+
+- name: Benutzer anlegen (falls nicht vorhanden)
+  user:
+    name: "{{ ssh_user }}"
+    shell: /bin/bash
+    create_home: yes
+
+- name: SSH-Verzeichnis anlegen
+  file:
+    path: "/home/{{ ssh_user }}/.ssh"
+    state: directory
+    owner: "{{ ssh_user }}"
+    group: "{{ ssh_user }}"
+    mode: '0700'
+
+- name: SSH-Key eintragen
+  copy:
+    content: "{{ ssh_public_key }}"
+    dest: "/home/{{ ssh_user }}/.ssh/authorized_keys"
+    owner: "{{ ssh_user }}"
+    group: "{{ ssh_user }}"
+    mode: '0600'
+
+- name: SSH-Konfiguration per Template übertragen
+  template:
+    src: sshd_config.j2
+    dest: /etc/ssh/sshd_config
+    owner: root
+    group: root
+    mode: '0644'
+  notify: Restart SSH
\ No newline at end of file
diff --git a/roles/server_install_ssh/templates/sshd_config.j2 b/roles/server_install_ssh/templates/sshd_config.j2
new file mode 100644
index 0000000..761dcf8
--- /dev/null
+++ b/roles/server_install_ssh/templates/sshd_config.j2
@@ -0,0 +1,18 @@
+# OpenSSH server configuration (managed by Ansible)
+Port {{ ssh_port }}
+Protocol 2
+PermitRootLogin no
+PasswordAuthentication no
+ChallengeResponseAuthentication no
+UsePAM yes
+X11Forwarding no
+AllowUsers {{ ssh_user }}
+ClientAliveInterval 300
+ClientAliveCountMax 2
+LoginGraceTime 30
+MaxAuthTries 3
+AllowTcpForwarding no
+PermitEmptyPasswords no
+PrintMotd no
+UseDNS no
+Compression no
\ No newline at end of file
diff --git a/roles/server_install_ssh/vars/main.yml b/roles/server_install_ssh/vars/main.yml
new file mode 100644
index 0000000..e69de29

From 20064cff722277bf65cbafcf3dee360c7e7434f1 Mon Sep 17 00:00:00 2001
From: = <=>
Date: Tue, 10 Jun 2025 21:05:12 +0200
Subject: [PATCH 02/19] add template role

---
 roles/template_role/defaults/main.yml | 0
 roles/template_role/handlers/main.yml | 0
 roles/template_role/meta/main.yml     | 0
 roles/template_role/tasks/main.yml    | 0
 roles/template_role/vars/main.yml     | 0
 5 files changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 roles/template_role/defaults/main.yml
 create mode 100644 roles/template_role/handlers/main.yml
 create mode 100644 roles/template_role/meta/main.yml
 create mode 100644 roles/template_role/tasks/main.yml
 create mode 100644 roles/template_role/vars/main.yml

diff --git a/roles/template_role/defaults/main.yml b/roles/template_role/defaults/main.yml
new file mode 100644
index 0000000..e69de29
diff --git a/roles/template_role/handlers/main.yml b/roles/template_role/handlers/main.yml
new file mode 100644
index 0000000..e69de29
diff --git a/roles/template_role/meta/main.yml b/roles/template_role/meta/main.yml
new file mode 100644
index 0000000..e69de29
diff --git a/roles/template_role/tasks/main.yml b/roles/template_role/tasks/main.yml
new file mode 100644
index 0000000..e69de29
diff --git a/roles/template_role/vars/main.yml b/roles/template_role/vars/main.yml
new file mode 100644
index 0000000..e69de29

From 8d87025817bdc000abc3b12b067efa2f8d0dca57 Mon Sep 17 00:00:00 2001
From: Kevin Heyer <kevin.heyer@skull-it.de>
Date: Tue, 10 Jun 2025 22:06:49 +0200
Subject: [PATCH 03/19] change config

---
 .ansible-lint | 2 ++
 .gitignore    | 1 +
 ansible.cfg   | 2 +-
 3 files changed, 4 insertions(+), 1 deletion(-)
 create mode 100644 .ansible-lint

diff --git a/.ansible-lint b/.ansible-lint
new file mode 100644
index 0000000..15f981d
--- /dev/null
+++ b/.ansible-lint
@@ -0,0 +1,2 @@
+skip_list:
+  - var-naming
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
index 9c584bd..c889a4e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,6 +4,7 @@ inventory/
 # Ignore .secret files.... you know, there secret...
 *.secret
 .vault-*
+vault.secret
 
 # Ignore Caching
 cache/
diff --git a/ansible.cfg b/ansible.cfg
index 0fd6374..ebae1c2 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -10,7 +10,7 @@ fact_caching_connection = ./cache
 fact_caching_timeout = 86400
 
 # Rollen-Pfade
-roles_path = ./roles/global:./roles/custom
+roles_path = ./roles/
 
 # Vault-Einstellungen
 vault_password_file = ./vault.secret

From 59db1cc23a8144939afd4625cf62f64a7f854950 Mon Sep 17 00:00:00 2001
From: Kevin Heyer <kevin.heyer@skull-it.de>
Date: Tue, 10 Jun 2025 22:07:03 +0200
Subject: [PATCH 04/19] linting

---
 roles/server_install_ssh/defaults/main.yml |  2 +-
 roles/server_install_ssh/handlers/main.yml |  4 ++--
 roles/server_install_ssh/tasks/main.yml    | 18 +++++++++---------
 3 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/roles/server_install_ssh/defaults/main.yml b/roles/server_install_ssh/defaults/main.yml
index 9003640..cf4734c 100644
--- a/roles/server_install_ssh/defaults/main.yml
+++ b/roles/server_install_ssh/defaults/main.yml
@@ -5,4 +5,4 @@ ssh_user: skulladmin
 ssh_public_key: ""
 
 # SSH-Port
-ssh_port: 22
\ No newline at end of file
+ssh_port: 22
diff --git a/roles/server_install_ssh/handlers/main.yml b/roles/server_install_ssh/handlers/main.yml
index 9c4c94c..d0383c6 100644
--- a/roles/server_install_ssh/handlers/main.yml
+++ b/roles/server_install_ssh/handlers/main.yml
@@ -1,5 +1,5 @@
 ---
 - name: Restart SSH
-  service:
+  ansible.builtin.service:
     name: ssh
-    state: restarted
\ No newline at end of file
+    state: restarted
diff --git a/roles/server_install_ssh/tasks/main.yml b/roles/server_install_ssh/tasks/main.yml
index 0122e9d..cb293a1 100644
--- a/roles/server_install_ssh/tasks/main.yml
+++ b/roles/server_install_ssh/tasks/main.yml
@@ -1,22 +1,22 @@
 ---
 - name: Paketlisten aktualisieren
-  apt:
-    update_cache: yes
+  ansible.builtin.apt:
+    update_cache: true
     cache_valid_time: 3600
 
 - name: OpenSSH Server installieren
-  apt:
+  ansible.builtin.apt:
     name: openssh-server
     state: present
 
 - name: Benutzer anlegen (falls nicht vorhanden)
-  user:
+  ansible.builtin.user:
     name: "{{ ssh_user }}"
     shell: /bin/bash
-    create_home: yes
+    create_home: true
 
 - name: SSH-Verzeichnis anlegen
-  file:
+  ansible.builtin.file:
     path: "/home/{{ ssh_user }}/.ssh"
     state: directory
     owner: "{{ ssh_user }}"
@@ -24,7 +24,7 @@
     mode: '0700'
 
 - name: SSH-Key eintragen
-  copy:
+  ansible.builtin.copy:
     content: "{{ ssh_public_key }}"
     dest: "/home/{{ ssh_user }}/.ssh/authorized_keys"
     owner: "{{ ssh_user }}"
@@ -32,10 +32,10 @@
     mode: '0600'
 
