2020-11-13 17:47:40 +00:00
|
|
|
nodes['home.router'] = {
|
2024-02-26 18:12:13 +00:00
|
|
|
'hostname': '172.19.138.1',
|
2020-11-13 20:41:24 +00:00
|
|
|
'bundles': {
|
2021-09-29 17:47:14 +00:00
|
|
|
'bird',
|
2024-02-26 06:27:47 +00:00
|
|
|
'jool',
|
2023-09-10 20:02:14 +00:00
|
|
|
'kea-dhcp-server',
|
2020-11-16 16:07:05 +00:00
|
|
|
'nginx',
|
2020-11-13 20:41:24 +00:00
|
|
|
'pppd',
|
2020-11-14 10:47:44 +00:00
|
|
|
'radvd',
|
2020-12-13 13:59:44 +00:00
|
|
|
'unbound',
|
2020-11-16 15:33:26 +00:00
|
|
|
'vnstat',
|
2020-11-14 10:34:16 +00:00
|
|
|
'wide-dhcp6c',
|
2020-11-21 14:38:38 +00:00
|
|
|
'wireguard',
|
2020-11-13 20:41:24 +00:00
|
|
|
},
|
2020-11-21 09:55:09 +00:00
|
|
|
'groups': {
|
2023-09-10 20:02:14 +00:00
|
|
|
'debian-bookworm',
|
2020-11-21 09:55:09 +00:00
|
|
|
},
|
2020-11-13 17:47:40 +00:00
|
|
|
'metadata': {
|
|
|
|
'interfaces': {
|
2023-03-27 11:52:08 +00:00
|
|
|
'enp1s0.1138': {
|
2020-11-13 17:47:40 +00:00
|
|
|
'ips': {
|
2023-03-27 11:52:08 +00:00
|
|
|
'172.19.138.1/24',
|
2024-02-26 18:27:18 +00:00
|
|
|
'fe80::1/64',
|
2020-11-13 17:47:40 +00:00
|
|
|
},
|
|
|
|
},
|
2023-03-27 11:52:08 +00:00
|
|
|
'enp1s0.1139': {
|
2020-11-13 17:47:40 +00:00
|
|
|
'ips': {
|
2023-03-27 11:52:08 +00:00
|
|
|
'172.19.139.1/24',
|
2024-02-26 18:27:18 +00:00
|
|
|
'fe80::1/64',
|
2024-02-25 19:50:25 +00:00
|
|
|
},
|
|
|
|
},
|
2021-04-24 12:32:27 +00:00
|
|
|
},
|
2020-11-13 17:47:40 +00:00
|
|
|
'backups': {
|
|
|
|
'exclude_from_backups': True,
|
|
|
|
},
|
2021-09-29 17:47:14 +00:00
|
|
|
'bird': {
|
|
|
|
'static_routes': {
|
|
|
|
'172.19.138.0/24',
|
|
|
|
'172.19.139.0/24',
|
|
|
|
},
|
|
|
|
},
|
2024-04-14 08:09:08 +00:00
|
|
|
'cron': {
|
|
|
|
'jobs': {
|
|
|
|
# Our internet provider resets the connection if you're
|
|
|
|
# connected longer than 24 hours. We install this cronjob
|
|
|
|
# to make sure we don't get disconnected randomly during the
|
|
|
|
# day.
|
2024-04-28 19:40:35 +00:00
|
|
|
'restart_pppd': r'23 2 * * * root systemctl restart pppoe && date -u +\%s > /var/tmp/pppd-last-restart.status',
|
2024-04-14 08:09:08 +00:00
|
|
|
},
|
|
|
|
},
|
2023-09-10 20:02:14 +00:00
|
|
|
'kea-dhcp-server': {
|
2020-12-06 18:52:32 +00:00
|
|
|
'subnets': {
|
2023-03-27 11:52:08 +00:00
|
|
|
'enp1s0.1138': {
|
2023-09-10 20:02:14 +00:00
|
|
|
'lower': '172.19.138.100',
|
|
|
|
'higher': '172.19.138.250',
|
2021-04-20 16:17:52 +00:00
|
|
|
'subnet': '172.19.138.0/24',
|
2020-12-06 18:52:32 +00:00
|
|
|
'options': {
|
2021-02-14 15:16:47 +00:00
|
|
|
