dustin/configpolicy: Ansible configuration policy for the private network/home lab of Dustin C. Hatch - configpolicy - Gitea: Git with a cup of tea

dustin/configpolicy

Go to file

Dustin C. Hatch 84313601ef roles/named: Implement response policy zones

BIND response policy zones (RPZ) support provides a mechanism for
overriding the responses to DNS queries based on a wide range of
criteria.  In the simplest form, a response policy zone can be used to
provide different responses to different clients, or "block" some DNS
names.

For the Pyrocufflink and related networks, I plan to use an RPZ to
implement ad/tracker blocking.  The goal will be to generate an RPZ
definition from a collection of host lists (e.g. those used by uBlock
Origin) periodically.

This commit introduces basic support for RPZ configuration in the
*named* role.  It can be activated by providing a list of "response
policy" definitions (e.g. `zone "name"`) in the `named_response_policy`
variable, and defining the corresponding zones in `named_zones`.

2020-09-06 10:40:01 -05:00

.certs @ 654b52b608

websites/darkchestofwonders.us: Use Lego cert

2020-03-17 08:45:34 -05:00

hassdb: Fix playbook

2020-08-29 14:22:17 -05:00

ci: Add Jenkins pipeline for Home Assistant

2020-08-29 14:34:50 -05:00

roles/named: Implement response policy zones

2020-09-06 10:40:01 -05:00

roles/named: Implement response policy zones

2020-09-06 10:40:01 -05:00

passwords/kojiweb_secret

hosts: Add koji0.pyrocufflink.blue

2018-08-12 10:27:20 -05:00

roles/named: Implement response policy zones

2020-09-06 10:40:01 -05:00

Add rw-root group

2020-08-29 08:53:28 -05:00

Merge branch 'graylog' into master

2020-08-31 20:17:12 -05:00

.gitignore

Protect vault secret with GPG

2018-01-29 15:11:07 -06:00

.gitmodules

certs: Add certificates submodule

2020-02-22 16:28:06 -06:00

.vault-secret.sh

Protect vault secret with GPG

2018-01-29 15:11:07 -06:00

ansible.cfg

ansible.cfg: Disable stupid group name warning

2019-09-19 19:50:35 -05:00

ansible.yml

ansible: Install Ansible

2018-04-08 12:20:03 -05:00

aria2.yml

aria2: Deploy aria2 download manager

2018-08-19 14:17:48 -05:00

base.yml

base: Base playbook

2018-01-29 15:03:45 -06:00

bitwarden_rs.yml

bitwarden_rs: Deploy Bitwarden_rs using Docker

2019-09-19 19:27:29 -05:00

burp-client.yml

burp-client: Apply the cronie role

2019-09-19 19:27:30 -05:00

burp-server.yml

burp-{client,server}: PBs to deploy BURP

2018-08-08 20:14:25 -05:00

certbot.yml

certbot: Playbook to deploy certbot

2018-06-13 22:23:27 -05:00

dch-gw.yml

dch-gw: Initial commit

2018-03-27 20:44:43 -05:00

dch-proxy.yml

dch-proxy: PB to deploy HAProxy

2018-07-01 15:19:20 -05:00

dch-root-ca.crt

pyrocufflink: Trust DCH Root CA

2018-06-04 20:03:55 -05:00

dch-vpn.yml

Move VPN server to dedicated VM

2018-10-07 21:42:18 -05:00

dhcpcd.yml

dhcpcd: Install and configure dhcpcd

2018-03-13 23:19:50 -05:00

dhcpd.yml

dhcpd: Install and configure ISC DHCPD

2018-03-27 20:44:43 -05:00

docker.yml

roles/docker: Install and set up Docker daemon