 - name: SSH-Konfiguration per Template übertragen
-  template:
+  ansible.builtin.template:
     src: sshd_config.j2
     dest: /etc/ssh/sshd_config
     owner: root
     group: root
     mode: '0644'
-  notify: Restart SSH
\ No newline at end of file
+  notify: Restart SSH

From 19ffd5953ff9f051225510e5ee61619ad829a085 Mon Sep 17 00:00:00 2001
From: Kevin Heyer <kevin.heyer@skull-it.de>
Date: Tue, 10 Jun 2025 22:07:17 +0200
Subject: [PATCH 05/19] create playbook for docker1

---
 playbooks/heyer.systems/docker1.yml | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 playbooks/heyer.systems/docker1.yml

diff --git a/playbooks/heyer.systems/docker1.yml b/playbooks/heyer.systems/docker1.yml
new file mode 100644
index 0000000..f830fce
--- /dev/null
+++ b/playbooks/heyer.systems/docker1.yml
@@ -0,0 +1,5 @@
+---
+- name: Install and start Apache web server
+  hosts: docker1
+  roles:
+    - server_install_ssh

From f973808f0c048f041aaf46434719672b47e5b45b Mon Sep 17 00:00:00 2001
From: Kevin Heyer <kevin.heyer@skull-it.de>
Date: Sat, 14 Jun 2025 14:43:11 +0200
Subject: [PATCH 06/19] update

---
 .gitignore | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index c889a4e..bb1b570 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,10 +4,13 @@ inventory/
 # Ignore .secret files.... you know, there secret...
 *.secret
 .vault-*
-vault.secret
 
 # Ignore Caching
 cache/
 
 # Ignore Testplaybook
-playbooks/global/testserver.yml
\ No newline at end of file
+playbooks/global/testserver.yml
+
+# Ignore unneccessary Files
+.vscode
+.ansible
\ No newline at end of file

From 04ce3e33a036c017de25eae8213fdf0b6d87eea7 Mon Sep 17 00:00:00 2001
From: Kevin Heyer <kevin.heyer@skull-it.de>
Date: Sat, 14 Jun 2025 14:43:28 +0200
Subject: [PATCH 07/19] add default private key location

---
 ansible.cfg | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ansible.cfg b/ansible.cfg
index ebae1c2..e75e998 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -2,6 +2,7 @@
 inventory = ./inventory/
 host_key_checking = False
 retry_files_enabled = False
+private_key_file = ~/.ssh/ansible_key
 
 # Caching-Einstellungen
 gathering = smart
@@ -26,4 +27,4 @@ become_ask_pass = False
 
 [ssh_connection]
 ssh_args = -o ControlMaster=auto -o ControlPersist=60s
-pipelining = True
+pipelining = True
\ No newline at end of file

From 09110e73dfe65c4c687435058efeb8c7b7b375b8 Mon Sep 17 00:00:00 2001
From: Kevin Heyer <kevin.heyer@skull-it.de>
Date: Sat, 14 Jun 2025 14:43:53 +0200
Subject: [PATCH 08/19] add fail2ban role

---
 .../server_install_fail2ban/defaults/main.yml |  5 ++++
 .../server_install_fail2ban/handlers/main.yml |  5 ++++
 roles/server_install_fail2ban/meta/main.yml   |  0
 roles/server_install_fail2ban/tasks/main.yml  | 23 +++++++++++++++++++
 .../templates/jail.local.j2                   | 15 ++++++++++++
 roles/server_install_fail2ban/vars/main.yml   |  0
 6 files changed, 48 insertions(+)
 create mode 100644 roles/server_install_fail2ban/defaults/main.yml
 create mode 100644 roles/server_install_fail2ban/handlers/main.yml
 create mode 100644 roles/server_install_fail2ban/meta/main.yml
 create mode 100644 roles/server_install_fail2ban/tasks/main.yml
 create mode 100644 roles/server_install_fail2ban/templates/jail.local.j2
 create mode 100644 roles/server_install_fail2ban/vars/main.yml

diff --git a/roles/server_install_fail2ban/defaults/main.yml b/roles/server_install_fail2ban/defaults/main.yml
new file mode 100644
index 0000000..84f45e2
--- /dev/null
+++ b/roles/server_install_fail2ban/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+fail2ban_ssh_enabled: true
+fail2ban_ssh_maxretry: 5
+fail2ban_ssh_bantime: 1h
+fail2ban_ssh_findtime: 1h
diff --git a/roles/server_install_fail2ban/handlers/main.yml b/roles/server_install_fail2ban/handlers/main.yml
new file mode 100644
index 0000000..c86a3ee
--- /dev/null
+++ b/roles/server_install_fail2ban/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: Restart fail2ban
+  ansible.builtin.service:
+    name: fail2ban
+    state: restarted
diff --git a/roles/server_install_fail2ban/meta/main.yml b/roles/server_install_fail2ban/meta/main.yml
new file mode 100644
index 0000000..e69de29
diff --git a/roles/server_install_fail2ban/tasks/main.yml b/roles/server_install_fail2ban/tasks/main.yml
new file mode 100644
index 0000000..77d0ebf
--- /dev/null
+++ b/roles/server_install_fail2ban/tasks/main.yml
@@ -0,0 +1,23 @@
+---
+- name: Update apt package index
+  ansible.builtin.apt:
+    update_cache: true
+    cache_valid_time: 3600
+
+- name: Install Fail2Ban
+  ansible.builtin.apt:
+    name: fail2ban
+    state: present
+
+- name: Ensure Fail2Ban service is enabled and running
+  ansible.builtin.service:
+    name: fail2ban
+    enabled: true
+    state: started
+
+- name: Configure Fail2Ban for SSH
+  ansible.builtin.template:
+    src: jail.local.j2
+    dest: /etc/fail2ban/jail.local
+    mode: '0644'
+  notify: Restart fail2ban
diff --git a/roles/server_install_fail2ban/templates/jail.local.j2 b/roles/server_install_fail2ban/templates/jail.local.j2
new file mode 100644
index 0000000..866c49e
--- /dev/null
+++ b/roles/server_install_fail2ban/templates/jail.local.j2
@@ -0,0 +1,15 @@
+[DEFAULT]
+# Ignore local IP addresses
+ignoreip = 127.0.0.1/8 ::1
+
+# Ban settings
+bantime = {{ fail2ban_ssh_bantime }}
+findtime = {{ fail2ban_ssh_findtime }}
+maxretry = {{ fail2ban_ssh_maxretry }}
+
+[sshd]
+enabled = {{ fail2ban_ssh_enabled | lower }}
+port = ssh
+filter = sshd
+logpath = %(sshd_log)s
+maxretry = {{ fail2ban_ssh_maxretry }}
\ No newline at end of file
diff --git a/roles/server_install_fail2ban/vars/main.yml b/roles/server_install_fail2ban/vars/main.yml
new file mode 100644
index 0000000..e69de29

From 8112a6cb3041320ccf6e77fe5037e61a728ae02f Mon Sep 17 00:00:00 2001
From: Kevin Heyer <kevin.heyer@skull-it.de>
Date: Sat, 14 Jun 2025 14:44:25 +0200
Subject: [PATCH 09/19] remove rule of specific user

---
 roles/server_install_ssh/templates/sshd_config.j2 | 1 -
 1 file changed, 1 deletion(-)

diff --git a/roles/server_install_ssh/templates/sshd_config.j2 b/roles/server_install_ssh/templates/sshd_config.j2
index 761dcf8..c4cded6 100644
--- a/roles/server_install_ssh/templates/sshd_config.j2
+++ b/roles/server_install_ssh/templates/sshd_config.j2
@@ -6,7 +6,6 @@ PasswordAuthentication no
 ChallengeResponseAuthentication no
 UsePAM yes
 X11Forwarding no
-AllowUsers {{ ssh_user }}
 ClientAliveInterval 300
 ClientAliveCountMax 2
 LoginGraceTime 30

