homeserver/group_vars/blocky.yml

---
### mgrote_systemd_resolved
systemd_resolved_nameserver: 9.9.9.9

### oefenweb.ufw
ufw_rules:
  - rule: allow
    to_port: 22
    protocol: tcp
    comment: 'ssh'
    from_ip: 0.0.0.0/0
  - rule: allow
    to_port: 4949
    protocol: tcp
    comment: 'munin'
    from_ip: 192.168.2.0/24
  - rule: allow
    to_port: 53
    comment: 'dns'
    from_ip: 0.0.0.0/0

### mgrote.apt_manage_packages
apt_packages_extra:
  - libnet-dns-perl # für munin: dnsresponse_

### mgrote_user_setup
ansible_forgejo_user: svc_ansible
ansible_forgejo_user_pass: "{{ lookup('viczem.keepass.keepass', 'user_setup_forgejo_user_pass', 'password') }}" # user ist dem Repo als "Collaborator" + "RO" hinzugefügt worden

dotfiles_vim_vundle_repo_url: "https://{{ ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@192.168.2.42:3000/mirrors/Vundle.vim.git"
dotfiles:
  - user: mg
    home: /home/mg
  - user: root
    home: /root
dotfiles_repo_url: http://192.168.2.42:3000/mg/dotfiles

### mgrote_restic
restic_repository: "//192.168.2.54/restic"

### mgrote_blocky
blocky_version: v0.24
blocky_block_type: zeroIp
blocky_local_upstream: 192.168.2.1
blocky_conditional_mapping: # optional
  - domain: mgrote.net
    resolver: 192.168.2.1
blocky_dns_upstream:
  - 9.9.9.9
  - 1.1.1.1
  - 8.8.8.8
  - 5.9.164.112
blocky_dns_blocklists:
  - https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
  - https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
  - http://sysctl.org/cameleon/hosts
  - https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
blocky_custom_lookups: # optional
  # Internet
  - name: wiki.mgrote.net
    ip: 192.168.2.43
  - name: audio.mgrote.net
    ip: 192.168.2.43
  - name: auth.mgrote.net
    ip: 192.168.2.43
  - name: ci.mgrote.net
    ip: 192.168.2.43
  - name: miniflux.mgrote.net
    ip: 192.168.2.43
  - name: nextcloud.mgrote.net
    ip: 192.168.2.43
  - name: registry.mgrote.net
    ip: 192.168.2.43
  - name: git.mgrote.net
    ip: 192.168.2.43
  # Intern
  - name: ads2700w.mgrote.net
    ip: 192.168.2.147
  - name: crs305.mgrote.net
    ip: 192.168.2.225
  - name: hex.mgrote.net
    ip: 192.168.3.144
  - name: pbs-test.mgrote.net
    ip: 192.168.2.18
  - name: pbs.mgrote.net
    ip: 192.168.3.239
  - name: pve5-test.mgrote.net
    ip: 192.168.2.17
  - name: pve5.mgrote.net # bleibt im Router auch angelegt, weil wenn pve aus auch kein blocky mehr ;-)
    ip: 192.168.2.16
  - name: rb5009.mgrote.net
    ip: 192.168.2.1
  - name: fritz.box
    ip: 192.168.5.1
  - name: ldap.mgrote.net
    ip: 192.168.2.47
  - name: munin.mgrote.net
    ip: 192.168.2.40

### mgrote_munin_node
# kann git.mgrote.net nicht auflösen, deshalb hiermit IP
munin_node_plugins:
  - name: chrony
    src: http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/chrony/chrony
  - name: systemd_status
    src: http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/systemd/systemd_status
  - name: systemd_mem
    src: http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/systemd/systemd_mem
    config: |
      [systemd_mem]
      env.all_services true
  - name: lvm_
    src: http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/disk/lvm_
    config: |
      [lvm_*]
      user root
  - name: fail2ban
    src: http://192.168.2.42:3000/mg/munin-plugins/raw/branch/master/extern/fail2ban
    config: |
      [fail2ban]
      env.client /usr/bin/fail2ban-client
      env.config_dir /etc/fail2ban
      user root
  - name: dnsresponse_192.168.2.1
    src: http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/network/dns/dnsresponse_
  - name: dnsresponse_192.168.2.37
    src: http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/network/dns/dnsresponse_
  - name: dnsresponse_127.0.0.1
    src: http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/network/dns/dnsresponse_
    config: |
      [dnsresponse_*]
      env.site www.heise.de
      env.times 20
setup blocky (#617) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/617 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-11-29 12:22:34 +01:00			`---`
			`### mgrote_systemd_resolved`
			`systemd_resolved_nameserver: 9.9.9.9`

