mg
09720c1bb6
Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: mg/ansible#246 Co-authored-by: mg <michael.grote@posteo.de> Co-committed-by: mg <michael.grote@posteo.de>
103 lines
3.3 KiB
YAML
103 lines
3.3 KiB
YAML
---
|
|
### mgrote.apt_manage_sources
|
|
manage_sources_apt_proxy: ""
|
|
### mgrote.tor-node
|
|
tor_relay_name: tor1mgrote
|
|
tor_or_port: 9001
|
|
tor_socks_port: 0
|
|
tor_control_socket: 0
|
|
tor_contact_info: webmaster(at)mgrote(dot)net
|
|
tor_control_port: 9051
|
|
tor_mode: bridge
|
|
tor_bridge_port: 5555
|
|
### oefenweb.ufw
|
|
ufw_rules:
|
|
- rule: allow
|
|
to_port: 22
|
|
protocol: tcp
|
|
comment: 'ssh'
|
|
from_ip: 0.0.0.0/0
|
|
- rule: allow
|
|
to_port: 4949
|
|
protocol: tcp
|
|
comment: 'munin'
|
|
from_ip: 0.0.0.0/0
|
|
- rule: allow
|
|
to_port: "{{ tor_or_port }}"
|
|
protocol: tcp
|
|
comment: 'tor'
|
|
from_ip: 0.0.0.0/0
|
|
- rule: allow
|
|
to_port: "{{ tor_bridge_port }}"
|
|
protocol: tcp
|
|
comment: 'tor'
|
|
from_ip: 0.0.0.0/0
|
|
### geerlingguy.munin-node
|
|
munin_node_bind_port: "4949"
|
|
munin_node_allowed_cidrs: [0.0.0.0/0]
|
|
munin_node_plugins:
|
|
- name: chrony
|
|
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/chrony/chrony
|
|
- name: fail2ban
|
|
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
|
|
config: |
|
|
[fail2ban]
|
|
env.client /usr/bin/fail2ban-client
|
|
env.config_dir /etc/fail2ban
|
|
user root
|
|
- name: systemd_status
|
|
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status
|
|
- name: lvm_
|
|
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_
|
|
config: |
|
|
[lvm_*]
|
|
user root
|
|
- name: tor_traffic
|
|
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/tor/tor_
|
|
config: |
|
|
[tor_*]
|
|
user root
|
|
group root
|
|
env.torcachefile munin_tor_country_stats.json
|
|
env.torconnectmethod port
|
|
env.torgeoippath /usr/share/GeoIP/GeoIP.dat
|
|
env.tormaxcountries 15
|
|
env.torport {{ tor_control_port }}
|
|
env.torsocket /var/run/tor/control
|
|
- name: tor_bandwidth
|
|
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/tor/tor_
|
|
- name: tor_connections
|
|
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/tor/tor_
|
|
- name: tor_countries
|
|
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/tor/tor_
|
|
- name: tor_dormant
|
|
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/tor/tor_
|
|
- name: tor_routers
|
|
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/tor/tor_
|
|
### mgrote.ntp_chrony_server
|
|
ntp_chrony_timezone: "Europe/Berlin"
|
|
ntp_chrony_servers:
|
|
- address: ptbtime1.ptb.de
|
|
options: iburst
|
|
- address: ntp0.ewetel.de
|
|
options: iburst
|
|
### mgrote.tmux
|
|
tmux_conf_destination: "/home/mg/.tmux.conf"
|
|
tmux_bashrc_destination: "/home/mg/.bashrc"
|
|
tmux_standardsession_name: "default"
|
|
### mgrote.apt_manage_packages
|
|
apt_packages_extra:
|
|
- python3-stem # für munin-tor_
|
|
- geoip-bin # für munin-tor_
|
|
- geoip-database # für munin-tor_
|
|
- geoipupdate # für munin-tor_
|
|
- python3-geoip # für munin-tor_
|
|
- nyx # tor-cli-monitoring
|
|
- open-vm-tools
|
|
### mgrote.fail2ban
|
|
f2b_bantime: 3600
|
|
f2b_findtime: 600
|
|
f2b_maxretry: 3
|
|
f2b_send_email_report: false
|
|
### mgrote.restic
|
|
restic_enable_role: false
|