From b2191115342930fd20371e84c8e3646d5257328e Mon Sep 17 00:00:00 2001
From: Kevin Heyer <kevin.heyer@skull-it.de>
Date: Sat, 14 Jun 2025 14:44:38 +0200
Subject: [PATCH 10/19] add fail2ban role

---
 playbooks/heyer.systems/docker1.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/playbooks/heyer.systems/docker1.yml b/playbooks/heyer.systems/docker1.yml
index f830fce..3a4639d 100644
--- a/playbooks/heyer.systems/docker1.yml
+++ b/playbooks/heyer.systems/docker1.yml
@@ -3,3 +3,4 @@
   hosts: docker1
   roles:
     - server_install_ssh
+    - server_install_fail2ban

From 06ed516ff76c12e6aedff111bf87cbb437dbbe45 Mon Sep 17 00:00:00 2001
From: Kevin Heyer <kevin.heyer@skull-it.de>
Date: Sat, 14 Jun 2025 14:44:45 +0200
Subject: [PATCH 11/19] init

---
 playbooks/heyer.systems/all.yml       | 5 +++++
 playbooks/heyer.systems/calibre.yml   | 6 ++++++
 playbooks/heyer.systems/minecraft.yml | 6 ++++++
 playbooks/heyer.systems/pihole.yml    | 6 ++++++
 playbooks/heyer.systems/pve1.yml      | 6 ++++++
 playbooks/heyer.systems/pve2.yml      | 6 ++++++
 playbooks/heyer.systems/pve3.yml      | 6 ++++++
 7 files changed, 41 insertions(+)
 create mode 100644 playbooks/heyer.systems/all.yml
 create mode 100644 playbooks/heyer.systems/calibre.yml
 create mode 100644 playbooks/heyer.systems/minecraft.yml
 create mode 100644 playbooks/heyer.systems/pihole.yml
 create mode 100644 playbooks/heyer.systems/pve1.yml
 create mode 100644 playbooks/heyer.systems/pve2.yml
 create mode 100644 playbooks/heyer.systems/pve3.yml

diff --git a/playbooks/heyer.systems/all.yml b/playbooks/heyer.systems/all.yml
new file mode 100644
index 0000000..254a054
--- /dev/null
+++ b/playbooks/heyer.systems/all.yml
@@ -0,0 +1,5 @@
+---
+- name: Install and start Apache web server
+  hosts: all
+  roles:
+    - server_install_ssh
diff --git a/playbooks/heyer.systems/calibre.yml b/playbooks/heyer.systems/calibre.yml
new file mode 100644
index 0000000..af6f471
--- /dev/null
+++ b/playbooks/heyer.systems/calibre.yml
@@ -0,0 +1,6 @@
+---
+- name: Install and start Apache web server
+  hosts: calibre
+  roles:
+    - server_install_ssh
+    - server_install_fail2ban
\ No newline at end of file
diff --git a/playbooks/heyer.systems/minecraft.yml b/playbooks/heyer.systems/minecraft.yml
new file mode 100644
index 0000000..7c4b505
--- /dev/null
+++ b/playbooks/heyer.systems/minecraft.yml
@@ -0,0 +1,6 @@
+---
+- name: Install and start Apache web server
+  hosts: minecraft
+  roles:
+    - server_install_ssh
+    - server_install_fail2ban
\ No newline at end of file
diff --git a/playbooks/heyer.systems/pihole.yml b/playbooks/heyer.systems/pihole.yml
new file mode 100644
index 0000000..253f099
--- /dev/null
+++ b/playbooks/heyer.systems/pihole.yml
@@ -0,0 +1,6 @@
+---
+- name: Install and start Apache web server
+  hosts: pihole
+  roles:
+    - server_install_ssh
+    - server_install_fail2ban
\ No newline at end of file
diff --git a/playbooks/heyer.systems/pve1.yml b/playbooks/heyer.systems/pve1.yml
new file mode 100644
index 0000000..6404a9b
--- /dev/null
+++ b/playbooks/heyer.systems/pve1.yml
@@ -0,0 +1,6 @@
+---
+- name: Install and start Apache web server
+  hosts: pve1
+  roles:
+    - server_install_ssh
+    - server_install_fail2ban
\ No newline at end of file
diff --git a/playbooks/heyer.systems/pve2.yml b/playbooks/heyer.systems/pve2.yml
new file mode 100644
index 0000000..ce4e7d8
--- /dev/null
+++ b/playbooks/heyer.systems/pve2.yml
@@ -0,0 +1,6 @@
+---
+- name: Install and start Apache web server
+  hosts: pve2
+  roles:
+    - server_install_ssh
+    - server_install_fail2ban
\ No newline at end of file
diff --git a/playbooks/heyer.systems/pve3.yml b/playbooks/heyer.systems/pve3.yml
new file mode 100644
index 0000000..848132b
--- /dev/null
+++ b/playbooks/heyer.systems/pve3.yml
@@ -0,0 +1,6 @@
+---
+- name: Install and start Apache web server
+  hosts: pve3
+  roles:
+    - server_install_ssh
+    - server_install_fail2ban
\ No newline at end of file

From 12635d0a432bad2dec6f757123d32e5311eaef6c Mon Sep 17 00:00:00 2001
From: Kevin Heyer <kevin.heyer@skull-it.de>
Date: Sat, 14 Jun 2025 14:44:50 +0200
Subject: [PATCH 12/19] init

---
 roles/template_role/files/.gitkeep     | 0
 roles/template_role/templates/.gitkeep | 0
 2 files changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 roles/template_role/files/.gitkeep
 create mode 100644 roles/template_role/templates/.gitkeep

diff --git a/roles/template_role/files/.gitkeep b/roles/template_role/files/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/roles/template_role/templates/.gitkeep b/roles/template_role/templates/.gitkeep
new file mode 100644
index 0000000..e69de29

From e83d05b79b24b7e889a01fc8d10a6de3f240137a Mon Sep 17 00:00:00 2001
From: Kevin Heyer <kevin.heyer@skull-it.de>
Date: Sat, 14 Jun 2025 17:15:24 +0200
Subject: [PATCH 13/19] add traefik container role

---
 .../defaults/main.yml                         | 35 ++++++++++++
 .../handlers/main.yml                         |  0
 roles/deploy_container_traefik/meta/main.yml  |  0
 roles/deploy_container_traefik/tasks/main.yml | 57 +++++++++++++++++++
 .../templates/.env.j2                         | 29 ++++++++++
 .../templates/default.yml.j2                  | 19 +++++++
 .../templates/docker-compose.yml.j2           | 44 ++++++++++++++
 .../templates/hosts.yml.j2                    | 42 ++++++++++++++
 .../templates/traefik.yml.j2                  | 43 ++++++++++++++
 roles/deploy_container_traefik/vars/main.yml  |  2 +
 10 files changed, 271 insertions(+)
 create mode 100644 roles/deploy_container_traefik/defaults/main.yml
 create mode 100644 roles/deploy_container_traefik/handlers/main.yml
 create mode 100644 roles/deploy_container_traefik/meta/main.yml
 create mode 100644 roles/deploy_container_traefik/tasks/main.yml
 create mode 100644 roles/deploy_container_traefik/templates/.env.j2
 create mode 100644 roles/deploy_container_traefik/templates/default.yml.j2
 create mode 100644 roles/deploy_container_traefik/templates/docker-compose.yml.j2
 create mode 100644 roles/deploy_container_traefik/templates/hosts.yml.j2
 create mode 100644 roles/deploy_container_traefik/templates/traefik.yml.j2
 create mode 100644 roles/deploy_container_traefik/vars/main.yml

