diff --git a/bundles/postfix/items.py b/bundles/postfix/items.py index 3adef9f..69c52e5 100644 --- a/bundles/postfix/items.py +++ b/bundles/postfix/items.py @@ -86,6 +86,8 @@ if node.has_bundle('telegraf'): 'needs': [ 'pkg_apt:acl', 'svc_systemd:postfix', + 'svc_systemd:postfix:reload', + 'svc_systemd:postfix:restart', ], } actions['postfix_setfacl_default_telegraf'] = { @@ -94,5 +96,7 @@ if node.has_bundle('telegraf'): 'needs': [ 'pkg_apt:acl', 'svc_systemd:postfix', + 'svc_systemd:postfix:reload', + 'svc_systemd:postfix:restart', ], } diff --git a/bundles/telegraf/items.py b/bundles/telegraf/items.py index da58a3e..6974535 100644 --- a/bundles/telegraf/items.py +++ b/bundles/telegraf/items.py @@ -15,16 +15,16 @@ files = { 'svc_systemd:telegraf:restart', ], }, - # '/usr/local/share/telegraf/procio': { - # 'content_type': 'download', - # 'source': f"https://dl.sublimity.de/telegraf-procio/telegraf-procio-{node.metadata.get('system/architecture')}-latest", - # 'mode': '0755', - # }, - # '/usr/local/share/telegraf/pressure_stall': { - # 'content_type': 'download', - # 'source': f"https://dl.sublimity.de/telegraf-pressure-stall/telegraf-pressure-stall-{node.metadata.get('system/architecture')}-latest", - # 'mode': '0755', - # }, + '/usr/local/share/telegraf/procio': { + 'content_type': 'download', + 'source': f"https://dl.sublimity.de/telegraf-procio/telegraf-procio-{node.metadata.get('system/architecture')}-latest", + 'mode': '0755', + }, + '/usr/local/share/telegraf/pressure_stall': { + 'content_type': 'download', + 'source': f"https://dl.sublimity.de/telegraf-pressure-stall/telegraf-pressure-stall-{node.metadata.get('system/architecture')}-latest", + 'mode': '0755', + }, } svc_systemd['telegraf'] = { diff --git a/bundles/telegraf/metadata.py b/bundles/telegraf/metadata.py index 38835cb..18bcb2f 100644 --- a/bundles/telegraf/metadata.py +++ b/bundles/telegraf/metadata.py @@ -73,20 +73,20 @@ defaults = { 'system': {h({})}, 'net': {h({})}, 'exec': { - # h({ - # 'commands': [ - # f'sudo /usr/local/share/telegraf/procio', - # ], - # 'data_format': 'influx', - # 'interval': '20s', - # }), - # h({ - # 'commands': [ - # f'/usr/local/share/telegraf/pressure_stall', - # ], - # 'data_format': 'influx', - # 'interval': '10s', - # }), + h({ + 'commands': [ + f'sudo /usr/local/share/telegraf/procio', + ], + 'data_format': 'influx', + 'interval': '20s', + }), + h({ + 'commands': [ + f'/usr/local/share/telegraf/pressure_stall', + ], + 'data_format': 'influx', + 'interval': '10s', + }), }, }, }, diff --git a/nodes/home.router.py b/nodes/home.router.py index ff93df8..e4913a4 100644 --- a/nodes/home.router.py +++ b/nodes/home.router.py @@ -42,6 +42,17 @@ ], }, }, + 'nftables': { + 'forward': { + # Drop DHCP client requests (UDP port 68) + 'udp sport 68 drop', + 'udp dport 68 drop', + + # Drop DHCP server responses (UDP port 67) + 'udp sport 67 drop', + 'udp dport 67 drop', + }, + }, 'sysctl': { 'net': { 'ipv4': { diff --git a/nodes/htz.mails.py b/nodes/htz.mails.py index b4356db..7a2181d 100644 --- a/nodes/htz.mails.py +++ b/nodes/htz.mails.py @@ -5,10 +5,10 @@ 'debian-12', 'hetzner-cloud', 'mailserver', - #'monitored', + 'monitored', 'webserver', 'dnsserver', - #'wordpress', + 'wordpress', #'left4dead2', ], 'bundles': [