'domain-name-servers': '172.19.138.1',
|
|
|
|
'routers': '172.19.138.1',
|
2020-12-06 18:52:32 +00:00
|
|
|
},
|
|
|
|
},
|
2023-03-27 11:52:08 +00:00
|
|
|
'enp1s0.1139': {
|
2023-09-10 20:02:14 +00:00
|
|
|
'lower': '172.19.139.200',
|
|
|
|
'higher': '172.19.139.250',
|
2023-03-27 11:52:08 +00:00
|
|
|
'subnet': '172.19.139.0/24',
|
|
|
|
'options': {
|
|
|
|
'domain-name-servers': '172.19.139.1',
|
|
|
|
'routers': '172.19.139.1',
|
|
|
|
},
|
|
|
|
},
|
2020-12-06 18:52:32 +00:00
|
|
|
},
|
|
|
|
},
|
2021-02-19 13:46:29 +00:00
|
|
|
'icinga_options': {
|
2021-07-17 07:18:20 +00:00
|
|
|
# override group default
|
2023-09-09 15:46:30 +00:00
|
|
|
'also_affected_by': atomic(set()),
|
2021-02-19 13:46:29 +00:00
|
|
|
# disabled on group level
|
2021-08-22 05:14:47 +00:00
|
|
|
# XXX reenable this once we can leave the house safely again
|
|
|
|
#'vars.notification.sms': True
|
2021-02-19 13:46:29 +00:00
|
|
|
},
|
2021-06-03 11:59:15 +00:00
|
|
|
'nftables': {
|
2023-09-24 18:59:58 +00:00
|
|
|
'forward': {
|
2021-12-14 13:03:13 +00:00
|
|
|
'50-router': [
|
2023-09-24 18:59:58 +00:00
|
|
|
'ct state { related, established } accept',
|
2024-02-25 19:55:53 +00:00
|
|
|
'iifname enp1s0.1138 accept',
|
2023-09-24 18:59:58 +00:00
|
|
|
'ip6 nexthdr ipv6-icmp accept',
|
|
|
|
'tcp dport 22 accept',
|
|
|
|
],
|
|
|
|
},
|
|
|
|
'prerouting': {
|
|
|
|
'50-router': [
|
|
|
|
'tcp dport 2022 dnat 172.19.138.20:22',
|
2021-12-14 13:03:13 +00:00
|
|
|
],
|
2021-06-03 11:59:15 +00:00
|
|
|
},
|
2020-11-13 21:39:09 +00:00
|
|
|
},
|
2020-11-16 16:07:05 +00:00
|
|
|
'nginx': {
|
2021-02-15 13:16:35 +00:00
|
|
|
'restrict-to': {
|
2021-04-04 09:30:50 +00:00
|
|
|
'172.19.136.0/25',
|
|
|
|
'172.19.138.0/24',
|
2024-03-06 22:02:18 +00:00
|
|
|
'htz-cloud.molly-connector',
|
2020-11-16 16:07:05 +00:00
|
|
|
},
|
2021-02-20 13:25:27 +00:00
|
|
|
'vhosts': {
|
|
|
|
'vnstat': {
|
2021-04-25 07:10:05 +00:00
|
|
|
'domain': 'router.home.kunbox.net',
|
|
|
|
'ssl': '_.home.kunbox.net',
|
2021-02-20 13:25:27 +00:00
|
|
|
},
|
|
|
|
},
|
2020-11-16 16:07:05 +00:00
|
|
|
},
|
2020-11-14 10:47:44 +00:00
|
|
|
'radvd': {
|
|
|
|
'interfaces': {
|
2024-02-25 19:50:25 +00:00
|
|
|
'enp1s0.1138': {
|
|
|
|
'rdnss': {
|
2024-02-26 18:27:18 +00:00
|
|
|
'fe80::1',
|
2024-02-25 19:50:25 +00:00
|
|
|
},
|
|
|
|
},
|
2024-02-26 18:27:18 +00:00
|
|
|
'enp1s0.1139': {
|
2024-02-25 19:50:25 +00:00
|
|
|
'rdnss': {
|
2024-02-26 18:27:18 +00:00
|
|
|
'fe80::1',
|
2024-02-25 19:50:25 +00:00
|
|
|
},
|
|
|
|
},
|
2020-11-14 10:47:44 +00:00
