Franziska Kunsmann
bd10dc578f
Some checks failed
kunsi/bundlewrap/pipeline/head There was a failure building this commit
We don't care about what the DNS provider said when updating the ip address. The only thing we care about is wether the current external ip of the system matches the resolved ip address.
245 lines
9.3 KiB
Python
245 lines
9.3 KiB
Python
nodes['home.router'] = {
|
|
'hostname': '172.19.138.1',
|
|
'bundles': {
|
|
'dhcpd',
|
|
'nginx',
|
|
'openvpn-client',
|
|
'pppd',
|
|
'radvd',
|
|
'unbound',
|
|
'vnstat',
|
|
'wide-dhcp6c',
|
|
'wireguard',
|
|
},
|
|
'groups': {
|
|
'debian-bullseye',
|
|
},
|
|
'metadata': {
|
|
'interfaces': {
|
|
'enp1s0.23': {
|
|
'ips': {
|
|
'172.19.139.1/24',
|
|
},
|
|
},
|
|
'enp1s0.42': {
|
|
'ips': {
|
|
'172.19.138.1/24',
|
|
},
|
|
},
|
|
'enp1s0.100': {
|
|
'ignore': True,
|
|
},
|
|
},
|
|
'apt': {
|
|
'packages': {
|
|
# for telegraf
|
|
'snmp': {},
|
|
'snmp-mibs-downloader': {},
|
|
},
|
|
|
|
# XXX remove this once nginx.org has packages for debian bullseye
|
|
'repos': {
|
|
'nginx': {
|
|
'items': atomic({
|
|
'deb http://nginx.org/packages/debian buster nginx',
|
|
}),
|
|
},
|
|
},
|
|
},
|
|
'backups': {
|
|
'exclude_from_backups': True,
|
|
},
|
|
'cron': {
|
|
# Our internet provider resets the connection if you're
|
|
# connected longer than 24 hours. We install this cronjob
|
|
# to make sure we don't get disconnected randomly during the
|
|
# day.
|
|
'restart_pppd': '23 2 * * * root systemctl restart pppoe && date -u +\%s > /var/tmp/pppd-last-restart.status',
