--- ### oefenweb.ufw ufw_rules: - rule: allow to_port: 22 protocol: tcp comment: 'ssh' from_ip: 0.0.0.0/0 - rule: allow to_port: 80 comment: 'pihole-webgui' from_ip: 0.0.0.0/0 protocol: tcp - rule: allow to_port: 4949 protocol: tcp comment: 'munin' from_ip: 192.168.2.144/24 - rule: allow to_port: 53 comment: 'pihole-dns' from_ip: 0.0.0.0/0 ## playbook pihole_homer_fqdn: docker.grote.lan # unter welchem host ist docker erreichbar? notwendig für die pihole stats in homer; fur die cors abfrage ### mgrote.restic restic_repository: "//192.168.2.36/restic" ### mgrote.ntp_chrony_server ntp_chrony_servers: # weil pihole den fqdn nicht auflösen kann - address: pool.ntp.org options: iburst #optionaler parameter ### mgrote.apt_manage_sources manage_sources_apt_proxy: "" ### geerlingguy.munin-node munin_node_plugins: - name: chrony src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/chrony - name: systemd_status src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/systemd_status - name: lvm_ src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/lvm_ config: | [lvm_*] user root - name: pihole_cache src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/pihole/pihole_cache config: | [pihole_*] user root env.host 127.0.0.1 env.port 80 env.api /admin/api.php - name: pihole_clients src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/pihole/pihole_clients - name: pihole_queries src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/pihole/pihole_queries - name: pihole_blocked_domains src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/pihole/pihole_blocked_domains - name: pihole_ads_percentage src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/pihole/pihole_ads_percentage - name: fail2ban src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban config: | [fail2ban] env.client /usr/bin/fail2ban-client env.config_dir /etc/fail2ban user root