homeserver/group_vars/dnsmasq.yml
mg ce709e7918 systemd: chrony --> timesyncd (#329)
Co-authored-by: Michael Grote <michael.grote@posteo.de>
Reviewed-on: mg/ansible#329
Co-authored-by: mg <michael.grote@posteo.de>
Co-committed-by: mg <michael.grote@posteo.de>
2022-02-18 20:34:43 +01:00

93 lines
3.2 KiB
YAML

---
### oefenweb.ufw
ufw_rules:
- rule: allow
to_port: 22
protocol: tcp
comment: 'ssh'
from_ip: 0.0.0.0/0
- rule: allow
to_port: 4949
protocol: tcp
comment: 'munin'
from_ip: 192.168.2.144/24
- rule: allow
to_port: 53
comment: 'dns'
from_ip: 0.0.0.0/0
### mgrote.restic
restic_repository: "//192.168.2.36/restic"
### mgrote.systemd-timesyncd
ntp_timesyncd_servers: # weil pihole den fqdn nicht auflösen kann
- address: pool.ntp.org
options: iburst #optionaler parameter
### mgrote.apt_manage_sources
# wird leer gesetzt da dnsmasq NICHT den Router befragt und daher keine Lokalen Hostnamen abfragen kann
manage_sources_apt_proxy: ""
### geerlingguy.munin-node
munin_node_plugins:
- name: timesync
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status
- name: systemd_status
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status
- name: lvm_
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_
config: |
[lvm_*]
user root
- name: fail2ban
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
config: |
[fail2ban]
env.client /usr/bin/fail2ban-client
env.config_dir /etc/fail2ban
user root
- name: dnsmasq
src: https://git.mgrote.net/mg/mirror-dnsmasq-munin/raw/branch/master/dnsmasq
config: |
[dnsmasq]
env.logfile {{ dnsmasq_logfile }}
user root
- name: dnsresponse_192.168.2.1
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/network/dns/dnsresponse_
- name: dnsresponse_127.0.0.1
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/network/dns/dnsresponse_
config: |
[dnsresponse_*]
env.site www.heise.de
env.times 20
### mgrote.dnsmasq
# Welche DNS-Server soll dnsmasq anfragen?
dnsmasq_resolver:
- 9.9.9.9
- 1.1.1.1
dnsmasq_log_queries: true # has to be true for munin
dnsmasq_logfile: /var/log/dnsmasq.log
dnsmasq_blocklists:
- name: sysctl.org
state: present
url: http://sysctl.org/cameleon/hosts
- name: StevenBlack.1
state: present
url: https://raw.githubusercontent.com/StevenBlack/hosts/master/data/KADhosts/hosts
- name: StevenBlack.2
state: present
url: https://raw.githubusercontent.com/StevenBlack/hosts/master/data/add.Spam/hosts
- name: adaway.org
state: present
url: https://adaway.org/hosts.txt
- name: StevenBlack.3
state: present
url: https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
- name: developerdan.1
state: present
url: https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt
- name: developerdan.2
state: present
url: https://www.github.developerdan.com/hosts/lists/amp-hosts-extended.txt
dnsmasq_cache_size: 10000
dnsmasq_port: 53
dnsmasq_never_forward_domain: grote.lan
### mgrote.apt_manage_packages
apt_packages_extra:
- libnet-dns-perl # für munin: dnsresponse_*