2019-09-19 19:27:12 -05:00

domain-controller.yml

domain-controller: Configure local AD authentication

2018-03-11 18:16:17 -05:00

dyngroups.yml

dyngroups: Dynamic host classification

2018-03-27 20:44:43 -05:00

fileserver.yml

fileserver: Configure Apache ~user directories

2019-01-04 20:52:23 -06:00

firewalld.yml

firewalld: Playbook to bootstrap firewalld

2018-01-29 15:11:07 -06:00

gitea.yml

gitea: Restrict SSH configuration

2018-06-06 21:45:36 -05:00

graylog.yml

graylog: Add PB to deploy Graylog server

2019-10-28 18:47:09 -05:00

hassdb.yml

hassdb: Fix playbook

2020-08-29 14:22:17 -05:00

homeassistant.yml

homeassistant: Do not apply hass-dhcp

2020-07-04 14:25:16 -05:00

hostname.yml

hostname: Also write /etc/hosts

2018-04-08 10:11:43 -05:00

hosts

Merge branch 'graylog' into master

2020-08-31 20:17:12 -05:00

hosts.offline

hosts: Move burp0, taiga0 to offline

2020-08-28 21:13:59 -05:00

jenkins-slave.yml

jenkins-slave: Apply ssh-hostkeys role

2018-04-08 12:32:02 -05:00

koji-builder.yml

koji: Add playbooks for Koji

2018-08-12 10:14:25 -05:00

koji-hub.yml

koji: Add playbooks for Koji

2018-08-12 10:14:25 -05:00

koji-web.yml

koji: Add playbooks for Koji

2018-08-12 10:14:25 -05:00

koji.yml

koji: Add playbooks for Koji

2018-08-12 10:14:25 -05:00

named-server.yml

named-server: Playbook to deploy BIND

2018-01-29 15:10:04 -06:00

net-ifaces.yml

net-ifaces: PB to apply net-ifaces role

2018-07-23 17:35:10 -05:00

network.yml

network: Playbook to configure networking

2018-03-27 20:44:43 -05:00

nextcloud.yml

nextcloud: Deploy Nextcloud w/ Apache+PHP-FPM

2020-03-09 20:18:07 -05:00

ntp.yml

ntp: Initial PB and role to set up ntpd

2018-04-22 11:19:22 -05:00

postgresql.yml

postgresql: PB to deploy PostgreSQL server

2018-04-14 15:28:46 -05:00

pyrocufflink.yml

pyrocufflink: Trust DCH Root CA

2018-06-04 20:03:55 -05:00

radius.yml

radius: PB to configure RADIUS servers

2018-05-06 13:09:18 -05:00

radvd.yml

radvd: Install and configure radvd

2018-03-27 20:44:43 -05:00

remount.yml

remount: PB to remount read-only filesystems

2018-04-15 13:45:38 -05:00

rngd.yml

rngd: PB to set up rngd

2018-08-13 20:25:22 -05:00

samba-dc.yml

samba-dc: Configure samba4 winbind

2018-03-11 18:16:17 -05:00

smtp-relay.yml

smtp-relay: PB to deploy Postfix SMTP relay

2018-04-15 11:38:51 -05:00

squid.yml

squid: Add role and PB to deploy Squid

2018-08-12 16:00:32 -05:00

taiga.yml

taiga: Add playbook for Taiga

2019-09-19 19:51:45 -05:00

vmhost.yml

vmhost: PB to set up VM hosts

2018-07-23 17:35:10 -05:00

websites.yml

websites/darkchestofwonders.us: Use Lego cert

2020-03-17 08:45:34 -05:00

wheelhost.yml

wheelhost: Publish wheels built by Jenkins

2019-03-22 10:19:27 -05:00

zabbix-agent.yml

zabbix: Playbooks for Zabbix server, agents

2018-04-14 15:31:17 -05:00

zabbix-server.yml

zabbix: Playbooks for Zabbix server, agents

2018-04-14 15:31:17 -05:00

zabbix.yml

zabbix: Playbooks for Zabbix server, agents

2018-04-14 15:31:17 -05:00