de.lehmann.automation.ansible.main/playbooks/lehmann-webserver.yml

#
#
# Automated webserver installation with plesk for captica Webservers
#
# Project: playbooks
# Author: Marc Böhm <marc.boehm@captica.de>
# License: MIT License (see LICENSE.md)
#
# Copyright (c) captica GmbH est. 2021
#
- hosts: "leh01"
  vars:
    hostname: leh01
    tools_install_users:
      - root
      - ansible
    ssh_pubkeys_root:
      - "../files/ssh/root.pub"
    ssh_pubkeys_ansible:
      - "../files/ssh/id_ed25519_ansible.pub"
    bitwarden_version: 2025.7.0
    bitwarden_url: https://vault.captica.de
    bitwarden_domain: vault.lehmannhause.de
    bitwarden_admins: tobias.lehmann@captica.de
    bitwarden_reply_to_mail: no-reply@vault.lehmannhaus.de
    bitwarden_smtp_host: captica.de
    bitwarden_smtp_port: 465
    rclone_version: "1.65.0"
    rclone_configs:
      - name: strato-lehmann
        entries:
          type: s3
          provider: Other
          env_auth: false
          access_key_id: "{{ rclone_hidrive_access_key_id }}"
          secret_access_key: "{{ rclone_hidrive_access_key_secret }}"
          region: eu-central-1
          endpoint: https://s3.hidrive.strato.com
          #https://my.hidrive.com/
          acl: private
      - name: backup-lehmann
        entries:
          type: crypt
          remote: strato-lehmann:backup-leh01
          filename_encryption: standard
          directory_name_encryption: true
          password: "{{ rclone_backup_password }}"
          password2: "{{ rclone_backup_password2 }}"
    rclone_sync_cronjobs:
      - name: backup-nextcloud
        source: /datapool/docker-nextcloud/nextcloud
        target: backup-lehmann:nextcloud
        cron:
          minute: '0'
          hour: '6'
          day: '*/5'
        disabled: false
      - name: backup-frigate-nvr
        source: /rpool/vmpool/frigate-nvr
        target: backup-lehmann:frigate-nvr
        cron:
          minute: '0'
          hour: '2'
          day: '*/5'
        disabled: false      
      - name: backup-gitea
        source: /datapool/subvol-107-disk-0
        target: backup-lehmann:gitea
        cron:
          minute: '30'
          hour: '2'
          day: '*/5'
        disabled: false      
      - name: backup-nginx-proxy-manager
        source: /datapool/docker-nginx-proxy-manager
        target: backup-lehmann:nginx-proxy-manager
        cron:
          minute: '30'
          hour: '5'
          day: '*/5'
        disabled: false
      - name: backup-harvester-data
        source: /datapool/subvol-1035-disk-1
        target: backup-lehmann:harvester-data
        cron:
          minute: '45'
          hour: '5'
          day: '*/5'
        disabled: false
  roles:
    - linux-base-install
    - zsh
    - vim
    - fzf
    - linux-docker
    - rclone
    - plesk
    - nextcloud-hpb
    - wireguard
    - bitwarden