diff --git a/roles/deploy_container_traefik/defaults/main.yml b/roles/deploy_container_traefik/defaults/main.yml
new file mode 100644
index 0000000..1eea22b
--- /dev/null
+++ b/roles/deploy_container_traefik/defaults/main.yml
@@ -0,0 +1,35 @@
+---
+container_traefik_version: "latest"
+container_traefik_http_port: 80
+container_traefik_https_port: 443
+container_traefik_domain: "example.com"
+container_traefik_san_domains:
+  - "example.com"
+  - "example.org"
+container_traefik_cloudflare_mail: "your-email@example.com"
+container_traefik_cloudflare_token: "your-cloudflare-token"
+container_traefik_basicauth_user: "admin"
+container_traefik_basicauth_password: "yourpassword"
+
+# Static Traefik Routes
+container_traefik_routers:
+  traefik:
+    entryPoints:
+      - "https"
+    rule: "Host(`example.example.com`)"
+    middlewares:
+      - default-headers
+    tls: {}
+    service: traefik
+
+container_traefik_services:
+  traefik:
+    loadBalancer:
+      servers:
+        - url: "http://127.0.0.1"
+      passHostHeader: true
+      serversTransport: insecure-https
+
+container_traefik_serversTransports:
+  insecure-https:
+    insecureSkipVerify: true
diff --git a/roles/deploy_container_traefik/handlers/main.yml b/roles/deploy_container_traefik/handlers/main.yml
new file mode 100644
index 0000000..e69de29
diff --git a/roles/deploy_container_traefik/meta/main.yml b/roles/deploy_container_traefik/meta/main.yml
new file mode 100644
index 0000000..e69de29
diff --git a/roles/deploy_container_traefik/tasks/main.yml b/roles/deploy_container_traefik/tasks/main.yml
new file mode 100644
index 0000000..da3e7a6
--- /dev/null
+++ b/roles/deploy_container_traefik/tasks/main.yml
@@ -0,0 +1,57 @@
+---
+- name: Ensure data directories exist
+  ansible.builtin.file:
+    path: "{{ traefik_container_dir }}/data/{{ item }}"
+    state: directory
+    mode: '0755'
+  loop:
+    - "traefik"
+    - "certs"
+    - "logs"
+    - "traefik/config.d"
+  become: false
+
+- name: Ensure log files exist
+  ansible.builtin.file:
+    path: "{{ traefik_container_dir }}/data/logs/{{ item }}"
+    state: touch
+    mode: '0644'
+  loop:
+    - "traefik.log"
+    - "access.log"
+  become: false
+
+- name: Deploy Traefik configuration files
+  ansible.builtin.template:
+    src: "{{ item.src }}"
+    dest: "{{ traefik_container_dir }}/data/{{ item.dest }}"
+    mode: '0644'
+  loop:
+    - { src: 'traefik.yml.j2', dest: 'traefik/traefik.yml' }
+    - { src: 'default.yml.j2', dest: 'traefik/config.d/default.yml' }
+    - { src: 'hosts.yml.j2', dest: 'traefik/config.d/hosts.yml' }
+  become: false
+
+- name: Deploy Docker Compose and .env files
+  ansible.builtin.template:
+    src: "{{ item.src }}"
+    dest: "{{ traefik_container_dir }}/{{ item.dest }}"
+    mode: '0644'
+  loop:
+    - { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' }
+    - { src: '.env.j2', dest: '.env' }
+  become: false
+
+- name: Ensure Docker network exists
+  community.docker.docker_network:
+    name: traefik
+    state: present
+    docker_host: "unix:///run/user/1000/docker.sock"
+  become: false
+
+- name: Start Traefik container
+  community.docker.docker_compose_v2:
+    project_src: "{{ traefik_container_dir }}"
+    pull: always
+    docker_host: "unix:///run/user/1000/docker.sock"
+  become: false
diff --git a/roles/deploy_container_traefik/templates/.env.j2 b/roles/deploy_container_traefik/templates/.env.j2
new file mode 100644
index 0000000..8428d72
--- /dev/null
+++ b/roles/deploy_container_traefik/templates/.env.j2
@@ -0,0 +1,29 @@
+# Traefik Version
+# Defines the version of Traefik to be used. By default, "latest" is used.
+TRAEFIK_VERSION={{ container_traefik_version }}
+
+TRAEFIK_DOMAIN={{ container_traefik_domain }}
+
+# Ports
+# Defines the ports on which Traefik will be available for HTTP and HTTPS traffic.
+# By default, these are 80 (HTTP) and 443 (HTTPS).
+TRAEFIK_HTTP_PORT={{ container_traefik_http_port }}
+TRAEFIK_HTTPS_PORT={{ container_traefik_https_port }}
+
+# Cloudflare API Access
+# Your Cloudflare API credentials that Traefik uses to automatically obtain TLS certificates
+# via the Cloudflare DNS provider.
+# Replace the following placeholders with your actual Cloudflare details:
+# - CLOUDFLARE_MAIL: Your Cloudflare email address
+# - CLOUDFLARE_TOKEN: Your Cloudflare API token
+CLOUDFLARE_MAIL={{ container_traefik_cloudflare_mail }}
+CLOUDFLARE_TOKEN={{ container_traefik_cloudflare_token }}
+
+# Basic Auth Configuration
+# Basic authentication credentials for securing the Traefik dashboard.
+# You can generate the password using the following command:
+#   echo $(htpasswd -nB yourusername) | sed -e s/\\$/\\$\\$/g
+# Replace `yourusername` with the desired username.
+# The generated value can then be placed in the `BASICAUTH_PASSWORD` variable.
+TRAEFIK_BASICAUTH_USER={{ container_traefik_basicauth_user }}
+TRAEFIK_BASICAUTH_PASSWORD={{ container_traefik_basicauth_password }}
\ No newline at end of file
diff --git a/roles/deploy_container_traefik/templates/default.yml.j2 b/roles/deploy_container_traefik/templates/default.yml.j2
new file mode 100644
index 0000000..a9485b6
--- /dev/null
+++ b/roles/deploy_container_traefik/templates/default.yml.j2
@@ -0,0 +1,19 @@
+http:
+  middlewares:
+    https-redirect:
+      redirectScheme:
+        scheme: https
+
+    default-headers:
+      headers:
+        frameDeny: true
+        sslRedirect: true
+        browserXssFilter: true
+        contentTypeNosniff: true
+        forceSTSHeader: true
+        stsIncludeSubdomains: true
+        stsPreload: true
+        stsSeconds: 15552000
+        customFrameOptionsValue: SAMEORIGIN
+        customRequestHeaders:
+          X-Forwarded-Proto: https
diff --git a/roles/deploy_container_traefik/templates/docker-compose.yml.j2 b/roles/deploy_container_traefik/templates/docker-compose.yml.j2
new file mode 100644
index 0000000..90a5f2c
--- /dev/null
+++ b/roles/deploy_container_traefik/templates/docker-compose.yml.j2
@@ -0,0 +1,44 @@
+---
+services:
+  traefik:
+    image: traefik:${TRAEFIK_VERSION}
+    container_name: traefik
+    restart: always
+    security_opt:
+      - "no-new-privileges:true"
+    networks:
+      - traefik
+    ports:
+      - ${TRAEFIK_HTTP_PORT}:80
+      - ${TRAEFIK_HTTPS_PORT}:443
+    volumes:
+      - /run/user/1000/docker.sock:/var/run/docker.sock:ro
+      - ./data/traefik:/etc/traefik
+      - ./data/certs:/etc/certs:ro
+      - ./data/logs/traefik.log:/var/log/traefik.log
+      - ./data/logs/access.log:/var/log/crowdsec/traefik.log
+    environment:
+      - "CF_API_EMAIL=${CLOUDFLARE_MAIL:?error}"
+      - "CF_DNS_API_TOKEN=${CLOUDFLARE_TOKEN:?error}"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.traefik.entrypoints=http"
+      - "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN}`)"
+      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
+      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
+      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
+      - "traefik.http.routers.traefik-secure.entrypoints=https"
+      - "traefik.http.middlewares.basic-auth.basicauth.users=${TRAEFIK_BASICAUTH_USER}:${TRAEFIK_BASICAUTH_PASSWORD}"
+      - "traefik.http.routers.traefik-secure.middlewares=basic-auth"
+      - "traefik.http.routers.traefik-secure.rule=Host(`${TRAEFIK_DOMAIN}`)"
+      - "traefik.http.routers.traefik-secure.tls=true"
+      - "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare"
+{% for domain in container_traefik_san_domains %}
+      - "traefik.http.routers.traefik-secure.tls.domains[{{ loop.index0 }}].main={{ domain }}"
+      - "traefik.http.routers.traefik-secure.tls.domains[{{ loop.index0 }}].sans=*.{{ domain }}"
+{% endfor %}
+      - "traefik.http.routers.traefik-secure.service=api@internal"
+
+networks:
+  traefik:
+    external: true
diff --git a/roles/deploy_container_traefik/templates/hosts.yml.j2 b/roles/deploy_container_traefik/templates/hosts.yml.j2
new file mode 100644
index 0000000..dc23f3d
--- /dev/null
+++ b/roles/deploy_container_traefik/templates/hosts.yml.j2
@@ -0,0 +1,42 @@
+http:
+  routers:
+{% for router_name, router in container_traefik_routers.items() %}
+    {{ router_name }}:
+      entryPoints:
+{% for ep in router.entryPoints %}
+        - "{{ ep }}"
+{% endfor %}
+      rule: "{{ router.rule }}"
+{% if router.middlewares is defined and router.middlewares %}
+      middlewares:
+{% for m in router.middlewares %}
+        - {{ m }}
+{% endfor %}
+{% endif %}
+{% if router.tls is defined and router.tls %}
+      tls: {}
+{% endif %}
+      service: {{ router.service }}
+{% endfor %}
+
+  services:
+{% for service_name, service in container_traefik_services.items() %}
+    {{ service_name }}:
+      loadBalancer:
+        servers:
+{% for server in service.loadBalancer.servers %}
+          - url: "{{ server.url }}"
+{% endfor %}
+        passHostHeader: {{ service.loadBalancer.passHostHeader | default(true) | lower }}
+{% if service.loadBalancer.serversTransport is defined %}
+        serversTransport: {{ service.loadBalancer.serversTransport }}
+{% endif %}
+{% endfor %}
+
+  serversTransports:
+{% for transport_name, transport in container_traefik_serversTransports.items() %}
+    {{ transport_name }}:
+{% for key, value in transport.items() %}
+      {{ key }}: {{ value | lower if value is boolean else value }}
+{% endfor %}
+{% endfor %}
diff --git a/roles/deploy_container_traefik/templates/traefik.yml.j2 b/roles/deploy_container_traefik/templates/traefik.yml.j2
new file mode 100644
index 0000000..ea2511d
--- /dev/null
+++ b/roles/deploy_container_traefik/templates/traefik.yml.j2
@@ -0,0 +1,43 @@
+api:
+  dashboard: true
+
+log:
+  level: INFO
+  format: json
+  filePath: "/var/log/traefik.log"
+
+accessLog:
+  filePath: "/var/log/access.log"
+  bufferingSize: 50
+
+entryPoints:
+  http:
+    address: ":80"
+  https:
+    address: ":443"
+
+serversTransport:
+  insecureSkipVerify: false
+  forwardingTimeouts:
+    dialTimeout: 10s
+    responseHeaderTimeout: 10s
+
+providers:
+  docker:
+    endpoint: "unix:///var/run/docker.sock"
+    exposedByDefault: false
+    watch: true
+  file:
+    directory: "/etc/traefik/config.d/"
+    watch: true
+
+certificatesResolvers:
+  cloudflare:
+    acme:
+      email: "{{ container_traefik_cloudflare_mail }}"
+      storage: acme.json
+      dnsChallenge:
+        provider: cloudflare
+        resolvers:
+          - "1.1.1.1:53"
+          - "1.0.0.1:53"
diff --git a/roles/deploy_container_traefik/vars/main.yml b/roles/deploy_container_traefik/vars/main.yml
new file mode 100644
index 0000000..fbf5ac5
--- /dev/null
+++ b/roles/deploy_container_traefik/vars/main.yml
@@ -0,0 +1,2 @@
+---
+traefik_container_dir: "/opt/docker/traefik"

