2022-11-24 16:24:21 +01:00
---
### geerlingguy.nfs
nfs_exports :
- /srv/nfs 192.168.2.40(rw,no_subtree_check,no_root_squash) #k3s3
- /srv/nfs 192.168.2.41(rw,no_subtree_check,no_root_squash) #k3s2
- /srv/nfs 192.168.2.42(rw,no_subtree_check,no_root_squash) #k3s1
2022-11-24 18:07:04 +01:00
nfs_port : 33333
2022-11-24 16:24:21 +01:00
### mgrote.munin-node
munin_node_plugins :
- name : timesync
src : https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status
- name : systemd_status
src : https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status
- name : systemd_mem
src : https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_mem
config : |
[ systemd_mem]
env.all_services true
- name : lvm_
src : https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_
config : |
[ lvm_*]
user root
- name : fail2ban
src : https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
config : |
[ fail2ban]
env.client /usr/bin/fail2ban-client
env.config_dir /etc/fail2ban
user root
- name : nfsd4
src : https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/nsfd4
- name : nfsd
src : https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/nfsd
### mgrote.restic
restic_folders_to_backup : "/ /srv/nfs" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben
2022-11-24 18:07:04 +01:00
### oefenweb.ufw
ufw_rules :
- rule : allow
to_port : 22
protocol : tcp
comment : 'ssh'
from_ip : 0.0 .0 .0 /0
- rule : allow
to_port : 4949
protocol : tcp
comment : 'munin'
from_ip : 192.168 .2 .144 /24
# k3s1
- rule : allow
from_ip : 192.168 .2 .40
comment : 'nfs'
to_port : 2049
- rule : allow
from_ip : 192.168 .2 .40
comment : 'nfs'
to_port : 111
- rule : allow
from_ip : 192.168 .2 .40
comment : 'nfs'
to_port : "{{ nfs_port }}"