|
|
},
|
|
'dhcpd': {
|
|
'subnets': {
|
|
'enp1s0.23': {
|
|
'range_lower': '172.19.139.200',
|
|
'range_higher': '172.19.139.250',
|
|
'subnet': '172.19.139.0/24',
|
|
'options': {
|
|
'broadcast-address': '172.19.139.255',
|
|
'domain-name-servers': '172.19.139.1',
|
|
'routers': '172.19.139.1',
|
|
'subnet-mask': '255.255.255.0',
|
|
},
|
|
},
|
|
'enp1s0.42': {
|
|
'range_lower': '172.19.138.100',
|
|
'range_higher': '172.19.138.250',
|
|
'subnet': '172.19.138.0/24',
|
|
'options': {
|
|
'broadcast-address': '172.19.138.255',
|
|
'domain-name': 'franzi-home.kunbox.net',
|
|
'domain-name-servers': '172.19.138.1',
|
|
'domain-search': 'home.kunbox.net',
|
|
'routers': '172.19.138.1',
|
|
'subnet-mask': '255.255.255.0',
|
|
},
|
|
},
|
|
},
|
|
},
|
|
'icinga_options': {
|
|
# override group default
|
|
'also_affected_by': atomic({
|
|
'home.nas',
|
|
'ovh.wireguard',
|
|
}),
|
|
# disabled on group level
|
|
'vars.notification.sms': True
|
|
},
|
|
'nftables': {
|
|
'rules': {
|
|
'forward': {
|
|
'router': [
|
|
# This is a router. Allow forwarding traffic for internal networks.
|
|
'ct state { related, established } accept',
|
|
'iif enp1s0.23 oif ppp0 accept',
|
|
'iif enp1s0.42 accept',
|
|
|
|
# yaaaaay, IPv6! No NAT!
|
|
'ip6 nexthdr ipv6-icmp accept',
|
|
'tcp dport 22 accept',
|
|
],
|
|
},
|
|
'nat_prerouting': [
|
|
'tcp dport 2022 dnat 172.19.138.20:22',
|
|
],
|
|
'nat_postrouting': [
|
|
'oif tun0 masquerade',
|
|
],
|
|
},
|
|
},
|
|
'nginx': {
|
|
'restrict-to': {
|
|
'172.19.136.0/25',
|
|
'172.19.138.0/24',
|
|
},
|
|
'vhosts': {
|
|
'vnstat': {
|
|
'domain': 'router.home.kunbox.net',
|
|
'ssl': '_.home.kunbox.net',
|
|
},
|
|
},
|
|
},
|
|
'openvpn-client': {
|
|
'configs': {
|
|
'c3voc',
|
|
},
|
|
},
|
|
'radvd': {
|
|
'interfaces': {
|
|
'enp1s0.23': {},
|
|
'enp1s0.42': {},
|
|
},
|
|
},
|
|
'postfix': {
|
|
'mynetworks': {
|
|
'172.19.138.0/24',
|
|
},
|
|
},
|
|
'pppd': {
|
|
'username': vault.decrypt('encrypt$gAAAAABfruZ5AZbgJ3mfMLWqIMx8o4bBRMJsDPD1jElh-vWN_gnhiuZVjrQ1-7Y6zDXNkxXiyhx8rxc2enmvo26axd7EBI8FqknCptXAPruVtDZrBCis4TE='),
|
|
'password': vault.decrypt('encrypt$gAAAAABfruaXEDkaFksFMU8g97ydWyJF8p2KcSDJJBlzaOLDsLL6oCDYjG1kMPVESOzqjn8ThtSht1uZDuMCstA-sATmLS-EWQ=='),
|
|
'interface': 'enp1s0.100',
|
|
'dyndns': {
|
|
'domain': 'franzi-home.kunbox.net',
|
|
'url': 'https://ns-1.kunbox.net/nic/update?hostname=franzi-home.kunbox.net&myip={ip}',
|
|
'username': vault.decrypt('encrypt$gAAAAABfr8DLAJhmUIhdxLq83I8MnRRvkRgDZcO8Brvw1KpvplC3K8ZGj0jIIWD3Us33vIP6t0ybd_mgD8slpRUk78Kqd3BMoQ=='),
|
|
'password': vault.decrypt('encrypt$gAAAAABfr8Cq5M1hweeJTQAl0dLhFntdlw-QnkIYUQpY-_ycODVWOpyeAwjwOgWLSdsdXIUvqcoiXPZPV-BE12p5C42NGnj9r7sKYpoGz8xfuGIk6haMa2g='),
|
|
},
|
|
},
|
|
'unbound': {
|
|
'restrict-to': {
|
|
'172.19.138.0/23',
