homeserver/host_vars/k3s-nfs2.grote.lan.yaml

67 lines
2.1 KiB
YAML
Raw Normal View History

---
### geerlingguy.nfs
nfs_exports:
- /srv/nfs 192.168.2.40(rw,no_subtree_check,no_root_squash) #k3s3
- /srv/nfs 192.168.2.41(rw,no_subtree_check,no_root_squash) #k3s2
- /srv/nfs 192.168.2.42(rw,no_subtree_check,no_root_squash) #k3s1
nfs_port: 33333
### mgrote.munin-node
munin_node_plugins:
- name: timesync
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status
- name: systemd_status
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status
- name: systemd_mem
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_mem
config: |
[systemd_mem]
env.all_services true
- name: lvm_
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_
config: |
[lvm_*]
user root
- name: fail2ban
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
config: |
[fail2ban]
env.client /usr/bin/fail2ban-client
env.config_dir /etc/fail2ban
user root
- name: nfsd4
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/nsfd4
- name: nfsd
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/nfsd
### mgrote.restic
restic_folders_to_backup: "/ /srv/nfs" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben
### oefenweb.ufw
ufw_rules:
- rule: allow
to_port: 22
protocol: tcp
comment: 'ssh'
from_ip: 0.0.0.0/0
- rule: allow
to_port: 4949
protocol: tcp
comment: 'munin'
from_ip: 192.168.2.144/24
# k3s1
- rule: allow
from_ip: 192.168.2.40
comment: 'nfs'
to_port: 2049
- rule: allow
from_ip: 192.168.2.40
comment: 'nfs'
to_port: 111
- rule: allow
from_ip: 192.168.2.40
comment: 'nfs'
to_port: "{{ nfs_port }}"