66 lines
2.1 KiB
YAML
66 lines
2.1 KiB
YAML
---
|
|
### geerlingguy.nfs
|
|
nfs_exports:
|
|
- /srv/nfs 192.168.2.40(rw,no_subtree_check,no_root_squash) #k3s3
|
|
- /srv/nfs 192.168.2.41(rw,no_subtree_check,no_root_squash) #k3s2
|
|
- /srv/nfs 192.168.2.42(rw,no_subtree_check,no_root_squash) #k3s1
|
|
nfs_port: 33333
|
|
|
|
|
|
### mgrote.munin-node
|
|
munin_node_plugins:
|
|
- name: timesync
|
|
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status
|
|
- name: systemd_status
|
|
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status
|
|
- name: systemd_mem
|
|
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_mem
|
|
config: |
|
|
[systemd_mem]
|
|
env.all_services true
|
|
- name: lvm_
|
|
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_
|
|
config: |
|
|
[lvm_*]
|
|
user root
|
|
- name: fail2ban
|
|
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
|
|
config: |
|
|
[fail2ban]
|
|
env.client /usr/bin/fail2ban-client
|
|
env.config_dir /etc/fail2ban
|
|
user root
|
|
- name: nfsd4
|
|
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/nsfd4
|
|
- name: nfsd
|
|
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/nfsd
|
|
|
|
### mgrote.restic
|
|
restic_folders_to_backup: "/ /srv/nfs" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben
|
|
|
|
|
|
### oefenweb.ufw
|
|
ufw_rules:
|
|
- rule: allow
|
|
to_port: 22
|
|
protocol: tcp
|
|
comment: 'ssh'
|
|
from_ip: 0.0.0.0/0
|
|
- rule: allow
|
|
to_port: 4949
|
|
protocol: tcp
|
|
comment: 'munin'
|
|
from_ip: 192.168.2.144/24
|
|
# k3s1
|
|
- rule: allow
|
|
from_ip: 192.168.2.40
|
|
comment: 'nfs'
|
|
to_port: 2049
|
|
- rule: allow
|
|
from_ip: 192.168.2.40
|
|
comment: 'nfs'
|
|
to_port: 111
|
|
- rule: allow
|
|
from_ip: 192.168.2.40
|
|
comment: 'nfs'
|
|
to_port: "{{ nfs_port }}"
|