--- ### mgrote_systemd_resolved systemd_resolved_nameserver: 9.9.9.9 ### oefenweb.ufw ufw_rules: - rule: allow to_port: 22 protocol: tcp comment: 'ssh' from_ip: 0.0.0.0/0 - rule: allow to_port: 4949 protocol: tcp comment: 'munin' from_ip: 192.168.2.0/24 - rule: allow to_port: 53 comment: 'dns' from_ip: 0.0.0.0/0 ### mgrote.apt_manage_packages apt_packages_extra: - libnet-dns-perl # für munin: dnsresponse_ ### mgrote_user_setup dotfiles_vim_vundle_repo_url: "http://{{ ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@192.168.2.42:3000/mirrors/Vundle.vim.git" dotfiles_repo_url: http://192.168.2.42:3000/mg/dotfiles ### mgrote_restic restic_repository: "//192.168.2.54/restic" ### mgrote_blocky blocky_version: v0.24 blocky_block_type: zeroIp blocky_local_upstream: 192.168.2.1 blocky_conditional_mapping: # optional - domain: mgrote.net resolver: 192.168.2.1 blocky_dns_upstream: - 9.9.9.9 - 1.1.1.1 - 8.8.8.8 - 5.9.164.112 blocky_dns_blocklists: - https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt - https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts - http://sysctl.org/cameleon/hosts - https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt blocky_custom_lookups: # optional # Internet - name: wiki.mgrote.net ip: 192.168.2.43 - name: audio.mgrote.net ip: 192.168.2.43 - name: auth.mgrote.net ip: 192.168.2.43 - name: ci.mgrote.net ip: 192.168.2.43 - name: miniflux.mgrote.net ip: 192.168.2.43 - name: nextcloud.mgrote.net ip: 192.168.2.43 - name: registry.mgrote.net ip: 192.168.2.43 - name: git.mgrote.net ip: 192.168.2.43 # Intern - name: ads2700w.mgrote.net ip: 192.168.2.147 - name: crs305.mgrote.net ip: 192.168.2.225 - name: hex.mgrote.net ip: 192.168.3.144 - name: pbs-test.mgrote.net ip: 192.168.2.18 - name: pbs.mgrote.net ip: 192.168.3.239 - name: pve5-test.mgrote.net ip: 192.168.2.17 - name: pve5.mgrote.net # bleibt im Router auch angelegt, weil wenn pve aus auch kein blocky mehr ;-) ip: 192.168.2.16 - name: rb5009.mgrote.net ip: 192.168.2.1 - name: fritz.box ip: 192.168.5.1 - name: ldap.mgrote.net ip: 192.168.2.43 - name: munin.mgrote.net ip: 192.168.2.40 - name: s3.mgrote.net ip: 192.168.2.43 - name: rui.mgrote.net ip: 192.168.2.43 - name: traefik.mgrote.net # kein oeffentlicher DNS-Record ip: 192.168.2.43 ### mgrote_munin_node # kann git.mgrote.net nicht auflösen, deshalb hiermit IP munin_node_plugins: - name: chrony src: http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/chrony/chrony - name: systemd_status src: http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/systemd/systemd_status - name: systemd_mem src: http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/systemd/systemd_mem config: | [systemd_mem] env.all_services true - name: lvm_ src: http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/disk/lvm_ config: | [lvm_*] user root - name: fail2ban src: http://192.168.2.42:3000/mg/munin-plugins/raw/branch/master/extern/fail2ban config: | [fail2ban] env.client /usr/bin/fail2ban-client env.config_dir /etc/fail2ban user root - name: dnsresponse_192.168.2.1 src: http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/network/dns/dnsresponse_ - name: dnsresponse_192.168.2.37 src: http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/network/dns/dnsresponse_ - name: dnsresponse_127.0.0.1 src: http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/network/dns/dnsresponse_ config: | [dnsresponse_*] env.site www.heise.de env.times 20