Franziska Kunsmann
4823653214
All checks were successful
kunsi/bundlewrap/pipeline/head This commit looks good
Something in the combination of arch+zfs+netctl+resolved+ipv6 leads to hanging dns, which in turn leads to hanging everything.
104 lines
2.8 KiB
Python
104 lines
2.8 KiB
Python
# My own laptop.
|
|
|
|
nodes['kunsi-t470'] = {
|
|
'dummy': True,
|
|
'hostname': 'no',
|
|
'bundles': {
|
|
'lldp',
|
|
'lm-sensors',
|
|
'nfs-client',
|
|
'telegraf-battery-usage',
|
|
},
|
|
'groups': {
|
|
'arch',
|
|
},
|
|
'metadata': {
|
|
'timezone': 'Europe/Berlin',
|
|
'icinga_options': {
|
|
'exclude_from_monitoring': True,
|
|
},
|
|
'hosts': {
|
|
'entries': {
|
|
'10.101.64.10': {
|
|
'www.wifionice.de',
|
|
'wifionice.de',
|
|
},
|
|
},
|
|
},
|
|
'interfaces': {
|
|
'br0': {
|
|
'dhcp': True,
|
|
'use_dhcp_domains': True,
|
|
'send_hostname': False,
|
|
},
|
|
# there is also wlp4s0, but that's managed by netctl
|
|
},
|
|
'firewall': {
|
|
'port_rules': {
|
|
# obs websocket thingie - just allow all RFC1918 ips here
|
|
'4444': {
|
|
'10.0.0.0/8',
|
|
'172.16.0.0/12',
|
|
'192.168.0.0/16',
|
|
},
|
|
# For the occasional file-share using `python -m http.server`
|
|
'8000': {'*'},
|
|
},
|
|
},
|
|
'locale': {
|
|
'default': 'en_DK.UTF-8',
|
|
},
|
|
'nfs-client': {
|
|
'mounts': {
|
|
'nas-scansnap': {
|
|
'mountpoint': '/mnt/scansnap',
|
|
'serverpath': '172.19.138.20:/srv/scansnap',
|
|
'mount_options': {
|
|
'retry=0',
|
|
'rw',
|
|
},
|
|
},
|
|
'nas-storage': {
|
|
'mountpoint': '/mnt/nas',
|
|
'serverpath': '172.19.138.20:/storage/nas',
|
|
'mount_options': {
|
|
'retry=0',
|
|
'ro',
|
|
},
|
|
},
|
|
},
|
|
},
|
|
'openssh': {
|
|
'restrict-to': {
|
|
'10.0.0.0/8',
|
|
'172.16.0.0/12',
|
|
'192.168.0.0/16',
|
|
'ipv6',
|
|
},
|
|
},
|
|
'pacman': {
|
|
'install_gui': True,
|
|
},
|
|
'systemd-networkd': {
|
|
'bridges': {
|
|
'br0': {
|
|
'match': {
|
|
'enp0s31f6',
|
|
},
|
|
},
|
|
},
|
|
},
|
|
'users': {
|
|
'kunsi': {
|
|
'password': vault.decrypt('encrypt$gAAAAABgLmmuQGRUStrQawoPee-758emIYn2u8-8ebrgzNAFSp7ifeFDdXXvs-zL3QogwNYlCtBHboH2xfy1rSj6OF5bbNO-tg=='),
|
|
'shell': '/usr/bin/fish',
|
|
# FIXME move qemu VMs out of /home/kunsi
|
|
'home-mode': '0755',
|
|
},
|
|
'sophie': {
|
|
'delete': True,
|
|
},
|
|
},
|
|
},
|
|
'os': 'arch',
|
|
}
|