---
  ### mgrote.apt_manage_sources
  manage_sources_apt_proxy: ""
  ### mgrote.tor-node
  tor_relay_name: tor1mgrote
  tor_or_port: 9001
  tor_socks_port: 0
  tor_control_socket: 0
  tor_contact_info: webmaster(at)mgrote(dot)net
  tor_control_port: 9051
  tor_mode: bridge
  tor_bridge_port: 5555
  ### oefenweb.ufw
  ufw_rules:
    - rule: allow
      to_port: 22
      protocol: tcp
      comment: 'ssh'
      from_ip: 0.0.0.0/0
    - rule: allow
      to_port: 4949
      protocol: tcp
      comment: 'munin'
      from_ip: 0.0.0.0/0
    - rule: allow
      to_port: "{{ tor_or_port }}"
      protocol: tcp
      comment: 'tor'
      from_ip: 0.0.0.0/0
    - rule: allow
      to_port: "{{ tor_bridge_port }}"
      protocol: tcp
      comment: 'tor'
      from_ip: 0.0.0.0/0
  ### geerlingguy.munin-node
  munin_node_bind_port: "4949"
  munin_node_allowed_cidrs: [0.0.0.0/0]
  munin_node_plugins:
    - name: chrony
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/chrony/chrony
    - name: fail2ban
      src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
      config: |
        [fail2ban]
        env.client /usr/bin/fail2ban-client
        env.config_dir /etc/fail2ban
        user root
    - name: systemd_status
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status
    - name: lvm_
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_
      config: |
        [lvm_*]
        user root
    - name: tor_traffic
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/tor/tor_
      config: |
        [tor_*]
        user root
        group root
        env.torcachefile munin_tor_country_stats.json
        env.torconnectmethod port
        env.torgeoippath /usr/share/GeoIP/GeoIP.dat
        env.tormaxcountries 15
        env.torport {{ tor_control_port }}
        env.torsocket /var/run/tor/control
    - name: tor_bandwidth
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/tor/tor_
    - name: tor_connections
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/tor/tor_
    - name: tor_countries
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/tor/tor_
    - name: tor_dormant
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/tor/tor_
    - name: tor_routers
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/tor/tor_
  ### mgrote.ntp_chrony_server
  ntp_chrony_timezone: "Europe/Berlin"
  ntp_chrony_servers:
    - address: ptbtime1.ptb.de
      options: iburst
    - address: ntp0.ewetel.de
      options: iburst
  ### mgrote.tmux
  tmux_conf_destination: "/home/mg/.tmux.conf"
  tmux_bashrc_destination: "/home/mg/.bashrc"
  tmux_standardsession_name: "default"
  ### mgrote.apt_manage_packages
  apt_packages_extra:
    - python3-stem # für munin-tor_
    - geoip-bin # für munin-tor_
    - geoip-database # für munin-tor_
    - geoipupdate # für munin-tor_
    - python3-geoip # für munin-tor_
    - nyx # tor-cli-monitoring
    - open-vm-tools
  ### mgrote.fail2ban
  f2b_bantime: 3600
  f2b_findtime: 600
  f2b_maxretry: 3
  f2b_send_email_report: false
  ### mgrote.restic
  restic_enable_role: false