homeserver/group_vars/pihole.yml

---
  ### oefenweb.ufw
  ufw_rules:
    - rule: allow
      to_port: 22
      protocol: tcp
      comment: 'ssh'
      from_ip: 0.0.0.0/0
    - rule: allow
      to_port: 80
      comment: 'pihole-webgui'
      from_ip: 0.0.0.0/0
      protocol: tcp
    - rule: allow
      to_port: 4949
      protocol: tcp
      comment: 'munin'
      from_ip: 192.168.2.144/24
    - rule: allow
      to_port: 53
      comment: 'pihole-dns'
      from_ip: 0.0.0.0/0
  ## playbook
  pihole_homer_fqdn: docker.grote.lan # unter welchem host ist docker erreichbar? notwendig für die pihole stats in homer; fur die cors abfrage
  ### mgrote.restic
  restic_repository: "//192.168.2.36/restic"
  ### mgrote.ntp_chrony_server
  ntp_chrony_servers: # weil pihole den fqdn nicht auflösen kann
    - address: pool.ntp.org
      options: iburst #optionaler parameter
  ### mgrote.apt_manage_sources
  manage_sources_apt_proxy: ""
  ### geerlingguy.munin-node
  munin_node_plugins:
    - name: chrony
      src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/chrony
    - name: systemd_status
      src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/systemd_status
    - name: lvm_
      src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/lvm_
      config: |
        [lvm_*]
        user root
    - name: pihole_cache
      src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/pihole/pihole_cache
      config: |
        [pihole_*]
        user root
        env.host 127.0.0.1
        env.port 80
        env.api /admin/api.php
    - name: pihole_clients
      src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/pihole/pihole_clients
    - name: pihole_queries
      src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/pihole/pihole_queries
    - name: pihole_blocked_domains
      src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/pihole/pihole_blocked_domains
    - name: pihole_ads_percentage
      src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/pihole/pihole_ads_percentage
    - name: fail2ban
      src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
      config: |
        [fail2ban]
        env.client /usr/bin/fail2ban-client
        env.config_dir /etc/fail2ban
        user root
Vars entschlüsselt Rolle zu ansible-Playbook hinzugefügt, Var liegen in Group_Vars KeepassPW mit Vault verschlüsselt wip Umstellung in DB pb var auf testeinzeln miniflux storage gitignore angepasst pb vars wieder auf all virt 2020-08-19 12:29:49 +02:00			`---`
			`### oefenweb.ufw`
			`ufw_rules:`
			`- rule: allow`
			`to_port: 22`
			`protocol: tcp`
			`comment: 'ssh'`
ufw: Zugriff immer nur per IPv4 (#210) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/210 Co-authored-by: mg <mg@noreply.git.mgrote.net> Co-committed-by: mg <mg@noreply.git.mgrote.net> 2021-10-06 10:18:23 +02:00			`from_ip: 0.0.0.0/0`
Vars entschlüsselt Rolle zu ansible-Playbook hinzugefügt, Var liegen in Group_Vars KeepassPW mit Vault verschlüsselt wip Umstellung in DB pb var auf testeinzeln miniflux storage gitignore angepasst pb vars wieder auf all virt 2020-08-19 12:29:49 +02:00			`- rule: allow`
			`to_port: 80`
			`comment: 'pihole-webgui'`
ufw: Zugriff immer nur per IPv4 (#210) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/210 Co-authored-by: mg <mg@noreply.git.mgrote.net> Co-committed-by: mg <mg@noreply.git.mgrote.net> 2021-10-06 10:18:23 +02:00			`from_ip: 0.0.0.0/0`
ufw (#223) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/223 Co-authored-by: mg <michael.grote@posteo.de> Co-committed-by: mg <michael.grote@posteo.de> 2021-10-18 18:32:14 +02:00			`protocol: tcp`
munin (#116) motd unit house plugins vereinheitlicht aufräumen user vereinheitlicht samba users aufgeräumt aussortiert apc pwr systemd plugin kvm plugins lvm plguin acng plugin munin user chrony fur alle gruppe playbook docker vars playbook firewall munin für alle Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/116 Co-Authored-By: mg <mg@noreply.git.mgrote.net> Co-Committed-By: mg <mg@noreply.git.mgrote.net> 2021-06-16 21:57:28 +02:00			`- rule: allow`
			`to_port: 4949`
			`protocol: tcp`
			`comment: 'munin'`
