homeserver/group_vars/blocky.yml
Michael Grote c6281461f0
All checks were successful
ansible-lint / gitleaks (pull_request) Successful in 4s
ansible-lint / Ansible Lint (pull_request) Successful in 35s
changed Files: docker-compose/authelia/configuration.yml.j2
docker-compose/traefik/docker-compose.yml.j2
docker-compose/traefik/traefik.yml
group_vars/blocky.yml

Signed-off-by: Michael Grote <michael.grote@posteo.de>
2024-11-21 13:20:38 +00:00

131 lines
3.8 KiB
YAML

---
### mgrote_systemd_resolved
systemd_resolved_nameserver: 9.9.9.9
### oefenweb.ufw
ufw_rules:
- rule: allow
to_port: 22
protocol: tcp
comment: 'ssh'
from_ip: 0.0.0.0/0
- rule: allow
to_port: 4949
protocol: tcp
comment: 'munin'
from_ip: 192.168.2.0/24
- rule: allow
to_port: 53
comment: 'dns'
from_ip: 0.0.0.0/0
### mgrote.apt_manage_packages
apt_packages_extra:
- libnet-dns-perl # für munin: dnsresponse_
### mgrote_user_setup
dotfiles_vim_vundle_repo_url: "http://{{ ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@192.168.2.42:3000/mirrors/Vundle.vim.git"
dotfiles_repo_url: http://192.168.2.42:3000/mg/dotfiles
### mgrote_restic
restic_repository: "//192.168.2.54/restic"
### mgrote_blocky
blocky_version: v0.24
blocky_block_type: zeroIp
blocky_local_upstream: 192.168.2.1
blocky_conditional_mapping: # optional
- domain: mgrote.net
resolver: 192.168.2.1
blocky_dns_upstream:
- 9.9.9.9
- 1.1.1.1
- 8.8.8.8
- 5.9.164.112
blocky_dns_blocklists:
- https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
- https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
- http://sysctl.org/cameleon/hosts
- https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
blocky_custom_lookups: # optional
# Internet
- name: wiki.mgrote.net
ip: 192.168.2.43
- name: audio.mgrote.net
ip: 192.168.2.43
- name: auth.mgrote.net
ip: 192.168.2.43
- name: ci.mgrote.net
ip: 192.168.2.43
- name: miniflux.mgrote.net
ip: 192.168.2.43
- name: nextcloud.mgrote.net
ip: 192.168.2.43
- name: registry.mgrote.net
ip: 192.168.2.43
- name: git.mgrote.net
ip: 192.168.2.43
# Intern
- name: ads2700w.mgrote.net
ip: 192.168.2.147
- name: crs305.mgrote.net
ip: 192.168.2.225
- name: hex.mgrote.net
ip: 192.168.3.144
- name: pbs-test.mgrote.net
ip: 192.168.2.18
- name: pbs.mgrote.net
ip: 192.168.3.239
- name: pve5-test.mgrote.net
ip: 192.168.2.17
- name: pve5.mgrote.net # bleibt im Router auch angelegt, weil wenn pve aus auch kein blocky mehr ;-)
ip: 192.168.2.16
- name: rb5009.mgrote.net
ip: 192.168.2.1
- name: fritz.box
ip: 192.168.5.1
- name: ldap.mgrote.net
ip: 192.168.2.43
- name: munin.mgrote.net
ip: 192.168.2.40
- name: s3.mgrote.net
ip: 192.168.2.43
- name: rui.mgrote.net
ip: 192.168.2.43
- name: traefik.mgrote.net # kein oeffentlicher DNS-Record
ip: 192.168.2.43
### mgrote_munin_node
# kann git.mgrote.net nicht auflösen, deshalb hiermit IP
munin_node_plugins:
- name: chrony
src: http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/chrony/chrony
- name: systemd_status
src: http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/systemd/systemd_status
- name: systemd_mem
src: http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/systemd/systemd_mem
config: |
[systemd_mem]
env.all_services true
- name: lvm_
src: http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/disk/lvm_
config: |
[lvm_*]
user root
- name: fail2ban
src: http://192.168.2.42:3000/mg/munin-plugins/raw/branch/master/extern/fail2ban
config: |
[fail2ban]
env.client /usr/bin/fail2ban-client
env.config_dir /etc/fail2ban
user root
- name: dnsresponse_192.168.2.1
src: http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/network/dns/dnsresponse_
- name: dnsresponse_192.168.2.37
src: http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/network/dns/dnsresponse_
- name: dnsresponse_127.0.0.1
src: http://192.168.2.42:3000/mirrors/munin-contrib/raw/branch/master/plugins/network/dns/dnsresponse_
config: |
[dnsresponse_*]
env.site www.heise.de
env.times 20