2023-11-29 12:22:34 +01:00
---
### mgrote_systemd_resolved
systemd_resolved_nameserver : 9.9 .9 .9
### oefenweb.ufw
ufw_rules :
- rule : allow
to_port : 22
protocol : tcp
comment : 'ssh'
from_ip : 0.0 .0 .0 /0
2024-02-15 13:52:00 +01:00
- rule : allow
to_port : 4949
protocol : tcp
comment : 'munin'
from_ip : 192.168 .2 .0 /24
2023-11-29 12:22:34 +01:00
- rule : allow
to_port : 53
comment : 'dns'
from_ip : 0.0 .0 .0 /0
2024-02-16 13:59:10 +01:00
### mgrote.apt_manage_packages
apt_packages_extra :
- libnet-dns-perl # für munin : dnsresponse_
2023-12-04 14:43:04 +01:00
### mgrote_user_setup
2024-09-12 12:52:09 +02:00
ansible_forgejo_user : svc_ansible
ansible_forgejo_user_pass : "{{ lookup('viczem.keepass.keepass', 'user_setup_forgejo_user_pass', 'password') }}" # user ist dem Repo als "Collaborator" + "RO" hinzugefügt worden
2024-09-12 12:59:38 +02:00
dotfiles_vim_vundle_repo_url : "https://{{ ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@192.168.2.42:3000/mirrors/Vundle.vim.git"
2023-12-04 14:43:04 +01:00
dotfiles :
- user : mg
home : /home/mg
- user : root
home : /root
2024-04-04 09:48:09 +02:00
dotfiles_repo_url : http://192.168.2.42:3000/mg/dotfiles
2023-12-04 14:43:04 +01:00
2024-05-25 20:58:07 +02:00
### mgrote_restic
restic_repository : "//192.168.2.54/restic"
2023-11-29 12:22:34 +01:00
### mgrote_blocky
2024-05-25 20:04:03 +02:00
blocky_version : v0.24
2023-11-29 12:22:34 +01:00
blocky_block_type : zeroIp
blocky_local_upstream : 192.168 .2 .1
blocky_conditional_mapping : # optional
- domain : mgrote.net
resolver : 192.168 .2 .1
blocky_dns_upstream :
- 9.9 .9 .9
- 1.1 .1 .1
- 8.8 .8 .8
- 5.9 .164 .112
blocky_dns_blocklists :
- https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
- https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
- http://sysctl.org/cameleon/hosts
- https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
blocky_custom_lookups : # optional
# Internet
- name : wiki.mgrote.net
ip : 192.168 .2 .43
- name : audio.mgrote.net
ip : 192.168 .2 .43
- name : auth.mgrote.net
ip : 192.168 .2 .43
- name : ci.mgrote.net
ip : 192.168 .2 .43
- name : miniflux.mgrote.net
ip : 192.168 .2 .43
- name : nextcloud.mgrote.net
ip : 192.168 .2 .43
- name : registry.mgrote.net
ip : 192.168 .2 .43
2024-02-15 13:52:00 +01:00
- name : git.mgrote.net
ip : 192.168 .2 .43
2023-11-29 12:22:34 +01:00
# Intern
- name : ads2700w.mgrote.net
ip : 192.168 .2 .147
- name : crs305.mgrote.net
ip : 192.168 .2 .225
- name : hex.mgrote.net
ip : 192.168 .3 .144
- name : pbs-test.mgrote.net
ip : 192.168 .2 .18
- name : pbs.mgrote.net
ip : 192.168 .3 .239
- name : pve5-test.mgrote.net
ip : 192.168 .2 .17
2024-05-13 12:00:02 +02:00
- name : pve5.mgrote.net # bleibt im Router auch angelegt, weil wenn pve aus auch kein blocky mehr ;-)
2023-11-29 12:22:34 +01:00
ip : 192.168 .2 .16
- name : rb5009.mgrote.net
ip : 192.168 .2 .1
- name : fritz.box
ip : 192.168 .5 .1
2024-04-04 09:48:09 +02:00
- name : ldap.mgrote.net
ip : 192.168 .2 .47
2024-08-12 23:46:08 +02:00
- name : munin.mgrote.net
2024-08-19 22:36:50 +02:00
ip : 192.168 .2 .40
2023-11-29 12:22:34 +01:00
2024-02-15 13:52:00 +01:00
### mgrote_munin_node
# kann git.mgrote.net nicht auflösen, deshalb hiermit IP
munin_node_plugins :
- name : chrony
2024-04-04 09:48:09 +02:00
src : http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/chrony/chrony
2024-02-15 13:52:00 +01:00
- name : systemd_status
2024-04-04 09:48:09 +02:00
src : http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/systemd/systemd_status
2024-02-15 13:52:00 +01:00
- name : systemd_mem
2024-04-04 09:48:09 +02:00
src : http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/systemd/systemd_mem
2024-02-15 13:52:00 +01:00
config : |
[ systemd_mem]
env.all_services true
- name : lvm_
2024-04-04 09:48:09 +02:00
src : http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/disk/lvm_
2024-02-15 13:52:00 +01:00
config : |
[ lvm_*]
user root
- name : fail2ban
2024-04-04 09:48:09 +02:00
src : http://192.168.2.42:3000/mg/munin-plugins/raw/branch/master/extern/fail2ban
2024-02-15 13:52:00 +01:00
config : |
[ fail2ban]
env.client /usr/bin/fail2ban-client
env.config_dir /etc/fail2ban
user root
- name : dnsresponse_192.168.2.1
2024-04-04 09:48:09 +02:00
src : http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/network/dns/dnsresponse_
2024-02-15 13:52:00 +01:00
- name : dnsresponse_192.168.2.37
2024-04-04 09:48:09 +02:00
src : http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/network/dns/dnsresponse_
2024-02-15 13:52:00 +01:00
- name : dnsresponse_127.0.0.1
2024-04-04 09:48:09 +02:00
src : http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/network/dns/dnsresponse_
2024-02-15 13:52:00 +01:00
config : |
[ dnsresponse_*]
env.site www.heise.de
env.times 20