169 lines
4.9 KiB
Python
169 lines
4.9 KiB
Python
nodes['kunsi-p14s'] = {
|
|
'hostname': 'localhost',
|
|
'bundles': {
|
|
'arch-with-gui',
|
|
'backup-client',
|
|
'lldp',
|
|
'lm-sensors',
|
|
#'nfs-client',
|
|
'telegraf-battery-usage',
|
|
'zfs',
|
|
},
|
|
'groups': {
|
|
'arch',
|
|
},
|
|
'metadata': {
|
|
'arch-with-gui': {
|
|
'autologin': {
|
|
'username': 'kunsi',
|
|
'session': 'i3.desktop',
|
|
},
|
|
'i3pystatus': {
|
|
'deps': {
|
|
'colour',
|
|
'netifaces',
|
|
'basiciw',
|
|
},
|
|
},
|
|
},
|
|
'backup-client': {
|
|
# only alert people if we're missing more than a week of backups
|
|
'one_backup_every_hours': 7 * 24,
|
|
},
|
|
'firewall': {
|
|
'port_rules': {
|
|
# obs websocket thingie - just allow all RFC1918 ips here
|
|
#'4444': {
|
|
# '10.0.0.0/8',
|
|
# '172.16.0.0/12',
|
|
# '192.168.0.0/16',
|
|
#},
|
|
# For the occasional file-share using `python -m http.server`
|
|
'8000': {'*'},
|
|
},
|
|
},
|
|
#'hosts': {
|
|
# 'entries': {
|
|
# '10.101.64.10': {
|
|
# 'www.wifionice.de',
|
|
# 'wifionice.de',
|
|
# },
|
|
# },
|
|
#},
|
|
'icinga_options': {
|
|
'exclude_from_monitoring': True,
|
|
},
|
|
'interfaces': {
|
|
'enp2s0f0': {
|
|
'dhcp': True,
|
|
},
|
|
'enp5s0': {
|
|
'ips': {
|
|
'172.19.138.90',
|
|
},
|
|
'gateway4': '172.19.138.1',
|
|
},
|
|
# there is also wlp3s0, but that's managed by netctl
|
|
},
|
|
#'nfs-client': {
|
|
# 'mounts': {
|
|
# 'nas-scansnap': {
|
|
# 'mountpoint': '/mnt/scansnap',
|
|
# 'serverpath': '172.19.138.20:/srv/scansnap',
|
|
# 'mount_options': {
|
|
# 'retry=0',
|
|
# 'rw',
|
|
# },
|
|
# },
|
|
# 'nas-storage': {
|
|
# 'mountpoint': '/mnt/nas',
|
|
# 'serverpath': '172.19.138.20:/storage/nas',
|
|
# 'mount_options': {
|
|
# 'retry=0',
|
|
# 'ro',
|
|
# },
|
|
# },
|
|
# },
|
|
#},
|
|
'openssh': {
|
|
'restrict-to': {
|
|
'rfc1918',
|
|
'ipv6',
|
|
},
|
|
},
|
|
'pacman': {
|
|
'linux-lts': True,
|
|
'packages': {
|
|
# for hardware support
|
|
'amd-ucode': {},
|
|
'mesa': {},
|
|
|
|
# various video drivers
|
|
'libva-mesa-driver': {},
|
|
'mesa-vdpau': {},
|
|
'xf86-input-wacom': {},
|
|
'xf86-video-amdgpu': {},
|
|
|
|
# for i3pystatus
|
|
'iw': {},
|
|
'wireless_tools': {},
|
|
|
|
# all that other random stuff one needs
|
|
'browserpass': {},
|
|
'browserpass-firefox': {},
|
|
'claws-mail': {},
|
|
'claws-mail-themes': {},
|
|
'dunst': {},
|
|
'ferdi-bin': {},
|
|
'mosh': {},
|
|
'mosquitto': {},
|
|
'pass': {},
|
|
'pass-otp': {},
|
|
'xclip': {},
|
|
},
|
|
},
|
|
'systemd-networkd': {
|
|
'enable-resolved': True,
|
|
},
|
|
'timezone': 'Europe/Berlin',
|
|
'users': {
|
|
'kunsi': {
|
|
'password': vault.decrypt('encrypt$gAAAAABgLmmuQGRUStrQawoPee-758emIYn2u8-8ebrgzNAFSp7ifeFDdXXvs-zL3QogwNYlCtBHboH2xfy1rSj6OF5bbNO-tg=='),
|
|
'shell': '/usr/bin/fish',
|
|
},
|
|
'sophie': {
|
|
'delete': True,
|
|
},
|
|
},
|
|
'zfs': {
|
|
'datasets': {
|
|
# this is not a complete list, but we can't create that
|
|
# structure using bundlewrap anyway, so there's no point
|
|
# in adding it here.
|
|
'zroot/system/journal': {
|
|
'mountpoint': '/var/log/journal',
|
|
'acltype': 'posix',
|
|
},
|
|
'zroot/system/root': {
|
|
'canmount': 'noauto',
|
|
'mountpoint': '/',
|
|
},
|
|
'zroot/user/kunsi': {
|
|
'mountpoint': '/home/kunsi',
|
|
},
|
|
},
|
|
'snapshots': {
|
|
'retain_per_dataset': {
|
|
'zroot/user/kunsi': {
|
|
# juuuuuuuust to be sure
|
|
'hourly': 100,
|
|
},
|
|
},
|
|
'snapshot_never': {
|
|
'zroot/system/journal',
|
|
},
|
|
},
|
|
},
|
|
},
|
|
'os': 'arch',
|
|
}
|