From 8377f222c69df6f9057d207f6325eab9aff6e91c Mon Sep 17 00:00:00 2001
From: Kevin Heyer <kevin.heyer@skull-it.de>
Date: Sat, 14 Jun 2025 17:15:40 +0200
Subject: [PATCH 14/19] add traefik container and add tags to roles

---
 playbooks/heyer.systems/docker1.yml | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/playbooks/heyer.systems/docker1.yml b/playbooks/heyer.systems/docker1.yml
index 3a4639d..bee5938 100644
--- a/playbooks/heyer.systems/docker1.yml
+++ b/playbooks/heyer.systems/docker1.yml
@@ -2,5 +2,13 @@
 - name: Install and start Apache web server
   hosts: docker1
   roles:
-    - server_install_ssh
-    - server_install_fail2ban
+    - role: server_install_ssh
+      tags: ssh
+
+    - role: server_install_fail2ban
+      tags: fail2ban
+
+    - role: deploy_container_traefik
+      tags:
+        - traefik
+        - docker-container

From b5d035e6f113382134380884ecd1680e7d45bcf1 Mon Sep 17 00:00:00 2001
From: Kevin Heyer <kevin.heyer@skull-it.de>
Date: Sun, 15 Jun 2025 08:03:43 +0200
Subject: [PATCH 15/19] add syslog installation role

---
 roles/server_install_syslog/defaults/main.yml  |  0
 roles/server_install_syslog/files/.gitkeep     |  0
 roles/server_install_syslog/handlers/main.yml  |  6 ++++++
 roles/server_install_syslog/meta/main.yml      |  0
 roles/server_install_syslog/tasks/main.yml     | 17 +++++++++++++++++
 roles/server_install_syslog/templates/.gitkeep |  0
 roles/server_install_syslog/vars/main.yml      |  0
 7 files changed, 23 insertions(+)
 create mode 100644 roles/server_install_syslog/defaults/main.yml
 create mode 100644 roles/server_install_syslog/files/.gitkeep
 create mode 100644 roles/server_install_syslog/handlers/main.yml
 create mode 100644 roles/server_install_syslog/meta/main.yml
 create mode 100644 roles/server_install_syslog/tasks/main.yml
 create mode 100644 roles/server_install_syslog/templates/.gitkeep
 create mode 100644 roles/server_install_syslog/vars/main.yml

diff --git a/roles/server_install_syslog/defaults/main.yml b/roles/server_install_syslog/defaults/main.yml
new file mode 100644
index 0000000..e69de29
diff --git a/roles/server_install_syslog/files/.gitkeep b/roles/server_install_syslog/files/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/roles/server_install_syslog/handlers/main.yml b/roles/server_install_syslog/handlers/main.yml
new file mode 100644
index 0000000..02b08a9
--- /dev/null
+++ b/roles/server_install_syslog/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+- name: Start and enable rsyslog
+  ansible.builtin.service:
+    name: rsyslog
+    state: started
+    enabled: true
diff --git a/roles/server_install_syslog/meta/main.yml b/roles/server_install_syslog/meta/main.yml
new file mode 100644
index 0000000..e69de29
diff --git a/roles/server_install_syslog/tasks/main.yml b/roles/server_install_syslog/tasks/main.yml
new file mode 100644
index 0000000..f6d89a6
--- /dev/null
+++ b/roles/server_install_syslog/tasks/main.yml
@@ -0,0 +1,17 @@
+---
+- name: Update apt package index
+  ansible.builtin.apt:
+    update_cache: true
+    cache_valid_time: 3600
+
+- name: Install rsyslog
+  ansible.builtin.apt:
+    name: rsyslog
+    state: present
+  notify: Start and enable rsyslog
+
+- name: Enable rsyslog
+  ansible.builtin.service:
+    name: rsyslog
+    state: started
+    enabled: true
diff --git a/roles/server_install_syslog/templates/.gitkeep b/roles/server_install_syslog/templates/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/roles/server_install_syslog/vars/main.yml b/roles/server_install_syslog/vars/main.yml
new file mode 100644
index 0000000..e69de29

