--- ### oefenweb.ufw ufw_rules: - rule: allow to_port: 22 protocol: tcp comment: 'ssh' from_ip: 0.0.0.0/0 - rule: allow to_port: 4949 protocol: tcp comment: 'munin' from_ip: 192.168.2.144/24 - rule: allow to_port: 53 comment: 'dns' from_ip: 0.0.0.0/0 ### mgrote.restic restic_repository: "//192.168.2.54/restic" ### mgrote.apt_manage_sources # wird leer gesetzt da dnsmasq NICHT den Router befragt und daher keine Lokalen Hostnamen abfragen kann manage_sources_apt_proxy: "" ### mgrote.apt_manage_packages # hier mit IP statt Hostnamen da dnsmasq NICHT den Router befragt und daher keine Lokalen Hostnamen abfragen kann apt_packages_internet: - http://192.168.2.43:3344/bash-helper-scripts-mgrote/bash-helper-scripts-mgrote-latest.deb ### mgrote.munin-node munin_node_plugins: - name: timesync src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status - name: systemd_status src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status - name: systemd_mem src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_mem config: | [systemd_mem] env.all_services true - name: lvm_ src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_ config: | [lvm_*] user root - name: fail2ban src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban config: | [fail2ban] env.client /usr/bin/fail2ban-client env.config_dir /etc/fail2ban user root - name: dnsmasq src: https://git.mgrote.net/mg/mirror-dnsmasq-munin/raw/branch/master/dnsmasq config: | [dnsmasq] env.logfile {{ dnsmasq_logfile }} user root - name: dnsresponse_192.168.2.1 src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/network/dns/dnsresponse_ - name: dnsresponse_127.0.0.1 src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/network/dns/dnsresponse_ config: | [dnsresponse_*] env.site www.heise.de env.times 20 ### mgrote.dnsmasq # Welche DNS-Server soll dnsmasq anfragen? dnsmasq_resolver: - 9.9.9.9 - 1.1.1.1 dnsmasq_log_queries: true # has to be true for munin dnsmasq_logfile: /var/log/dnsmasq.log dnsmasq_blocklists: - name: sysctl.org state: present url: http://sysctl.org/cameleon/hosts - name: StevenBlack.1 state: present url: https://raw.githubusercontent.com/StevenBlack/hosts/master/data/KADhosts/hosts - name: StevenBlack.2 state: present url: https://raw.githubusercontent.com/StevenBlack/hosts/master/data/add.Spam/hosts - name: adaway.org state: present url: https://adaway.org/hosts.txt - name: StevenBlack.3 state: present url: https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts - name: developerdan.1 state: present url: https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt - name: developerdan.2 state: present url: https://www.github.developerdan.com/hosts/lists/amp-hosts-extended.txt dnsmasq_cache_size: 10000 dnsmasq_port: 53 dnsmasq_never_forward_domain: grote.lan ### mgrote.apt_manage_packages apt_packages_extra: - libnet-dns-perl # für munin: dnsresponse_*