2023-11-29 12:22:34 +01:00
|
|
|
---
|
|
|
|
### mgrote_systemd_resolved
|
|
|
|
systemd_resolved_nameserver: 9.9.9.9
|
|
|
|
|
|
|
|
### oefenweb.ufw
|
|
|
|
ufw_rules:
|
|
|
|
- rule: allow
|
|
|
|
to_port: 22
|
|
|
|
protocol: tcp
|
|
|
|
comment: 'ssh'
|
|
|
|
from_ip: 0.0.0.0/0
|
2024-02-15 13:52:00 +01:00
|
|
|
- rule: allow
|
|
|
|
to_port: 4949
|
|
|
|
protocol: tcp
|
|
|
|
comment: 'munin'
|
|
|
|
from_ip: 192.168.2.0/24
|
2023-11-29 12:22:34 +01:00
|
|
|
- rule: allow
|
|
|
|
to_port: 53
|
|
|
|
comment: 'dns'
|
|
|
|
from_ip: 0.0.0.0/0
|
|
|
|
|
2024-02-16 13:59:10 +01:00
|
|
|
### mgrote.apt_manage_packages
|
|
|
|
apt_packages_extra:
|
|
|
|
- libnet-dns-perl # für munin: dnsresponse_
|
|
|
|
|
2023-12-04 14:43:04 +01:00
|
|
|
### mgrote_user_setup
|
2024-09-12 10:28:47 +02:00
|
|
|
dotfiles_vim_vundle_repo_url: "http://{{ ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@192.168.2.42:3000/mirrors/Vundle.vim.git"
|
2024-04-04 09:48:09 +02:00
|
|
|
dotfiles_repo_url: http://192.168.2.42:3000/mg/dotfiles
|
2023-12-04 14:43:04 +01:00
|
|
|
|
2024-05-25 20:58:07 +02:00
|
|
|
### mgrote_restic
|
|
|
|
restic_repository: "//192.168.2.54/restic"
|
|
|
|
|
2023-11-29 12:22:34 +01:00
|
|
|
### mgrote_blocky
|
2024-05-25 20:04:03 +02:00
|
|
|
blocky_version: v0.24
|
2023-11-29 12:22:34 +01:00
|
|
|
blocky_block_type: zeroIp
|
|
|
|
blocky_local_upstream: 192.168.2.1
|
|
|
|
blocky_conditional_mapping: # optional
|
|
|
|
- domain: mgrote.net
|
|
|
|
resolver: 192.168.2.1
|
|
|
|
blocky_dns_upstream:
|
|
|
|
- 9.9.9.9
|
|
|
|
- 1.1.1.1
|
|
|
|
- 8.8.8.8
|
|
|
|
- 5.9.164.112
|
|
|
|
blocky_dns_blocklists:
|
|
|
|
- https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
|
|
|
|
- https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
|
|
|
|
- http://sysctl.org/cameleon/hosts
|
|
|
|
- https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
|
|
|
|
blocky_custom_lookups: # optional
|
|
|
|
# Internet
|
|
|
|
- name: wiki.mgrote.net
|
|
|
|
ip: 192.168.2.43
|
|
|
|
- name: audio.mgrote.net
|
|
|
|
ip: 192.168.2.43
|
|
|
|
- name: auth.mgrote.net
|
|
|
|
ip: 192.168.2.43
|
|
|
|
- name: ci.mgrote.net
|
|
|
|
ip: 192.168.2.43
|
|
|
|
- name: miniflux.mgrote.net
|
|
|
|
ip: 192.168.2.43
|
|
|
|
- name: nextcloud.mgrote.net
|
|
|
|
ip: 192.168.2.43
|
|
|
|
- name: registry.mgrote.net
|
|
|
|
ip: 192.168.2.43
|
2024-02-15 13:52:00 +01:00
|
|
|
- name: git.mgrote.net
|
|
|
|
ip: 192.168.2.43
|
2023-11-29 12:22:34 +01:00
|
|
|
# Intern
|
|
|
|
- name: ads2700w.mgrote.net
|
|
|
|
ip: 192.168.2.147
|
|
|
|
- name: crs305.mgrote.net
|
|
|
|
ip: 192.168.2.225
|
|
|
|
- name: hex.mgrote.net
|
|
|
|
ip: 192.168.3.144
|
|
|
|
- name: pbs-test.mgrote.net
|
|
|
|
ip: 192.168.2.18
|
|
|
|
