feat: icinga mail notifications

roles/mail/files/opendkim/trusted.hosts

@@ -2,3 +2,4 @@
 localhost
 atlantishq.de
 192.168.122.112
+192.168.122.107

roles/mail/files/policy-spf/policyd-spf.conf

@@ -12,5 +12,5 @@ Mail_From_reject = False
 PermError_reject = False
 TempError_Defer = False
 
-skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1,192.168.122.112
+skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1,192.168.122.112,192.168.122.107
 

roles/monitoring-master/tasks/icinga.yaml

@@ -90,6 +90,18 @@
   notify:
     - restart icinga
 
+- name: Template icinga configuration
+  template:
+    src: "{{ item }}"
+    dest: /etc/icinga2/conf.d/
+    owner: root
+    group: nagios
+    mode: 0640
+  with_items:
+    - mail_notifications.conf
+  notify:
+    - restart icinga
+
 - name: Change icinga log level
   lineinfile:
     path: /etc/icinga2/features-enabled/mainlog.conf

roles/monitoring-master/tasks/icinga_postfix.yaml

@@ -0,0 +1,11 @@
+- name: install postfix
+  apt:
+    pkg:
+        - postfix
+
+- name: copy postfix config
+  template:
+    src: postfix_main.cf
+    dest: /etc/postfix/main.cf
+  notify:
+    - restart postfix

roles/monitoring-master/tasks/main.yaml

@@ -5,6 +5,13 @@
     - icinga
     - monitoring-master
 
+- name: Postfix/Mail for icinga
+  include: icinga_postfix.yaml
+  when: monitoring_master
+  tags:
+    - icinga
+    - monitoring-master
+
 - name: Grafana.yaml
   include: icinga.yaml
   when: monitoring_master

roles/monitoring-master/templates/mail_notifications.conf

@@ -0,0 +1,25 @@
+apply Notification "mail-icingaadmin" to Host {
+  import "mail-host-notification"
+
+  user_groups = host.vars.notification.mail.groups
+  users = host.vars.notification.mail.users
+
+  interval = 2h
+
+  vars.notification_logtosyslog = true
+  vars.notification_from = "Icinga <{{ smtp_service_user }}@atlantishq.de>"
+
+  assign where host.vars.notification.mail
+}
+
+apply Notification "mail-icingaadmin" to Service {
+  import "mail-service-notification"
+
+  user_groups = host.vars.notification.mail.groups
+  users = host.vars.notification.mail.users
+
+  interval = 2h
+  vars.notification_logtosyslog = true
+  vars.notification_from = "Icinga <{{ smtp_service_user }}@atlantishq.de>"
+  assign where host.vars.notification.mail
+}

roles/monitoring-master/templates/postfix_main.cf

@@ -0,0 +1,13 @@
+# Set username and password
+smtp_sasl_password_maps = static:{{ smtp_service_user }}:{{ smtp_service_pass }}
+smtp_sasl_security_options = noanonymous
+
+# Turn on tls encryption 
+# smtp_tls_security_level = encrypt
+header_size_limit = 4096000
+
+# Set external SMTP relay host here IP or hostname accepted along with a port number. 
+relayhost = {{ smtp_internal_host }}:25
+
+# accept email from our web-server only (adjust to match your VPC/VLAN etc)
+inet_interfaces = 127.0.0.1