			`from_ip: 192.168.2.144/24`
Vars entschlüsselt Rolle zu ansible-Playbook hinzugefügt, Var liegen in Group_Vars KeepassPW mit Vault verschlüsselt wip Umstellung in DB pb var auf testeinzeln miniflux storage gitignore angepasst pb vars wieder auf all virt 2020-08-19 12:29:49 +02:00			`- rule: allow`
			`to_port: 53`
			`comment: 'pihole-dns'`
ufw: Zugriff immer nur per IPv4 (#210) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/210 Co-authored-by: mg <mg@noreply.git.mgrote.net> Co-committed-by: mg <mg@noreply.git.mgrote.net> 2021-10-06 10:18:23 +02:00			`from_ip: 0.0.0.0/0`
PiHole: Anpassungen für Homer (#77) task pihole für homer cors Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/77 Co-Authored-By: mg <mg@noreply.git.mgrote.net> Co-Committed-By: mg <mg@noreply.git.mgrote.net> 2021-05-02 14:03:16 +02:00			`## playbook`
			`pihole_homer_fqdn: docker.grote.lan # unter welchem host ist docker erreichbar? notwendig für die pihole stats in homer; fur die cors abfrage`
pihole: ips statt fqdn (#99) acng ip ntp ip pihole: restic als ip Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/99 Co-Authored-By: mg <mg@noreply.git.mgrote.net> Co-Committed-By: mg <mg@noreply.git.mgrote.net> 2021-05-22 21:37:19 +02:00			`### mgrote.restic`
fileserver/zfs: jeder share als eigenes dataset (#212) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/212 Co-authored-by: mg <mg@noreply.git.mgrote.net> Co-committed-by: mg <mg@noreply.git.mgrote.net> 2021-10-09 20:23:23 +02:00			`restic_repository: "//192.168.2.36/restic"`
pihole: ips statt fqdn (#99) acng ip ntp ip pihole: restic als ip Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/99 Co-Authored-By: mg <mg@noreply.git.mgrote.net> Co-Committed-By: mg <mg@noreply.git.mgrote.net> 2021-05-22 21:37:19 +02:00			`### mgrote.ntp_chrony_server`
			`ntp_chrony_servers: # weil pihole den fqdn nicht auflösen kann`
			`- address: pool.ntp.org`
			`options: iburst #optionaler parameter`
			`### mgrote.apt_manage_sources`
apt-sources mit neuer logik (#225) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/225 Co-authored-by: mg <michael.grote@posteo.de> Co-committed-by: mg <michael.grote@posteo.de> 2021-10-20 19:48:17 +02:00			`manage_sources_apt_proxy: ""`
munin: 3.33 – You Can (Not) Redo. (#203) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/203 Co-authored-by: mg <mg@noreply.git.mgrote.net> Co-committed-by: mg <mg@noreply.git.mgrote.net> 2021-09-24 10:11:54 +02:00			`### geerlingguy.munin-node`
			`munin_node_plugins:`
			`- name: chrony`
			`src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/chrony`
			`- name: systemd_status`
			`src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/systemd_status`
			`- name: lvm_`
			`src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/lvm_`
			`config: \|`
			`[lvm_*]`
			`user root`
			`- name: pihole_cache`
			`src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/pihole/pihole_cache`
			`config: \|`
			`[pihole_*]`
			`user root`
			`env.host 127.0.0.1`
			`env.port 80`
			`env.api /admin/api.php`
			`- name: pihole_clients`
			`src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/pihole/pihole_clients`
			`- name: pihole_queries`
			`src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/pihole/pihole_queries`
munin: pihole plugins hinzugefügt (#207) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/207 Co-authored-by: mg <mg@noreply.git.mgrote.net> Co-committed-by: mg <mg@noreply.git.mgrote.net> 2021-10-01 18:35:16 +02:00			`- name: pihole_blocked_domains`
			`src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/pihole/pihole_blocked_domains`
			`- name: pihole_ads_percentage`
			`src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/pihole/pihole_ads_percentage`
aufbau tor-relay (#221) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/221 Co-authored-by: mg <michael.grote@posteo.de> Co-committed-by: mg <michael.grote@posteo.de> 2021-10-17 19:40:18 +02:00			`- name: fail2ban`
			`src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban`
			`config: \|`
			`[fail2ban]`
			`env.client /usr/bin/fail2ban-client`
			`env.config_dir /etc/fail2ban`
			`user root`