- name: pbs.mgrote.net
|
|
|
|
ip: 192.168.3.239
|
|
|
|
- name: pve5-test.mgrote.net
|
|
|
|
ip: 192.168.2.17
|
2024-05-13 12:00:02 +02:00
|
|
|
- name: pve5.mgrote.net # bleibt im Router auch angelegt, weil wenn pve aus auch kein blocky mehr ;-)
|
2023-11-29 12:22:34 +01:00
|
|
|
ip: 192.168.2.16
|
|
|
|
- name: rb5009.mgrote.net
|
|
|
|
ip: 192.168.2.1
|
|
|
|
- name: fritz.box
|
|
|
|
ip: 192.168.5.1
|
2024-04-04 09:48:09 +02:00
|
|
|
- name: ldap.mgrote.net
|
2024-11-15 19:59:33 +01:00
|
|
|
ip: 192.168.2.43
|
2024-08-12 23:46:08 +02:00
|
|
|
- name: munin.mgrote.net
|
2024-08-19 22:36:50 +02:00
|
|
|
ip: 192.168.2.40
|
2024-11-08 23:03:16 +01:00
|
|
|
- name: s3.mgrote.net
|
|
|
|
ip: 192.168.2.43
|
2024-11-10 17:29:04 +01:00
|
|
|
- name: rui.mgrote.net
|
|
|
|
ip: 192.168.2.43
|
2023-11-29 12:22:34 +01:00
|
|
|
|
2024-02-15 13:52:00 +01:00
|
|
|
### mgrote_munin_node
|
|
|
|
# kann git.mgrote.net nicht auflösen, deshalb hiermit IP
|
|
|
|
munin_node_plugins:
|
|
|
|
- name: chrony
|
2024-04-04 09:48:09 +02:00
|
|
|
src: http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/chrony/chrony
|
2024-02-15 13:52:00 +01:00
|
|
|
- name: systemd_status
|
2024-04-04 09:48:09 +02:00
|
|
|
src: http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/systemd/systemd_status
|
2024-02-15 13:52:00 +01:00
|
|
|
- name: systemd_mem
|
2024-04-04 09:48:09 +02:00
|
|
|
src: http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/systemd/systemd_mem
|
2024-02-15 13:52:00 +01:00
|
|
|
config: |
|
|
|
|
[systemd_mem]
|
|
|
|
env.all_services true
|
|
|
|
- name: lvm_
|
2024-04-04 09:48:09 +02:00
|
|
|
src: http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/disk/lvm_
|
2024-02-15 13:52:00 +01:00
|
|
|
config: |
|
|
|
|
[lvm_*]
|
|
|
|
user root
|
|
|
|
- name: fail2ban
|
2024-04-04 09:48:09 +02:00
|
|
|
src: http://192.168.2.42:3000/mg/munin-plugins/raw/branch/master/extern/fail2ban
|
2024-02-15 13:52:00 +01:00
|
|
|
config: |
|
|
|
|
[fail2ban]
|
|
|
|
env.client /usr/bin/fail2ban-client
|
|
|
|
env.config_dir /etc/fail2ban
|
|
|
|
user root
|
|
|
|
- name: dnsresponse_192.168.2.1
|
2024-04-04 09:48:09 +02:00
|
|
|
src: http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/network/dns/dnsresponse_
|
2024-02-15 13:52:00 +01:00
|
|
|
- name: dnsresponse_192.168.2.37
|
2024-04-04 09:48:09 +02:00
|
|
|
src: http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/network/dns/dnsresponse_
|
2024-02-15 13:52:00 +01:00
|
|
|
- name: dnsresponse_127.0.0.1
|
2024-04-04 09:48:09 +02:00
|
|
|
src: http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/network/dns/dnsresponse_
|
2024-02-15 13:52:00 +01:00
|
|
|
config: |
|
|
|
|
[dnsresponse_*]
|
|
|
|
env.site www.heise.de
|
|
|
|
env.times 20
|