72 lines
1.8 KiB
YAML
72 lines
1.8 KiB
YAML
---
|
|
### PROXMOX
|
|
# fileserver3 ist ein LXC-Container; der Container ist "privileged" damit der Bind-Mount die richtigen Rechte bekommt
|
|
|
|
### oefenweb.ufw
|
|
ufw_rules:
|
|
- rule: allow
|
|
to_port: 22
|
|
protocol: tcp
|
|
comment: 'ssh'
|
|
from_ip: 0.0.0.0/0
|
|
- rule: allow
|
|
to_port: 4949
|
|
protocol: tcp
|
|
comment: 'munin'
|
|
from_ip: 192.168.2.0/24
|
|
- rule: allow
|
|
to_port: 9080
|
|
protocol: tcp
|
|
comment: 'promtail'
|
|
from_ip: 192.168.2.0/24
|
|
- rule: allow
|
|
to_port: 445
|
|
comment: 'smb'
|
|
from_ip: 0.0.0.0/0
|
|
- rule: allow
|
|
to_port: 139
|
|
comment: 'smb'
|
|
from_ip: 0.0.0.0/0
|
|
|
|
### mgrote_fileserver_smb
|
|
smb_workgroup: WORKGROUP
|
|
smb_min_protocol: "SMB2"
|
|
smb_client_min_protocol: "SMB2"
|
|
smb_client_max_protocol: "SMB3_11"
|
|
smb_enable_snapshots_dir: true
|
|
smb_enable_snapshots_shadow: true
|
|
|
|
### mgrote_munin_node
|
|
munin_node_plugins:
|
|
- name: chrony
|
|
src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/chrony/chrony
|
|
- name: systemd_status
|
|
src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/systemd/systemd_status
|
|
- name: systemd_mem
|
|
src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/systemd/systemd_mem
|
|
config: |
|
|
[systemd_mem]
|
|
env.all_services true
|
|
- name: fail2ban
|
|
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
|
|
config: |
|
|
[fail2ban]
|
|
env.client /usr/bin/fail2ban-client
|
|
env.config_dir /etc/fail2ban
|
|
user root
|
|
- name: samba
|
|
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/samba
|
|
config: |
|
|
[samba]
|
|
user root
|
|
group root
|
|
env.smbstatus /usr/bin/smbstatus
|
|
env.ignoreipcshare 1
|
|
|
|
### mgrote_apt_manage_packages
|
|
apt_packages_absent:
|
|
- nano
|
|
- snapd
|
|
- ubuntu-advantage-tools
|
|
- fwupd # weil LXC
|
|
- ubuntu-pro-client
|