From 2c7813e19fcfd2480599131cb8470d5215a69791 Mon Sep 17 00:00:00 2001
From: Kevin Heyer <kevin.heyer@skull-it.de>
Date: Sun, 15 Jun 2025 08:04:47 +0200
Subject: [PATCH 16/19] add syslog installation role and change Playbook Name

---
 playbooks/heyer.systems/all.yml       |  2 +-
 playbooks/heyer.systems/calibre.yml   |  5 +++--
 playbooks/heyer.systems/docker1.yml   | 15 ++++++++++++---
 playbooks/heyer.systems/minecraft.yml |  5 +++--
 playbooks/heyer.systems/pihole.yml    |  5 +++--
 5 files changed, 22 insertions(+), 10 deletions(-)

diff --git a/playbooks/heyer.systems/all.yml b/playbooks/heyer.systems/all.yml
index 254a054..7747a93 100644
--- a/playbooks/heyer.systems/all.yml
+++ b/playbooks/heyer.systems/all.yml
@@ -1,5 +1,5 @@
 ---
-- name: Install and start Apache web server
+- name: Configure all servers
   hosts: all
   roles:
     - server_install_ssh
diff --git a/playbooks/heyer.systems/calibre.yml b/playbooks/heyer.systems/calibre.yml
index af6f471..35433d7 100644
--- a/playbooks/heyer.systems/calibre.yml
+++ b/playbooks/heyer.systems/calibre.yml
@@ -1,6 +1,7 @@
 ---
-- name: Install and start Apache web server
+- name: Configure calibre
   hosts: calibre
   roles:
     - server_install_ssh
-    - server_install_fail2ban
\ No newline at end of file
+    - server_install_fail2ban
+    - server_install_syslog
diff --git a/playbooks/heyer.systems/docker1.yml b/playbooks/heyer.systems/docker1.yml
index bee5938..6c1e23e 100644
--- a/playbooks/heyer.systems/docker1.yml
+++ b/playbooks/heyer.systems/docker1.yml
@@ -1,12 +1,21 @@
 ---
-- name: Install and start Apache web server
+- name: Configure docker1
   hosts: docker1
   roles:
     - role: server_install_ssh
-      tags: ssh
+      tags:
+        - ssh
+        - system
 
     - role: server_install_fail2ban
-      tags: fail2ban
+      tags:
+        - fail2ban
+        - system
+
+    - role: server_install_syslog
+      tags:
+        - syslog
+        - system
 
     - role: deploy_container_traefik
       tags:
diff --git a/playbooks/heyer.systems/minecraft.yml b/playbooks/heyer.systems/minecraft.yml
index 7c4b505..40f1497 100644
--- a/playbooks/heyer.systems/minecraft.yml
+++ b/playbooks/heyer.systems/minecraft.yml
@@ -1,6 +1,7 @@
 ---
-- name: Install and start Apache web server
+- name: Configure Gaming Server
   hosts: minecraft
   roles:
     - server_install_ssh
-    - server_install_fail2ban
\ No newline at end of file
+    - server_install_fail2ban
+    - server_install_syslog
diff --git a/playbooks/heyer.systems/pihole.yml b/playbooks/heyer.systems/pihole.yml
index 253f099..78f08e3 100644
--- a/playbooks/heyer.systems/pihole.yml
+++ b/playbooks/heyer.systems/pihole.yml
@@ -1,6 +1,7 @@
 ---
-- name: Install and start Apache web server
+- name: Configure pihole
   hosts: pihole
   roles:
     - server_install_ssh
-    - server_install_fail2ban
\ No newline at end of file
+    - server_install_fail2ban
+    - server_install_syslog

From 1b1042fe0306097bf8212711bb3401fa6aad21d7 Mon Sep 17 00:00:00 2001
From: Kevin Heyer <kevin.heyer@skull-it.de>
Date: Sun, 15 Jun 2025 08:04:52 +0200
Subject: [PATCH 17/19] change Playbook Name

---
 playbooks/heyer.systems/pve1.yml | 4 ++--
 playbooks/heyer.systems/pve2.yml | 4 ++--
 playbooks/heyer.systems/pve3.yml | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/playbooks/heyer.systems/pve1.yml b/playbooks/heyer.systems/pve1.yml
index 6404a9b..c9b9139 100644
--- a/playbooks/heyer.systems/pve1.yml
+++ b/playbooks/heyer.systems/pve1.yml
@@ -1,6 +1,6 @@
 ---
-- name: Install and start Apache web server
+- name: Configure pve1
   hosts: pve1
   roles:
     - server_install_ssh
-    - server_install_fail2ban
\ No newline at end of file
+    - server_install_fail2ban
diff --git a/playbooks/heyer.systems/pve2.yml b/playbooks/heyer.systems/pve2.yml
index ce4e7d8..5886f60 100644
--- a/playbooks/heyer.systems/pve2.yml
+++ b/playbooks/heyer.systems/pve2.yml
@@ -1,6 +1,6 @@
 ---
-- name: Install and start Apache web server
+- name: Configure pve2
   hosts: pve2
   roles:
     - server_install_ssh
-    - server_install_fail2ban
\ No newline at end of file
+    - server_install_fail2ban
diff --git a/playbooks/heyer.systems/pve3.yml b/playbooks/heyer.systems/pve3.yml
index 848132b..90f4c1e 100644
--- a/playbooks/heyer.systems/pve3.yml
+++ b/playbooks/heyer.systems/pve3.yml
@@ -1,6 +1,6 @@
 ---
-- name: Install and start Apache web server
+- name: Configure pve3
   hosts: pve3
   roles:
     - server_install_ssh
-    - server_install_fail2ban
\ No newline at end of file
+    - server_install_fail2ban

From 1d6c8f3a6ff103ed53a69937be9427d631fc3d56 Mon Sep 17 00:00:00 2001
From: Kevin Heyer <kevin.heyer@skull-it.de>
Date: Sun, 15 Jun 2025 09:29:35 +0200
Subject: [PATCH 18/19] add homepage (dashboard) container

---
 roles/deploy_container_homepage/README.md     | 112 ++++++++++++++++++
 .../defaults/main.yml                         |  20 ++++
 .../files/bookmarks.yaml                      |  18 +++
 .../files/custom.css                          |   0
 .../deploy_container_homepage/files/custom.js |   0
 .../files/docker.yaml                         |  10 ++
 .../files/kubernetes.yaml                     |   2 +
 .../files/proxmox.yaml                        |   4 +
 .../files/services.yaml                       |  18 +++
 .../files/settings.yaml                       |   7 ++
 .../files/widgets.yaml                        |  12 ++
 .../handlers/main.yml                         |   0
 roles/deploy_container_homepage/meta/main.yml |   0
 .../deploy_container_homepage/tasks/main.yml  |  34 ++++++
 .../templates/.env.j2                         |   2 +
 .../templates/docker-compose.yml.j2           |  29 +++++
 roles/deploy_container_homepage/vars/main.yml |   0
 17 files changed, 268 insertions(+)
 create mode 100644 roles/deploy_container_homepage/README.md
 create mode 100644 roles/deploy_container_homepage/defaults/main.yml
 create mode 100644 roles/deploy_container_homepage/files/bookmarks.yaml
 create mode 100644 roles/deploy_container_homepage/files/custom.css
 create mode 100644 roles/deploy_container_homepage/files/custom.js
 create mode 100644 roles/deploy_container_homepage/files/docker.yaml
 create mode 100644 roles/deploy_container_homepage/files/kubernetes.yaml
 create mode 100644 roles/deploy_container_homepage/files/proxmox.yaml
 create mode 100644 roles/deploy_container_homepage/files/services.yaml
 create mode 100644 roles/deploy_container_homepage/files/settings.yaml
 create mode 100644 roles/deploy_container_homepage/files/widgets.yaml
 create mode 100644 roles/deploy_container_homepage/handlers/main.yml
 create mode 100644 roles/deploy_container_homepage/meta/main.yml
 create mode 100644 roles/deploy_container_homepage/tasks/main.yml
 create mode 100644 roles/deploy_container_homepage/templates/.env.j2
 create mode 100644 roles/deploy_container_homepage/templates/docker-compose.yml.j2
 create mode 100644 roles/deploy_container_homepage/vars/main.yml

