--- ### oefenweb.ufw ufw_rules: - rule: allow to_port: 22 protocol: tcp comment: 'ssh' from_ip: 0.0.0.0/0 - rule: allow to_port: 123 comment: 'ntp' from_ip: 192.168.2.0/24 - rule: allow to_port: 4949 protocol: tcp comment: 'munin' from_ip: 192.168.2.144/24 ### mgrote.ntp_chrony_server ntp_timesyncd_timezone: "Europe/Berlin" # Zeitzone in der sich der Computer befindet ntp_chrony_driftfile_directory: "/var/lib/chrony" # Ordner für das driftfile ntp_timesyncd_servers: # welche Server sollen befragt werden - address: ptbtime1.ptb.de options: iburst #optionaler parameter - address: ptbtime2.ptb.de options: iburst - address: ptbtime3.ptb.de options: iburst - address: time3.google.com options: iburst - address: ntp0.fau.de options: iburst ntp_chrony_user: _chrony # Nutzer + Gruppe für den Dienst ntp_chrony_group: _chrony # Nutzer + Gruppe für den Dienst ntp_chrony_logging: false # logging an/aus ntp_chrony_subnet_allow: 192.168.2.0/24 # welche Netze dürfen den Server befragen ### mgrote.restic munin_node_disabled_plugins: - name: meminfo # zu hohe last - name: hddtemp2 # ersetzt durch hddtemp_smartctl - name: ntp # verursacht zu viele dns ptr request - name: hddtempd # ersetzt durch hddtemp_smartctl - name: ipmi_power # für pve2, leeres diagramm - name: docker_images - name: docker_status - name: timesync munin_node_plugins: - name: chrony src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/chrony/chrony - name: systemd_status src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status - name: lvm_ src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_ config: | [lvm_*] user root - name: fail2ban src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban config: | [fail2ban] env.client /usr/bin/fail2ban-client env.config_dir /etc/fail2ban user root