initial: no secrets

roles/monitoring-master/files/icinga-nginx.conf

@@ -0,0 +1,32 @@
+server {
+    listen 80;
+    listen 9080;
+    server_name icinga.atlantishq.de;
+
+    #auth_basic "ICINGA";
+    #auth_basic_user_file /etc/nginx/auth/stats_auth;
+
+    access_log /var/log/nginx/access-icinga.log;
+    error_log /var/log/nginx/error-icinga.log; 
+    location = / {  
+       return 302 https://icinga.atlantishq.de/icingaweb2;
+    }
+        
+    ##### ICINGA WEB #####
+    location ~ ^/icingaweb2/index\.php(.*)$ {
+            include fastcgi.conf;
+            include fastcgi_params;
+            # fastcgi_temp_path fastcgi;
+            fastcgi_pass  unix:/etc/alternatives/php-fpm.sock;
+            fastcgi_index index.php;
+            # fastcgi_param SCRIPT_NAME /usr/share/icingaweb2/public/index.php;
+            fastcgi_param SCRIPT_FILENAME /usr/share/icingaweb2/public/index.php;
+            fastcgi_param ICINGAWEB_CONFIGDIR /etc/icingaweb2;
+            fastcgi_param REMOTE_USER $http_x_forwarded_preferred_username;
+    }
+    location ~ ^/icingaweb2(.+)? {
+        alias /usr/share/icingaweb2/public;
+        index index.php;
+        try_files $1 $uri $uri/ /icingaweb2/index.php$is_args$args;
+    }
+}

roles/monitoring-master/files/michy-ese-server.conf

@@ -0,0 +1,52 @@
+object Host "esports-erlangen.de" {
+
+  import "generic-host"
+
+  address	= "esports-erlangen.de"
+  name      = "esports-erlangen.de"
+  check_command = "hostalive4"
+  vars.linux 	= "true"
+
+
+  max_check_attempts = 5
+  retry_interval     = 1m
+
+  vars.notification["mail"] = {
+    groups = ["ese"]
+  }
+
+}
+
+apply Service "dovecot-imap-tls-993" {
+    import "generic-service"
+    check_command = "ssl"
+    vars.host = host.address
+    vars.port = 993
+    assign where host.name == "esports-erlangen.de"
+}
+
+apply Service "postfix-smtp-25" {
+    import "generic-service"
+    check_command = "smtp"
+    vars.host = host.address
+    vars.protocol = "smtp"
+    vars.port = 25
+    assign where host.name == "esports-erlangen.de"
+}
+
+apply Service "postfix-smtp-starttls-25" {
+    import "generic-service"
+    check_command = "ssl"
+    vars.host = host.address
+    vars.protocol = "smtp"
+    vars.port = 25
+    assign where host.name == "esports-erlangen.de"
+}
+
+apply Service "website-http" {
+    import "generic-service"
+    check_command = "http"
+    vars.host = "www.esports-erlangen.de"
+    vars.ssl = true
+    assign where host.name == "esports-erlangen.de"
+}

roles/monitoring-master/files/nsca-ng.service

@@ -0,0 +1,11 @@
+[Unit]
+Description=Monitoring Command Acceptor
+
+[Service]
+ExecStart=/usr/sbin/nsca-ng
+Type=forking
+User=root
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target

roles/monitoring-master/files/report_to_rudi_monitoring.conf

@@ -0,0 +1,2 @@
+nagios	sheppy-icinga	/usr/local/bin/icinga/check_icinga_self
+nobody	sheppy-mail	/bin/true

roles/monitoring-master/files/report_to_rudi_send_nsca_rudi.cfg

@@ -0,0 +1,4 @@
+identity = "atlantishq.de"
+password = ""
+server   = "kraftwerk.ruderich.eu"
+tls_ciphers = "PSK-AES256-CBC-SHA"