			`### oefenweb.ufw`
			`ufw_rules:`
			`- rule: allow`
			`to_port: 22`
			`protocol: tcp`
			`comment: 'ssh'`
			`from_ip: 0.0.0.0/0`
monitoring: add munin again... (#790) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/790 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> munin: nacharbeiten (#791) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/791 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> munin: remove playbook fixed (#792) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/792 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2024-02-15 13:52:00 +01:00			`- rule: allow`
			`to_port: 4949`
			`protocol: tcp`
			`comment: 'munin'`
			`from_ip: 192.168.2.0/24`
setup blocky (#617) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/617 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-11-29 12:22:34 +01:00			`- rule: allow`
			`to_port: 53`
			`comment: 'dns'`
			`from_ip: 0.0.0.0/0`

blocky: add munin dependency 2024-02-16 13:59:10 +01:00			`### mgrote.apt_manage_packages`
			`apt_packages_extra:`
			`- libnet-dns-perl # für munin: dnsresponse_`

user-setup (dotfiles usw.) neu gedacht... (#624) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/624 2023-12-04 14:43:04 +01:00			`### mgrote_user_setup`
ff 2024-09-12 12:52:09 +02:00			`ansible_forgejo_user: svc_ansible`
			`ansible_forgejo_user_pass: "{{ lookup('viczem.keepass.keepass', 'user_setup_forgejo_user_pass', 'password') }}" # user ist dem Repo als "Collaborator" + "RO" hinzugefügt worden`

ff 2024-09-12 12:59:38 +02:00			`dotfiles_vim_vundle_repo_url: "https://{{ ansible_forgejo_user \| urlencode }}:{{ ansible_forgejo_user_pass \| urlencode }}@192.168.2.42:3000/mirrors/Vundle.vim.git"`
user-setup (dotfiles usw.) neu gedacht... (#624) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/624 2023-12-04 14:43:04 +01:00			`dotfiles:`
			`- user: mg`
			`home: /home/mg`
			`- user: root`
			`home: /root`
redeployment forgejo + setup ldap (#1) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/1 2024-04-04 09:48:09 +02:00			`dotfiles_repo_url: http://192.168.2.42:3000/mg/dotfiles`
user-setup (dotfiles usw.) neu gedacht... (#624) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/624 2023-12-04 14:43:04 +01:00
restic: fix backups dirs, secrets and mails v ff dd dd f ff ff ff ff d ff f f 2024-05-25 20:58:07 +02:00			`### mgrote_restic`
			`restic_repository: "//192.168.2.54/restic"`

