# My own laptop. nodes['kunsi-t470'] = { 'hostname': 'localhost', 'bundles': { 'lldp', 'lm-sensors', 'nfs-client', 'telegraf-battery-usage', }, 'groups': { 'arch', }, 'metadata': { 'timezone': 'Europe/Berlin', 'icinga_options': { 'exclude_from_monitoring': True, }, 'hosts': { 'entries': { '10.101.64.10': { 'www.wifionice.de', 'wifionice.de', }, }, }, 'interfaces': { 'br0': { 'dhcp': True, 'use_dhcp_domains': True, 'send_hostname': False, }, # there is also wlp4s0, but that's managed by netctl }, 'firewall': { 'port_rules': { # obs websocket thingie - just allow all RFC1918 ips here '4444': { '10.0.0.0/8', '172.16.0.0/12', '192.168.0.0/16', }, # For the occasional file-share using `python -m http.server` '8000': {'*'}, }, }, 'locale': { 'default': 'en_DK.UTF-8', }, 'nfs-client': { 'mounts': { 'nas-scansnap': { 'mountpoint': '/mnt/scansnap', 'serverpath': '172.19.138.20:/srv/scansnap', 'mount_options': { 'retry=0', 'rw', }, }, 'nas-storage': { 'mountpoint': '/mnt/nas', 'serverpath': '172.19.138.20:/storage/nas', 'mount_options': { 'retry=0', 'ro', }, }, }, }, 'openssh': { 'restrict-to': { '10.0.0.0/8', '172.16.0.0/12', '192.168.0.0/16', 'ipv6', }, }, 'pacman': { 'install_gui': True, }, 'systemd-networkd': { 'enable-resolved': True, 'bridges': { 'br0': { 'match': { 'enp0s31f6', }, }, }, }, 'users': { 'kunsi': { 'password': vault.decrypt('encrypt$gAAAAABgLmmuQGRUStrQawoPee-758emIYn2u8-8ebrgzNAFSp7ifeFDdXXvs-zL3QogwNYlCtBHboH2xfy1rSj6OF5bbNO-tg=='), 'shell': '/usr/bin/fish', # FIXME move qemu VMs out of /home/kunsi 'home-mode': '0755', }, 'sophie': { 'delete': True, }, }, }, 'os': 'arch', }