homeserver/group_vars/dnsmasq.yml

---
  ### oefenweb.ufw
  ufw_rules:
    - rule: allow
      to_port: 22
      protocol: tcp
      comment: 'ssh'
      from_ip: 0.0.0.0/0
    - rule: allow
      to_port: 4949
      protocol: tcp
      comment: 'munin'
      from_ip: 192.168.2.144/24
    - rule: allow
      to_port: 53
      comment: 'dns'
      from_ip: 0.0.0.0/0
  ### mgrote.restic
  restic_repository: "//192.168.2.36/restic"
  ### mgrote.apt_manage_sources
  # wird leer gesetzt da dnsmasq NICHT den Router befragt und daher keine Lokalen Hostnamen abfragen kann
  manage_sources_apt_proxy: ""
  ### mgrote.munin-node
  munin_node_plugins:
    - name: timesync
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status
    - name: systemd_status
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status
    - name: systemd_mem
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_mem
      config: |
        [systemd_mem]
        env.all_services true
    - name: lvm_
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_
      config: |
        [lvm_*]
        user root
    - name: fail2ban
      src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
      config: |
        [fail2ban]
        env.client /usr/bin/fail2ban-client
        env.config_dir /etc/fail2ban
        user root
    - name: dnsmasq
      src: https://git.mgrote.net/mg/mirror-dnsmasq-munin/raw/branch/master/dnsmasq
      config: |
        [dnsmasq]
        env.logfile {{ dnsmasq_logfile }}
        user root
    - name: dnsresponse_192.168.2.1
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/network/dns/dnsresponse_
    - name: dnsresponse_127.0.0.1
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/network/dns/dnsresponse_
      config: |
        [dnsresponse_*]
        env.site www.heise.de
        env.times 20
  ### mgrote.dnsmasq
  # Welche DNS-Server soll dnsmasq anfragen?
  dnsmasq_resolver:
    - 9.9.9.9
    - 1.1.1.1
  dnsmasq_log_queries: true # has to be true for munin
  dnsmasq_logfile: /var/log/dnsmasq.log
  dnsmasq_blocklists:
    - name: sysctl.org
      state: present
      url: http://sysctl.org/cameleon/hosts
    - name: StevenBlack.1
      state: present
      url: https://raw.githubusercontent.com/StevenBlack/hosts/master/data/KADhosts/hosts
    - name: StevenBlack.2
      state: present
      url: https://raw.githubusercontent.com/StevenBlack/hosts/master/data/add.Spam/hosts
    - name: adaway.org
      state: present
      url: https://adaway.org/hosts.txt
    - name: StevenBlack.3
      state: present
      url: https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
    - name: developerdan.1
      state: present
      url: https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt
    - name: developerdan.2
      state: present
      url: https://www.github.developerdan.com/hosts/lists/amp-hosts-extended.txt
  dnsmasq_cache_size: 10000
  dnsmasq_port: 53
  dnsmasq_never_forward_domain: grote.lan
  ### mgrote.apt_manage_packages
  apt_packages_extra:
    - libnet-dns-perl # für munin: dnsresponse_*
Vars entschlüsselt Rolle zu ansible-Playbook hinzugefügt, Var liegen in Group_Vars KeepassPW mit Vault verschlüsselt wip Umstellung in DB pb var auf testeinzeln miniflux storage gitignore angepasst pb vars wieder auf all virt 2020-08-19 12:29:49 +02:00			`---`
			`### oefenweb.ufw`
			`ufw_rules:`
			`- rule: allow`
			`to_port: 22`
			`protocol: tcp`
			`comment: 'ssh'`
ufw: Zugriff immer nur per IPv4 (#210) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/210 Co-authored-by: mg <mg@noreply.git.mgrote.net> Co-committed-by: mg <mg@noreply.git.mgrote.net> 2021-10-06 10:18:23 +02:00			`from_ip: 0.0.0.0/0`
munin (#116) motd unit house plugins vereinheitlicht aufräumen user vereinheitlicht samba users aufgeräumt aussortiert apc pwr systemd plugin kvm plugins lvm plguin acng plugin munin user chrony fur alle gruppe playbook docker vars playbook firewall munin für alle Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/116 Co-Authored-By: mg <mg@noreply.git.mgrote.net> Co-Committed-By: mg <mg@noreply.git.mgrote.net> 2021-06-16 21:57:28 +02:00			`- rule: allow`
			`to_port: 4949`
			`protocol: tcp`
			`comment: 'munin'`
			`from_ip: 192.168.2.144/24`
Vars entschlüsselt Rolle zu ansible-Playbook hinzugefügt, Var liegen in Group_Vars KeepassPW mit Vault verschlüsselt wip Umstellung in DB pb var auf testeinzeln miniflux storage gitignore angepasst pb vars wieder auf all virt 2020-08-19 12:29:49 +02:00			`- rule: allow`
			`to_port: 53`