setup blocky (#617) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/617 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-11-29 12:22:34 +01:00			`### mgrote_blocky`
chore(deps): update dependency 0xerr0r/blocky to v0.24 2024-05-25 20:04:03 +02:00			`blocky_version: v0.24`
setup blocky (#617) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/617 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-11-29 12:22:34 +01:00			`blocky_block_type: zeroIp`
			`blocky_local_upstream: 192.168.2.1`
			`blocky_conditional_mapping: # optional`
			`- domain: mgrote.net`
			`resolver: 192.168.2.1`
			`blocky_dns_upstream:`
			`- 9.9.9.9`
			`- 1.1.1.1`
			`- 8.8.8.8`
			`- 5.9.164.112`
			`blocky_dns_blocklists:`
			`- https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt`
			`- https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts`
			`- http://sysctl.org/cameleon/hosts`
			`- https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt`
			`blocky_custom_lookups: # optional`
			`# Internet`
			`- name: wiki.mgrote.net`
			`ip: 192.168.2.43`
			`- name: audio.mgrote.net`
			`ip: 192.168.2.43`
			`- name: auth.mgrote.net`
			`ip: 192.168.2.43`
			`- name: ci.mgrote.net`
			`ip: 192.168.2.43`
			`- name: miniflux.mgrote.net`
			`ip: 192.168.2.43`
			`- name: nextcloud.mgrote.net`
			`ip: 192.168.2.43`
			`- name: registry.mgrote.net`
			`ip: 192.168.2.43`
monitoring: add munin again... (#790) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/790 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> munin: nacharbeiten (#791) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/791 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> munin: remove playbook fixed (#792) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/792 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2024-02-15 13:52:00 +01:00			`- name: git.mgrote.net`
			`ip: 192.168.2.43`
setup blocky (#617) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/617 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-11-29 12:22:34 +01:00			`# Intern`
			`- name: ads2700w.mgrote.net`
			`ip: 192.168.2.147`
			`- name: crs305.mgrote.net`
			`ip: 192.168.2.225`
			`- name: hex.mgrote.net`
			`ip: 192.168.3.144`
			`- name: pbs-test.mgrote.net`
			`ip: 192.168.2.18`
			`- name: pbs.mgrote.net`
			`ip: 192.168.3.239`
			`- name: pve5-test.mgrote.net`
			`ip: 192.168.2.17`
gitea: fix admin user setup (#72) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/72 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2024-05-13 12:00:02 +02:00			`- name: pve5.mgrote.net # bleibt im Router auch angelegt, weil wenn pve aus auch kein blocky mehr ;-)`
setup blocky (#617) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/617 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-11-29 12:22:34 +01:00			`ip: 192.168.2.16`
			`- name: rb5009.mgrote.net`
			`ip: 192.168.2.1`
			`- name: fritz.box`
			`ip: 192.168.5.1`
redeployment forgejo + setup ldap (#1) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/1 2024-04-04 09:48:09 +02:00			`- name: ldap.mgrote.net`
			`ip: 192.168.2.47`
munin: from container to vm (#155) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/155 2024-08-12 23:46:08 +02:00			`- name: munin.mgrote.net`
blocky: fix ip 2024-08-19 22:36:50 +02:00			`ip: 192.168.2.40`
setup blocky (#617) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/617 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-11-29 12:22:34 +01:00
monitoring: add munin again... (#790) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/790 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> munin: nacharbeiten (#791) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/791 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> munin: remove playbook fixed (#792) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/792 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2024-02-15 13:52:00 +01:00			`### mgrote_munin_node`
			`# kann git.mgrote.net nicht auflösen, deshalb hiermit IP`
			`munin_node_plugins:`
			`- name: chrony`
redeployment forgejo + setup ldap (#1) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/1 2024-04-04 09:48:09 +02:00			`src: http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/chrony/chrony`
monitoring: add munin again... (#790) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/790 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> munin: nacharbeiten (#791) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/791 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> munin: remove playbook fixed (#792) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/792 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2024-02-15 13:52:00 +01:00			`- name: systemd_status`
redeployment forgejo + setup ldap (#1) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/1 2024-04-04 09:48:09 +02:00			`src: http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/systemd/systemd_status`
monitoring: add munin again... (#790) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/790 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> munin: nacharbeiten (#791) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/791 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> munin: remove playbook fixed (#792) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/792 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2024-02-15 13:52:00 +01:00			`- name: systemd_mem`
redeployment forgejo + setup ldap (#1) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/1 2024-04-04 09:48:09 +02:00			`src: http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/systemd/systemd_mem`
monitoring: add munin again... (#790) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/790 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> munin: nacharbeiten (#791) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/791 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> munin: remove playbook fixed (#792) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/792 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2024-02-15 13:52:00 +01:00			`config: \|`
			`[systemd_mem]`
			`env.all_services true`
			`- name: lvm_`
redeployment forgejo + setup ldap (#1) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/1 2024-04-04 09:48:09 +02:00			`src: http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/disk/lvm_`
monitoring: add munin again... (#790) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/790 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> munin: nacharbeiten (#791) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/791 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> munin: remove playbook fixed (#792) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/792 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2024-02-15 13:52:00 +01:00			`config: \|`
			`[lvm_*]`
			`user root`
			`- name: fail2ban`
redeployment forgejo + setup ldap (#1) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/1 2024-04-04 09:48:09 +02:00			`src: http://192.168.2.42:3000/mg/munin-plugins/raw/branch/master/extern/fail2ban`
monitoring: add munin again... (#790) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/790 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> munin: nacharbeiten (#791) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/791 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> munin: remove playbook fixed (#792) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/792 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2024-02-15 13:52:00 +01:00			`config: \|`
			`[fail2ban]`
			`env.client /usr/bin/fail2ban-client`
			`env.config_dir /etc/fail2ban`
			`user root`
			`- name: dnsresponse_192.168.2.1`
redeployment forgejo + setup ldap (#1) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/1 2024-04-04 09:48:09 +02:00			`src: http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/network/dns/dnsresponse_`
monitoring: add munin again... (#790) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/790 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> munin: nacharbeiten (#791) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/791 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> munin: remove playbook fixed (#792) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/792 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2024-02-15 13:52:00 +01:00			`- name: dnsresponse_192.168.2.37`
redeployment forgejo + setup ldap (#1) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/1 2024-04-04 09:48:09 +02:00			`src: http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/network/dns/dnsresponse_`
monitoring: add munin again... (#790) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/790 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> munin: nacharbeiten (#791) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/791 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> munin: remove playbook fixed (#792) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/792 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2024-02-15 13:52:00 +01:00			`- name: dnsresponse_127.0.0.1`
redeployment forgejo + setup ldap (#1) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/1 2024-04-04 09:48:09 +02:00			`src: http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/network/dns/dnsresponse_`
monitoring: add munin again... (#790) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/790 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> munin: nacharbeiten (#791) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/791 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> munin: remove playbook fixed (#792) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/792 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2024-02-15 13:52:00 +01:00			`config: \|`
			`[dnsresponse_*]`
			`env.site www.heise.de`
			`env.times 20`