2020-08-19 12:29:49 +02:00
|
|
|
---
|
|
|
|
### oefenweb.ufw
|
|
|
|
ufw_rules:
|
|
|
|
- rule: allow
|
|
|
|
to_port: 22
|
|
|
|
protocol: tcp
|
|
|
|
comment: 'ssh'
|
2021-10-06 10:18:23 +02:00
|
|
|
from_ip: 0.0.0.0/0
|
2020-08-19 12:29:49 +02:00
|
|
|
- rule: allow
|
|
|
|
to_port: 80
|
|
|
|
comment: 'pihole-webgui'
|
2021-10-06 10:18:23 +02:00
|
|
|
from_ip: 0.0.0.0/0
|
2021-10-18 18:32:14 +02:00
|
|
|
protocol: tcp
|
2021-06-16 21:57:28 +02:00
|
|
|
- rule: allow
|
|
|
|
to_port: 4949
|
|
|
|
protocol: tcp
|
|
|
|
comment: 'munin'
|
|
|
|
from_ip: 192.168.2.144/24
|
2020-08-19 12:29:49 +02:00
|
|
|
- rule: allow
|
|
|
|
to_port: 53
|
|
|
|
comment: 'pihole-dns'
|
2021-10-06 10:18:23 +02:00
|
|
|
from_ip: 0.0.0.0/0
|
2021-05-02 14:03:16 +02:00
|
|
|
## playbook
|
|
|
|
pihole_homer_fqdn: docker.grote.lan # unter welchem host ist docker erreichbar? notwendig für die pihole stats in homer; fur die cors abfrage
|
2021-05-22 21:37:19 +02:00
|
|
|
### mgrote.restic
|
2021-10-09 20:23:23 +02:00
|
|
|
restic_repository: "//192.168.2.36/restic"
|
2021-05-22 21:37:19 +02:00
|
|
|
### mgrote.ntp_chrony_server
|
|
|
|
ntp_chrony_servers: # weil pihole den fqdn nicht auflösen kann
|
|
|
|
- address: pool.ntp.org
|
|
|
|
options: iburst #optionaler parameter
|
|
|
|
### mgrote.apt_manage_sources
|
2021-10-20 19:48:17 +02:00
|
|
|
manage_sources_apt_proxy: ""
|
2021-09-24 10:11:54 +02:00
|
|
|
### geerlingguy.munin-node
|
|
|
|
munin_node_plugins:
|
|
|
|
- name: chrony
|
|
|
|
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/chrony
|
|
|
|
- name: systemd_status
|
|
|
|
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/systemd_status
|
|
|
|
- name: lvm_
|
|
|
|
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/lvm_
|
|
|
|
config: |
|
|
|
|
[lvm_*]
|
|
|
|
user root
|
|
|
|
- name: pihole_cache
|
|
|
|
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/pihole/pihole_cache
|
|
|
|
config: |
|
|
|
|
[pihole_*]
|
|
|
|
user root
|
|
|
|
env.host 127.0.0.1
|
|
|
|
env.port 80
|
|
|
|
env.api /admin/api.php
|
|
|
|
- name: pihole_clients
|
|
|
|
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/pihole/pihole_clients
|
|
|
|
- name: pihole_queries
|
|
|
|
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/pihole/pihole_queries
|
2021-10-01 18:35:16 +02:00
|
|
|
- name: pihole_blocked_domains
|
|
|
|
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/pihole/pihole_blocked_domains
|
|
|
|
- name: pihole_ads_percentage
|
|
|
|
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/pihole/pihole_ads_percentage
|
2021-10-17 19:40:18 +02:00
|
|
|
- name: fail2ban
|
|
|
|
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
|
|
|
|
config: |
|
|
|
|
[fail2ban]
|
|
|
|
env.client /usr/bin/fail2ban-client
|
|
|
|
env.config_dir /etc/fail2ban
|
|
|
|
user root
|