Ersatz PiHole durch dnsmasq direkt (#298) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/298 Co-authored-by: mg <michael.grote@posteo.de> Co-committed-by: mg <michael.grote@posteo.de> 2022-01-15 11:19:04 +01:00			`comment: 'dns'`
ufw: Zugriff immer nur per IPv4 (#210) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/210 Co-authored-by: mg <mg@noreply.git.mgrote.net> Co-committed-by: mg <mg@noreply.git.mgrote.net> 2021-10-06 10:18:23 +02:00			`from_ip: 0.0.0.0/0`
pihole: ips statt fqdn (#99) acng ip ntp ip pihole: restic als ip Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/99 Co-Authored-By: mg <mg@noreply.git.mgrote.net> Co-Committed-By: mg <mg@noreply.git.mgrote.net> 2021-05-22 21:37:19 +02:00			`### mgrote.restic`
fileserver/zfs: jeder share als eigenes dataset (#212) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/212 Co-authored-by: mg <mg@noreply.git.mgrote.net> Co-committed-by: mg <mg@noreply.git.mgrote.net> 2021-10-09 20:23:23 +02:00			`restic_repository: "//192.168.2.36/restic"`
pihole: ips statt fqdn (#99) acng ip ntp ip pihole: restic als ip Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/99 Co-Authored-By: mg <mg@noreply.git.mgrote.net> Co-Committed-By: mg <mg@noreply.git.mgrote.net> 2021-05-22 21:37:19 +02:00			`### mgrote.apt_manage_sources`
Ersatz PiHole durch dnsmasq direkt (#298) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/298 Co-authored-by: mg <michael.grote@posteo.de> Co-committed-by: mg <michael.grote@posteo.de> 2022-01-15 11:19:04 +01:00			`# wird leer gesetzt da dnsmasq NICHT den Router befragt und daher keine Lokalen Hostnamen abfragen kann`
apt-sources mit neuer logik (#225) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/225 Co-authored-by: mg <michael.grote@posteo.de> Co-committed-by: mg <michael.grote@posteo.de> 2021-10-20 19:48:17 +02:00			`manage_sources_apt_proxy: ""`
Munin: Plugin hinzugefügt (#382) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/382 2022-06-12 22:24:12 +02:00			`### mgrote.munin-node`
munin: 3.33 – You Can (Not) Redo. (#203) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/203 Co-authored-by: mg <mg@noreply.git.mgrote.net> Co-committed-by: mg <mg@noreply.git.mgrote.net> 2021-09-24 10:11:54 +02:00			`munin_node_plugins:`
systemd: chrony --> timesyncd (#329) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/329 Co-authored-by: mg <michael.grote@posteo.de> Co-committed-by: mg <michael.grote@posteo.de> 2022-02-18 20:34:43 +01:00			`- name: timesync`
			`src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status`
munin: 3.33 – You Can (Not) Redo. (#203) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/203 Co-authored-by: mg <mg@noreply.git.mgrote.net> Co-committed-by: mg <mg@noreply.git.mgrote.net> 2021-09-24 10:11:54 +02:00			`- name: systemd_status`
Ersetze "lokale" munin-plugins durch upstream varianten (#239) upstream ist gespiegelt Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/239 Co-authored-by: mg <michael.grote@posteo.de> Co-committed-by: mg <michael.grote@posteo.de> 2021-11-07 12:22:11 +01:00			`src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status`
Munin: Plugin hinzugefügt (#382) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/382 2022-06-12 22:24:12 +02:00			`- name: systemd_mem`
			`src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_mem`
			`config: \|`
			`[systemd_mem]`
			`env.all_services true`
munin: 3.33 – You Can (Not) Redo. (#203) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/203 Co-authored-by: mg <mg@noreply.git.mgrote.net> Co-committed-by: mg <mg@noreply.git.mgrote.net> 2021-09-24 10:11:54 +02:00			`- name: lvm_`
Ersetze "lokale" munin-plugins durch upstream varianten (#239) upstream ist gespiegelt Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/239 Co-authored-by: mg <michael.grote@posteo.de> Co-committed-by: mg <michael.grote@posteo.de> 2021-11-07 12:22:11 +01:00			`src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_`
munin: 3.33 – You Can (Not) Redo. (#203) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/203 Co-authored-by: mg <mg@noreply.git.mgrote.net> Co-committed-by: mg <mg@noreply.git.mgrote.net> 2021-09-24 10:11:54 +02:00			`config: \|`
			`[lvm_*]`
			`user root`
aufbau tor-relay (#221) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/221 Co-authored-by: mg <michael.grote@posteo.de> Co-committed-by: mg <michael.grote@posteo.de> 2021-10-17 19:40:18 +02:00			`- name: fail2ban`
			`src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban`
			`config: \|`
			`[fail2ban]`
			`env.client /usr/bin/fail2ban-client`
			`env.config_dir /etc/fail2ban`
			`user root`