roles/monitoring-master/files/services_async.conf

@@ -0,0 +1,147 @@
+object CheckCommand "gateway" {
+    command = [ "/etc/icinga2/icinga-webhook-gateway/icinga-gateway-command.py" ]
+    arguments = {
+	    "--protocol" = "$protocol$",
+        "--host"     = "$host$",
+	    "--port"     = "$port$",
+        "--service"  = "$service_name$"
+    }
+}
+
+object Host "THS" {
+
+  import "generic-host"
+
+  address	= "localhost"
+  name      = "THS"
+  vars.async 	= "true"
+  vars.linux 	= "true"
+
+  vars.ssl_address = "async-icinga.atlantishq.de"
+  vars.ssl_port = "443"
+
+  check_command = "http"
+
+  max_check_attempts = 5
+  retry_interval     = 1m
+
+}
+
+object Host "atlantispc" {
+
+  import "generic-host"
+
+  address	= "localhost"
+  name      = "atlantispc"
+  vars.async 	= "true"
+  vars.linux 	= "true"
+
+  vars.ssl_address = "async-icinga.atlantishq.de"
+  vars.ssl_port = "443"
+
+  check_command = "http"
+
+  max_check_attempts = 5
+  retry_interval     = 1m
+
+}
+
+object Host "atlantislaptop" {
+
+  import "generic-host"
+
+  address	= "localhost"
+  name      = "atlantislaptop"
+  vars.async 	= "true"
+  vars.linux 	= "true"
+
+  vars.ssl_address = "async-icinga.atlantishq.de"
+  vars.ssl_port = "443"
+
+  check_command = "http"
+
+  max_check_attempts = 5
+  retry_interval     = 1m
+
+}
+
+apply Service "apt_atlantis_laptop" {
+    import "generic-service"
+    check_command = "gateway"
+    vars.protocol = "https"
+    vars.host = "async-icinga.atlantishq.de"
+    vars.service_name = "apt_atlantis_laptop"
+    assign where host.name == "atlantislaptop"
+}
+
+apply Service "apt_atlantis_pc" {
+    import "generic-service"
+    check_command = "gateway"
+    vars.protocol = "https"
+    vars.host = "async-icinga.atlantishq.de"
+    vars.service_name = "apt_atlantis_pc"
+    assign where host.name == "atlantispc"
+}
+
+apply Service "backup_atlantis_laptop" {
+    import "generic-service"
+    check_command = "gateway"
+    vars.protocol = "https"
+    vars.host = "async-icinga.atlantishq.de"
+    vars.service_name = "backup_atlantis_laptop"
+    assign where host.name == "atlantispc"
+}
+
+apply Service "backup_ths_storrage_box" {
+    import "generic-service"
+    check_command = "gateway"
+    vars.protocol = "https"
+    vars.host = "async-icinga.atlantishq.de"
+    vars.service_name = "backup_ths_storrage_box"
+    assign where host.name == "atlantispc"
+}
+
+apply Service "backup_ths" {
+    import "generic-service"
+    check_command = "gateway"
+    vars.protocol = "https"
+    vars.host = "async-icinga.atlantishq.de"
+    vars.service_name = "backup_ths"
+    assign where host.name == "THS"
+}
+
+apply Service "ths_auftragsdatenbank" {
+    import "generic-service"
+    check_command = "gateway"
+    vars.protocol = "https"
+    vars.host = "async-icinga.atlantishq.de"
+    vars.service_name = "ths_auftragsdatenbank"
+    assign where host.name == "THS"
+}
+
+apply Service "mail_atlantishq" {
+    import "generic-service"
+    check_command = "gateway"
+    vars.protocol = "https"
+    vars.host = "async-icinga.atlantishq.de"
+    vars.service_name = "mail_atlantishq"
+    assign where host.name == "async_icinga"
+}
+
+apply Service "ths_caldav_backup" {
+    import "generic-service"
+    check_command = "gateway"
+    vars.protocol = "https"
+    vars.host = "async-icinga.atlantishq.de"
+    vars.service_name = "ths_caldav_backup"
+    assign where host.name == "async_icinga"
+}
+
+apply Service "slapd_backup" {
+    import "generic-service"
+    check_command = "gateway"
+    vars.protocol = "https"
+    vars.host = "async-icinga.atlantishq.de"
+    vars.service_name = "slapd_backup"
+    assign where host.name == "async_icinga"
+}

roles/monitoring-master/files/services_passive.conf

@@ -0,0 +1,54 @@
+apply Service "systemd" {
+    import "remote_passive"
+    assign where host.vars.remote
+}
+
+apply Service "disk-remote" {
+    import "remote_passive"
+    assign where host.vars.remote
+}
+
+apply Service "load-remote" {
+    import "remote_passive"
+    assign where host.vars.remote
+}
+
+apply Service "procs-remote" {
+    import "remote_passive"
+    assign where host.vars.remote
+}
+
+apply Service "insurgency-1" {
+    import "remote_passive"
+ 	assign where host.name == "steam"
+}
+
+apply Service "insurgency-2" {
+    import "remote_passive"
+ 	assign where host.name == "steam"
+}
+
+apply Service "irc" {
+    import "remote_passive"
+ 	assign where host.name == "irc"
+}
+
+apply Service "wireguard-darknet-rudi" {
+    import "remote_passive"
+ 	assign where host.name == "vpn"
+}
+
+apply Service "wireguard-darknet-hase" {
+    import "remote_passive"
+ 	assign where host.name == "vpn"
+}
+
+#apply Service "darknet-reachable" {
+#    import "remote_passive"
+# 	assign where host.name == "vpn"
+#}
+
+apply Service "mail_queue" {
+    import "remote_passive"
+    assign where host.name == "mail"
+}

roles/monitoring-master/files/services_passive_mail_extern.conf

@@ -0,0 +1,15 @@
+apply Service "MAIL-postfix-tls" {
+	import "generic-service"
+	check_command = "ssl"
+	vars.ssl_address = "192.168.122.101"
+	vars.ssl_port = "465"
+ 	assign where host.name == "mail"
+}
+
+apply Service "IMAP-dovecot-tls" {
+	import "generic-service"
+	check_command = "ssl"
+	vars.ssl_address = "192.168.122.101"
+	vars.ssl_port = "993"
+ 	assign where host.name == "mail"
+}

roles/monitoring-master/files/services_vhosts_http_checks.conf

@@ -0,0 +1,7 @@
+apply Service for (http_vhost => config in host.vars.http_vhosts) {
+  import "generic-service"
+
+  check_command = "http"
+
+  vars += config
+}

roles/monitoring-master/files/users.conf

@@ -0,0 +1,25 @@
+object User "michy" {
+  import "generic-user"
+
+  display_name = "Michy Monitoring"
+  groups =  ["ese"]
+
+  email = "ipatix@atlantishq.de"
+}
+
+object User "icingaadmin" {
+  import "generic-user"
+
+  display_name = "Icinga 2 Admin"
+  groups = [ "icingaadmins" ]
+
+  email = "sheppy@atlantishq.de"
+}
+
+object UserGroup "icingaadmins" {
+  display_name = "Icinga 2 Admin Group"
+}
+
+object UserGroup "ese" {
+  display_name = "ESports-Erlangen Gruppe"
+}