diff --git a/roles/deploy_container_homepage/README.md b/roles/deploy_container_homepage/README.md
new file mode 100644
index 0000000..952fea0
--- /dev/null
+++ b/roles/deploy_container_homepage/README.md
@@ -0,0 +1,112 @@
+Hier ist ein passendes **README.md**, das deine Anforderungen erfüllt:
+
+---
+
+# 📦 Ansible Role: Container Homepage
+
+This role deploys a tenant-specific instance of the **homepage container** (e.g. [gethomepage.dev](https://gethomepage.dev))
+It uses Docker Compose and copies custom configuration files per host.
+
+---
+
+## 🚀 **Getting Started**
+
+### 1️⃣ **Prepare tenant-specific config files**
+
+All example config files are located in:
+
+```
+roles/container_homepage/files/
+```
+
+👉 Copy these files to your inventory directory under the following structure:
+
+```
+inventory/[TENANT]/host_files/[HOST]/container_homepage_config_files/
+```
+
+Example:
+
+```
+inventory/tenant1/host_files/docker1/container_homepage_config_files/bookmarks.yaml
+inventory/tenant1/host_files/docker1/container_homepage_config_files/settings.yaml
+...
+```
+
+⚠️ **Customize these files** before deploying, according to the requirements of your tenant and host.
+
+---
+
+## ⚙️ **Default Variables**
+
+These are defined in `defaults/main.yml`:
+
+```yaml
+container_homepage_version: latest
+container_homepage_domain: dashboard.example.com
+container_homepage_directory: /opt/docker/homepage
+container_homepage_config_files:
+  - src: "{{ inventory_dir }}/host_files/{{ inventory_hostname }}/container_homepage_config_files/bookmarks.yaml"
+    dest: "bookmarks.yaml"
+  - src: "{{ inventory_dir }}/host_files/{{ inventory_hostname }}/container_homepage_config_files/settings.yaml"
+    dest: "settings.yaml"
+  - src: "{{ inventory_dir }}/host_files/{{ inventory_hostname }}/container_homepage_config_files/custom.css"
+    dest: "custom.css"
+  - src: "{{ inventory_dir }}/host_files/{{ inventory_hostname }}/container_homepage_config_files/custom.js"
+    dest: "custom.js"
+  - src: "{{ inventory_dir }}/host_files/{{ inventory_hostname }}/container_homepage_config_files/docker.yaml"
+    dest: "docker.yaml"
+  - src: "{{ inventory_dir }}/host_files/{{ inventory_hostname }}/container_homepage_config_files/kubernetes.yaml"
+    dest: "kubernetes.yaml"
+  - src: "{{ inventory_dir }}/host_files/{{ inventory_hostname }}/container_homepage_config_files/services.yaml"
+    dest: "services.yaml"
+  - src: "{{ inventory_dir }}/host_files/{{ inventory_hostname }}/container_homepage_config_files/widgets.yaml"
+    dest: "widgets.yaml"
+```
+
+---
+
+## 📂 **Inventory example**
+
+```
+inventory/
+└── tenant1/
+    ├── hosts.yml
+    └── host_files/
+        └── docker1/
+            └── container_homepage_config_files/
+                ├── bookmarks.yaml
+                ├── settings.yaml
+                ├── custom.css
+                ├── custom.js
+                ├── docker.yaml
+                ├── kubernetes.yaml
+                ├── services.yaml
+                └── widgets.yaml
+```
+
+---
+
+## 📝 **Usage**
+
+Run your playbook as usual:
+
+```bash
+ansible-playbook -i inventory/tenant1/inventory.yml playbooks/playbook.yml
+```
+
+The role will:
+✅ Ensure directories exist
+✅ Deploy Docker Compose and environment files
+✅ Copy the tenant-specific configuration files
+✅ Start or update the container
+
+---
+
+## 💡 Notes
+
+* The role expects Docker (with compose v2 plugin) to be installed on the target host.
+* The docker-compose and .env files should be templated or provided by your playbook or role.
+* Make sure the `container_homepage_directory` location has correct permissions for your user/container runtime.
+
+---
\ No newline at end of file
diff --git a/roles/deploy_container_homepage/defaults/main.yml b/roles/deploy_container_homepage/defaults/main.yml
new file mode 100644
index 0000000..0e0f29d
--- /dev/null
+++ b/roles/deploy_container_homepage/defaults/main.yml
@@ -0,0 +1,20 @@
+container_homepage_version: latest
+container_homepage_domain: dashboard.example.com
+container_homepage_directory: /opt/docker/homepage
+container_homepage_config_files:
+  - src: "{{ inventory_dir }}/host_files/{{ inventory_hostname }}/container_homepage_config_files/bookmarks.yaml"
+    dest: "bookmarks.yaml"
+  - src: "{{ inventory_dir }}/host_files/{{ inventory_hostname }}/container_homepage_config_files/settings.yaml"
+    dest: "settings.yaml"
+  - src: "{{ inventory_dir }}/host_files/{{ inventory_hostname }}/container_homepage_config_files/custom.css"
+    dest: "custom.css"
+  - src: "{{ inventory_dir }}/host_files/{{ inventory_hostname }}/container_homepage_config_files/custom.js"
+    dest: "custom.js"
+  - src: "{{ inventory_dir }}/host_files/{{ inventory_hostname }}/container_homepage_config_files/docker.yaml"
+    dest: "docker.yaml"
+  - src: "{{ inventory_dir }}/host_files/{{ inventory_hostname }}/container_homepage_config_files/kubernetes.yaml"
+    dest: "kubernetes.yaml"
+  - src: "{{ inventory_dir }}/host_files/{{ inventory_hostname }}/container_homepage_config_files/services.yaml"
+    dest: "services.yaml"
+  - src: "{{ inventory_dir }}/host_files/{{ inventory_hostname }}/container_homepage_config_files/widgets.yaml"
+    dest: "widgets.yaml"
diff --git a/roles/deploy_container_homepage/files/bookmarks.yaml b/roles/deploy_container_homepage/files/bookmarks.yaml
new file mode 100644
index 0000000..79c3694
--- /dev/null
+++ b/roles/deploy_container_homepage/files/bookmarks.yaml
@@ -0,0 +1,18 @@
+---
+# For configuration options and examples, please see:
+# https://gethomepage.dev/configs/bookmarks
+
+- Developer:
+    - Github:
+        - abbr: GH
+          href: https://github.com/
+
+- Social:
+    - Reddit:
+        - abbr: RE
+          href: https://reddit.com/
+
+- Entertainment:
+    - YouTube:
+        - abbr: YT
+          href: https://youtube.com/
\ No newline at end of file
diff --git a/roles/deploy_container_homepage/files/custom.css b/roles/deploy_container_homepage/files/custom.css
new file mode 100644
index 0000000..e69de29
diff --git a/roles/deploy_container_homepage/files/custom.js b/roles/deploy_container_homepage/files/custom.js
new file mode 100644
index 0000000..e69de29
diff --git a/roles/deploy_container_homepage/files/docker.yaml b/roles/deploy_container_homepage/files/docker.yaml
new file mode 100644
index 0000000..725e92a
--- /dev/null
+++ b/roles/deploy_container_homepage/files/docker.yaml
@@ -0,0 +1,10 @@
+---
+# For configuration options and examples, please see:
+# https://gethomepage.dev/configs/docker/
+
+# my-docker:
+#   host: 127.0.0.1
