135 lines
3.8 KiB
YAML
135 lines
3.8 KiB
YAML
---
|
|
### mgrote_systemd_resolved
|
|
systemd_resolved_nameserver: 9.9.9.9
|
|
|
|
### oefenweb.ufw
|
|
ufw_rules:
|
|
- rule: allow
|
|
to_port: 22
|
|
protocol: tcp
|
|
comment: 'ssh'
|
|
from_ip: 0.0.0.0/0
|
|
- rule: allow
|
|
to_port: 4949
|
|
protocol: tcp
|
|
comment: 'munin'
|
|
from_ip: 192.168.2.0/24
|
|
- rule: allow
|
|
to_port: 9080
|
|
protocol: tcp
|
|
comment: 'promtail'
|
|
from_ip: 192.168.2.0/24
|
|
- rule: allow
|
|
to_port: 53
|
|
comment: 'dns'
|
|
from_ip: 0.0.0.0/0
|
|
|
|
### mgrote.apt_manage_packages
|
|
apt_packages_extra:
|
|
- libnet-dns-perl # für munin: dnsresponse_
|
|
|
|
### mgrote_user_setup
|
|
dotfiles_vim_vundle_repo_url: "http://{{ ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@192.168.2.42:3000/mirrors/Vundle.vim.git"
|
|
dotfiles:
|
|
- user: mg
|
|
home: /home/mg
|
|
- user: root
|
|
home: /root
|
|
dotfiles_repo_url: http://192.168.2.42:3000/mg/dotfiles
|
|
|
|
### mgrote_restic
|
|
restic_repository: "//192.168.2.54/restic"
|
|
|
|
### mgrote_blocky
|
|
blocky_version: v0.24
|
|
blocky_block_type: zeroIp
|
|
blocky_local_upstream: 192.168.2.1
|
|
blocky_conditional_mapping: # optional
|
|
- domain: mgrote.net
|
|
resolver: 192.168.2.1
|
|
blocky_dns_upstream:
|
|
- 9.9.9.9
|
|
- 1.1.1.1
|
|
- 8.8.8.8
|
|
- 5.9.164.112
|
|
blocky_dns_blocklists:
|
|
- https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
|
|
- https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
|
|
- http://sysctl.org/cameleon/hosts
|
|
- https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
|
|
blocky_custom_lookups: # optional
|
|
# Internet
|
|
- name: wiki.mgrote.net
|
|
ip: 192.168.2.43
|
|
- name: audio.mgrote.net
|
|
ip: 192.168.2.43
|
|
- name: auth.mgrote.net
|
|
ip: 192.168.2.43
|
|
- name: ci.mgrote.net
|
|
ip: 192.168.2.43
|
|
- name: miniflux.mgrote.net
|
|
ip: 192.168.2.43
|
|
- name: nextcloud.mgrote.net
|
|
ip: 192.168.2.43
|
|
- name: registry.mgrote.net
|
|
ip: 192.168.2.43
|
|
- name: git.mgrote.net
|
|
ip: 192.168.2.43
|
|
# Intern
|
|
- name: ads2700w.mgrote.net
|
|
ip: 192.168.2.147
|
|
- name: crs305.mgrote.net
|
|
ip: 192.168.2.225
|
|
- name: hex.mgrote.net
|
|
ip: 192.168.3.144
|
|
- name: pbs-test.mgrote.net
|
|
ip: 192.168.2.18
|
|
- name: pbs.mgrote.net
|
|
ip: 192.168.3.239
|
|
- name: pve5-test.mgrote.net
|
|
ip: 192.168.2.17
|
|
- name: pve5.mgrote.net # bleibt im Router auch angelegt, weil wenn pve aus auch kein blocky mehr ;-)
|
|
ip: 192.168.2.16
|
|
- name: rb5009.mgrote.net
|
|
ip: 192.168.2.1
|
|
- name: fritz.box
|
|
ip: 192.168.5.1
|
|
- name: ldap.mgrote.net
|
|
ip: 192.168.2.47
|
|
- name: munin.mgrote.net
|
|
ip: 192.168.2.40
|
|
|
|
### mgrote_munin_node
|
|
# kann git.mgrote.net nicht auflösen, deshalb hiermit IP
|
|
munin_node_plugins:
|
|
- name: chrony
|
|
src: http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/chrony/chrony
|
|
- name: systemd_status
|
|
src: http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/systemd/systemd_status
|
|
- name: systemd_mem
|
|
src: http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/systemd/systemd_mem
|
|
config: |
|
|
[systemd_mem]
|
|
env.all_services true
|
|
- name: lvm_
|
|
src: http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/disk/lvm_
|
|
config: |
|
|
[lvm_*]
|
|
user root
|
|
- name: fail2ban
|
|
src: http://192.168.2.42:3000/mg/munin-plugins/raw/branch/master/extern/fail2ban
|
|
config: |
|
|
[fail2ban]
|
|
env.client /usr/bin/fail2ban-client
|
|
env.config_dir /etc/fail2ban
|
|
user root
|
|
- name: dnsresponse_192.168.2.1
|
|
src: http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/network/dns/dnsresponse_
|
|
- name: dnsresponse_192.168.2.37
|
|
src: http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/network/dns/dnsresponse_
|
|
- name: dnsresponse_127.0.0.1
|
|
src: http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/network/dns/dnsresponse_
|
|
config: |
|
|
[dnsresponse_*]
|
|
env.site www.heise.de
|
|
env.times 20
|