munin: dnsmasq: Plugin umbenannt (#303) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/303 Co-authored-by: mg <michael.grote@posteo.de> Co-committed-by: mg <michael.grote@posteo.de> 2022-01-15 12:35:44 +01:00			`- name: dnsmasq`
munin: dnsmasq url auf mirror umgestellt (#305) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/305 Co-authored-by: mg <michael.grote@posteo.de> Co-committed-by: mg <michael.grote@posteo.de> 2022-01-15 16:22:40 +01:00			`src: https://git.mgrote.net/mg/mirror-dnsmasq-munin/raw/branch/master/dnsmasq`
munin: dnsmasq: Plugin Vars ergänzt (#304) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/304 Co-authored-by: mg <michael.grote@posteo.de> Co-committed-by: mg <michael.grote@posteo.de> 2022-01-15 13:43:15 +01:00			`config: \|`
			`[dnsmasq]`
			`env.logfile {{ dnsmasq_logfile }}`
			`user root`
munin: dnsmasq: dnsresponse neu konfiguriert (#311) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/311 Co-authored-by: mg <michael.grote@posteo.de> Co-committed-by: mg <michael.grote@posteo.de> 2022-01-20 22:19:17 +01:00			`- name: dnsresponse_192.168.2.1`
dnsmasq: munin: dnsreponse_ (#310) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/310 Co-authored-by: mg <michael.grote@posteo.de> Co-committed-by: mg <michael.grote@posteo.de> 2022-01-20 14:36:43 +01:00			`src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/network/dns/dnsresponse_`
munin: dnsmasq: dnsresponse neu konfiguriert (#311) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/311 Co-authored-by: mg <michael.grote@posteo.de> Co-committed-by: mg <michael.grote@posteo.de> 2022-01-20 22:19:17 +01:00			`- name: dnsresponse_127.0.0.1`
dnsmasq: munin: dnsreponse_ (#310) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/310 Co-authored-by: mg <michael.grote@posteo.de> Co-committed-by: mg <michael.grote@posteo.de> 2022-01-20 14:36:43 +01:00			`src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/network/dns/dnsresponse_`
			`config: \|`
munin: dnsmasq: dnsresponse neu konfiguriert (#311) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/311 Co-authored-by: mg <michael.grote@posteo.de> Co-committed-by: mg <michael.grote@posteo.de> 2022-01-20 22:19:17 +01:00			`[dnsresponse_*]`
			`env.site www.heise.de`
dnsmasq: munin: dnsreponse_ (#310) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/310 Co-authored-by: mg <michael.grote@posteo.de> Co-committed-by: mg <michael.grote@posteo.de> 2022-01-20 14:36:43 +01:00			`env.times 20`
Ersatz PiHole durch dnsmasq direkt (#298) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/298 Co-authored-by: mg <michael.grote@posteo.de> Co-committed-by: mg <michael.grote@posteo.de> 2022-01-15 11:19:04 +01:00			`### mgrote.dnsmasq`
			`# Welche DNS-Server soll dnsmasq anfragen?`
			`dnsmasq_resolver:`
			`- 9.9.9.9`
			`- 1.1.1.1`
munin: dnsmasq: Plugin Vars ergänzt (#304) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/304 Co-authored-by: mg <michael.grote@posteo.de> Co-committed-by: mg <michael.grote@posteo.de> 2022-01-15 13:43:15 +01:00			`dnsmasq_log_queries: true # has to be true for munin`
Ersatz PiHole durch dnsmasq direkt (#298) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/298 Co-authored-by: mg <michael.grote@posteo.de> Co-committed-by: mg <michael.grote@posteo.de> 2022-01-15 11:19:04 +01:00			`dnsmasq_logfile: /var/log/dnsmasq.log`
			`dnsmasq_blocklists:`
			`- name: sysctl.org`
			`state: present`
			`url: http://sysctl.org/cameleon/hosts`
			`- name: StevenBlack.1`
			`state: present`
			`url: https://raw.githubusercontent.com/StevenBlack/hosts/master/data/KADhosts/hosts`
			`- name: StevenBlack.2`
			`state: present`
			`url: https://raw.githubusercontent.com/StevenBlack/hosts/master/data/add.Spam/hosts`
			`- name: adaway.org`
			`state: present`
			`url: https://adaway.org/hosts.txt`
			`- name: StevenBlack.3`
			`state: present`
			`url: https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts`
			`- name: developerdan.1`
			`state: present`
			`url: https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt`
			`- name: developerdan.2`
			`state: present`
			`url: https://www.github.developerdan.com/hosts/lists/amp-hosts-extended.txt`
			`dnsmasq_cache_size: 10000`
			`dnsmasq_port: 53`
			`dnsmasq_never_forward_domain: grote.lan`
dnsmasq: munin: dnsreponse_ (#310) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/310 Co-authored-by: mg <michael.grote@posteo.de> Co-committed-by: mg <michael.grote@posteo.de> 2022-01-20 14:36:43 +01:00			`### mgrote.apt_manage_packages`
			`apt_packages_extra:`
			`- libnet-dns-perl # für munin: dnsresponse_*`