+#   port: 2375
+
+# my-docker:
+#   socket: /var/run/docker.sock
\ No newline at end of file
diff --git a/roles/deploy_container_homepage/files/kubernetes.yaml b/roles/deploy_container_homepage/files/kubernetes.yaml
new file mode 100644
index 0000000..4d2c40b
--- /dev/null
+++ b/roles/deploy_container_homepage/files/kubernetes.yaml
@@ -0,0 +1,2 @@
+---
+# sample kubernetes config
\ No newline at end of file
diff --git a/roles/deploy_container_homepage/files/proxmox.yaml b/roles/deploy_container_homepage/files/proxmox.yaml
new file mode 100644
index 0000000..7196f8f
--- /dev/null
+++ b/roles/deploy_container_homepage/files/proxmox.yaml
@@ -0,0 +1,4 @@
+---
+# url: https://proxmox.host.or.ip:8006
+# token: username@pam!Token ID
+# secret: secret
\ No newline at end of file
diff --git a/roles/deploy_container_homepage/files/services.yaml b/roles/deploy_container_homepage/files/services.yaml
new file mode 100644
index 0000000..837ce28
--- /dev/null
+++ b/roles/deploy_container_homepage/files/services.yaml
@@ -0,0 +1,18 @@
+---
+# For configuration options and examples, please see:
+# https://gethomepage.dev/configs/services/
+
+- My First Group:
+    - My First Service:
+        href: http://localhost/
+        description: Homepage is awesome
+
+- My Second Group:
+    - My Second Service:
+        href: http://localhost/
+        description: Homepage is the best
+
+- My Third Group:
+    - My Third Service:
+        href: http://localhost/
+        description: Homepage is 😎
\ No newline at end of file
diff --git a/roles/deploy_container_homepage/files/settings.yaml b/roles/deploy_container_homepage/files/settings.yaml
new file mode 100644
index 0000000..1234d38
--- /dev/null
+++ b/roles/deploy_container_homepage/files/settings.yaml
@@ -0,0 +1,7 @@
+---
+# For configuration options and examples, please see:
+# https://gethomepage.dev/configs/settings/
+
+providers:
+  openweathermap: openweathermapapikey
+  weatherapi: weatherapiapikey
\ No newline at end of file
diff --git a/roles/deploy_container_homepage/files/widgets.yaml b/roles/deploy_container_homepage/files/widgets.yaml
new file mode 100644
index 0000000..e55edec
--- /dev/null
+++ b/roles/deploy_container_homepage/files/widgets.yaml
@@ -0,0 +1,12 @@
+---
+# For configuration options and examples, please see:
+# https://gethomepage.dev/configs/info-widgets/
+
+- resources:
+    cpu: true
+    memory: true
+    disk: /
+
+- search:
+    provider: duckduckgo
+    target: _blank
\ No newline at end of file
diff --git a/roles/deploy_container_homepage/handlers/main.yml b/roles/deploy_container_homepage/handlers/main.yml
new file mode 100644
index 0000000..e69de29
diff --git a/roles/deploy_container_homepage/meta/main.yml b/roles/deploy_container_homepage/meta/main.yml
new file mode 100644
index 0000000..e69de29
diff --git a/roles/deploy_container_homepage/tasks/main.yml b/roles/deploy_container_homepage/tasks/main.yml
new file mode 100644
index 0000000..290c0ff
--- /dev/null
+++ b/roles/deploy_container_homepage/tasks/main.yml
@@ -0,0 +1,34 @@
+---
+- name: Ensure data directories exist
+  ansible.builtin.file:
+    path: "{{ container_homepage_directory }}/data/{{ item }}"
+    state: directory
+    mode: '0755'
+  loop:
+    - "config"
+  become: false
+
+- name: Deploy Docker Compose and .env files
+  ansible.builtin.template:
+    src: "{{ item.src }}"
+    dest: "{{ container_homepage_directory }}/{{ item.dest }}"
+    mode: '0644'
+  loop:
+    - { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' }
+    - { src: '.env.j2', dest: '.env' }
+  become: false
+
+- name: Deploy tenant-specific config files
+  ansible.builtin.copy:
+    src: "{{ item.src }}"
+    dest: "{{ container_homepage_directory }}/data/config/{{ item.dest }}"
+    mode: '0644'
+  loop: "{{ container_homepage_config_files }}"
+  become: false
+
+- name: Start Container
+  community.docker.docker_compose_v2:
+    project_src: "{{ container_homepage_directory }}"
+    pull: always
+    docker_host: "unix:///run/user/1000/docker.sock"
+  become: false
diff --git a/roles/deploy_container_homepage/templates/.env.j2 b/roles/deploy_container_homepage/templates/.env.j2
new file mode 100644
index 0000000..7c71c97
--- /dev/null
+++ b/roles/deploy_container_homepage/templates/.env.j2
@@ -0,0 +1,2 @@
+HOMEPAGE_VERSION={{ container_homepage_version }}
+HOMEPAGE_DOMAIN={{ container_homepage_domain }}
\ No newline at end of file
diff --git a/roles/deploy_container_homepage/templates/docker-compose.yml.j2 b/roles/deploy_container_homepage/templates/docker-compose.yml.j2
new file mode 100644
index 0000000..ef15321
--- /dev/null
+++ b/roles/deploy_container_homepage/templates/docker-compose.yml.j2
@@ -0,0 +1,29 @@
+---
+services:
+  homepage:
+    image: ghcr.io/gethomepage/homepage:${HOMEPAGE_VERSION}
+    container_name: homepage
+    restart: always
+    networks:
+      - traefik
+    volumes:
+      - ./data/config:/app/config
+      - /run/user/1000/docker.sock:/var/run/docker.sock:ro
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=traefik"
+      - "traefik.http.routers.homepage.entrypoints=http"
+      - "traefik.http.routers.homepage.rule=Host(`${HOMEPAGE_DOMAIN}`)"
+      - "traefik.http.middlewares.homepage-https-redirect.redirectscheme.scheme=https"
+      - "traefik.http.routers.homepage.middlewares=homepage-https-redirect"
+      - "traefik.http.routers.homepage-secure.entrypoints=https"
+      - "traefik.http.routers.homepage-secure.rule=Host(`${HOMEPAGE_DOMAIN}`)"
+      - "traefik.http.routers.homepage-secure.tls=true"
+      - "traefik.http.routers.homepage-secure.service=homepage"
+      - "traefik.http.services.homepage.loadbalancer.server.port=3000"
+    environment:
+      HOMEPAGE_ALLOWED_HOSTS: "*"
+
+networks:
+  traefik:
+    external: true
diff --git a/roles/deploy_container_homepage/vars/main.yml b/roles/deploy_container_homepage/vars/main.yml
new file mode 100644
index 0000000..e69de29

From d34893d8a8341f2a1781ae8b127ce3ff61e3dbfb Mon Sep 17 00:00:00 2001
From: Kevin Heyer <kevin.heyer@skull-it.de>
Date: Sun, 15 Jun 2025 09:29:47 +0200
Subject: [PATCH 19/19] Add Homepage Container

---
 playbooks/heyer.systems/docker1.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/playbooks/heyer.systems/docker1.yml b/playbooks/heyer.systems/docker1.yml
index 6c1e23e..7db4be9 100644
--- a/playbooks/heyer.systems/docker1.yml
+++ b/playbooks/heyer.systems/docker1.yml
@@ -21,3 +21,8 @@
       tags:
         - traefik
         - docker-container
+
+    - role: deploy_container_homepage
+      tags:
+        - homepage
+        - docker-container