|
|
},
|
|
},
|
|
'telegraf': {
|
|
'input_plugins': {
|
|
'builtin': {
|
|
'snmp': [
|
|
{
|
|
'agents': ['udp://172.19.138.2'],
|
|
'agent_host_tag': 'host',
|
|
'table': [{'oid': 'IF-MIB::ifTable'}],
|
|
'interval': '10s',
|
|
},
|
|
{
|
|
'agents': ['udp://172.19.138.3'],
|
|
'agent_host_tag': 'host',
|
|
'field': [
|
|
{'oid': 'SNMPv2-SMI::mib-2.33.1.2.3.0', 'name': 'battery_runtime_to_empty'},
|
|
{'oid': 'SNMPv2-SMI::mib-2.33.1.2.4.0', 'name': 'battery_capacity'},
|
|
{'oid': 'SNMPv2-SMI::mib-2.33.1.2.5.0', 'name': 'battery_voltage', 'conversion': 'float(1)'},
|
|
{'oid': 'SNMPv2-SMI::mib-2.33.1.2.6.0', 'name': 'battery_current', 'conversion': 'float(1)'},
|
|
{'oid': 'SNMPv2-SMI::mib-2.33.1.3.3.1.2.1', 'name': 'input_frequency', 'conversion': 'float(1)'},
|
|
{'oid': 'SNMPv2-SMI::mib-2.33.1.3.3.1.3.1', 'name': 'input_voltage'},
|
|
{'oid': 'SNMPv2-SMI::mib-2.33.1.4.2.0', 'name': 'output_frequency', 'conversion': 'float(1)'},
|
|
{'oid': 'SNMPv2-SMI::mib-2.33.1.4.4.1.2.1', 'name': 'output_voltage'},
|
|
{'oid': 'SNMPv2-SMI::mib-2.33.1.4.4.1.3.1', 'name': 'output_frequency', 'conversion': 'float(1)'},
|
|
{'oid': 'SNMPv2-SMI::mib-2.33.1.4.4.1.4.1', 'name': 'output_watts'},
|
|
{'oid': 'SNMPv2-SMI::mib-2.33.1.4.4.1.5.1', 'name': 'output_percent'},
|
|
],
|
|
'interval': '10s',
|
|
},
|
|
{
|
|
'agents': ['udp://172.19.138.41'],
|
|
'agent_host_tag': 'host',
|
|
'table': [{'oid': 'IF-MIB::ifTable'}],
|
|
},
|
|
],
|
|
},
|
|
},
|
|
},
|
|
'users': {
|
|
'f2k1de': {
|
|
'ssh_pubkey': {
|
|
'command="/bin/false",no-pty ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGrvhqC/tZzpLMs/qy+1xNSVi2mfn8LXPIEhh7dcGn9e',
|
|
'command="/bin/false",no-pty ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDH5+j2vDW1FHSSEEI/Sf5qiKJq1uoxGO5BPv84mqohvol7GxDFObv69tn7g6HYfZY/SaS75C4ZXy+cKa0xy8UCpF0SBa2xHASkenS9v55oweDL4rYSPARzn2XKt3RFJG/d8V5NOWtcyq5DFSzewUF35E4hx1pUc/CIxgJEem5ZvzvN0hlIKXUN2djkVUx+mz6RryBysLTJEFBamjJxIkvDG/PZU73W4SHaKAYV4Ojz2NY7T5/NYKePfIU5F9pkE3RU0LRj58usvA1eP0PvEArWlGNCd8EJU+HQ5xr2dZ6MKPpEyG0KJkC88DuapeF5RwUV53ZhNpF+QgzpI72fH5up',
|
|
},
|
|
},
|
|
'fkunsmann': {
|
|
'sudo_commands': {
|
|
'ALL',
|
|
},
|
|
},
|
|
},
|
|
'sysctl': {
|
|
'options': {
|
|
'net.ipv4.ip_forward': '1',
|
|
'net.ipv6.conf.all.forwarding': '1',
|
|
},
|
|
},
|
|
'vnstat': {
|
|
'generate-web-dashboard': True,
|
|
'interface': 'enp1s0.100',
|
|
},
|
|
'vm': {
|
|
'cpu': 2,
|
|
'ram': 2,
|
|
},
|
|
'wide-dhcp6c': {
|
|
'source': 'ppp0',
|
|
'targets': {
|
|
'enp1s0.23': '2',
|
|
'enp1s0.42': '1',
|
|
},
|
|
},
|
|
'wireguard': {
|
|
'external_hostname': 'franzi-home.kunbox.net', # Set via DynDNS
|
|
'my_ip': '172.19.136.2/22',
|
|
'peers': {
|
|
'ovh.wireguard': {},
|
|
},
|
|
'subnets': {
|
|
'172.19.138.0/24',
|
|
'172.19.139.0/24',
|
|
},
|
|
},
|
|
},
|
|
}
|