|
|
|
},
|
|
|
|
},
|
2021-03-15 10:41:35 +00:00
|
|
|
'postfix': {
|
|
|
|
'mynetworks': {
|
|
|
|
'172.19.138.0/24',
|
|
|
|
},
|
|
|
|
},
|
2020-11-13 20:41:24 +00:00
|
|
|
'pppd': {
|
|
|
|
'username': vault.decrypt('encrypt$gAAAAABfruZ5AZbgJ3mfMLWqIMx8o4bBRMJsDPD1jElh-vWN_gnhiuZVjrQ1-7Y6zDXNkxXiyhx8rxc2enmvo26axd7EBI8FqknCptXAPruVtDZrBCis4TE='),
|
|
|
|
'password': vault.decrypt('encrypt$gAAAAABfruaXEDkaFksFMU8g97ydWyJF8p2KcSDJJBlzaOLDsLL6oCDYjG1kMPVESOzqjn8ThtSht1uZDuMCstA-sATmLS-EWQ=='),
|
2023-03-27 11:52:08 +00:00
|
|
|
'interface': 'enp1s0.7',
|
2020-11-14 11:46:19 +00:00
|
|
|
'dyndns': {
|
2021-08-14 05:55:01 +00:00
|
|
|
'domain': 'franzi-home.kunbox.net',
|
2023-09-23 14:42:00 +00:00
|
|
|
'url': 'https://ns-mephisto.kunbox.net/nic/update?hostname=franzi-home.kunbox.net&myip={ips}',
|
2020-11-14 11:46:19 +00:00
|
|
|
'username': vault.decrypt('encrypt$gAAAAABfr8DLAJhmUIhdxLq83I8MnRRvkRgDZcO8Brvw1KpvplC3K8ZGj0jIIWD3Us33vIP6t0ybd_mgD8slpRUk78Kqd3BMoQ=='),
|
|
|
|
'password': vault.decrypt('encrypt$gAAAAABfr8Cq5M1hweeJTQAl0dLhFntdlw-QnkIYUQpY-_ycODVWOpyeAwjwOgWLSdsdXIUvqcoiXPZPV-BE12p5C42NGnj9r7sKYpoGz8xfuGIk6haMa2g='),
|
|
|
|
},
|
2021-12-14 15:18:11 +00:00
|
|
|
'nftables-rules.d': {
|
2023-03-29 16:15:51 +00:00
|
|
|
'inet filter forward iifname enp1s0.1139 oifname $INTERFACE accept',
|
2021-12-14 15:18:11 +00:00
|
|
|
},
|
2020-11-13 20:41:24 +00:00
|
|
|
},
|
2020-12-13 13:59:44 +00:00
|
|
|
'unbound': {
|
2024-02-26 18:27:18 +00:00
|
|
|
'dns64': False,
|
2021-02-15 13:16:35 +00:00
|
|
|
'restrict-to': {
|
|
|
|
'172.19.138.0/23',
|
2024-02-26 18:27:18 +00:00
|
|
|
'fe80::/64',
|
2020-12-13 13:59:44 +00:00
|
|
|
},
|
|
|
|
},
|
2020-11-15 09:07:29 +00:00
|
|
|
'users': {
|
2024-02-25 14:29:10 +00:00
|
|
|
'fkunsmann': {},
|
2020-11-15 09:07:29 +00:00
|
|
|
},
|
2020-11-16 15:33:26 +00:00
|
|
|
'vnstat': {
|
2023-03-27 11:52:08 +00:00
|
|
|
'interface': 'enp1s0.7',
|
2020-11-16 15:33:26 +00:00
|
|
|
},
|
2020-11-13 17:47:40 +00:00
|
|
|
'vm': {
|
|
|
|
'cpu': 2,
|
2022-12-11 16:43:33 +00:00
|
|
|
'ram': 4,
|
2020-11-13 17:47:40 +00:00
|
|
|
},
|
2020-11-14 10:34:16 +00:00
|
|
|
'wide-dhcp6c': {
|
|
|
|
'source': 'ppp0',
|
|
|
|
'targets': {
|
2023-03-27 11:52:08 +00:00
|
|
|
'enp1s0.1138': '1',
|
|
|
|
'enp1s0.1139': '2',
|
2020-11-14 10:34:16 +00:00
|
|
|
},
|
|
|
|
},
|
2020-11-21 14:38:38 +00:00
|
|
|
'wireguard': {
|
2023-09-10 19:19:23 +00:00
|
|
|
'snat_ip': '172.19.138.1',
|
2020-11-21 14:38:38 +00:00
|
|
|
},
|
2020-11-13 17:47:40 +00:00
|
|
|
},
|
|
|
|
}
|