sheppy/no-secrets-athq-ansible
1
0
Fork 0
mirror of https://github.com/FAUSheppy/no-secrets-athq-ansible synced 2026-06-20 05:52:38 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

initial: no secrets

Browse Source
This commit is contained in:
Johnathen Sheppard
2024-02-12 17:01:18 +01:00
commit cf9efd55b5
186 changed files with 8697 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
roles/monitoring-master/tasks/icinga.yaml
+189
View File
@@ -0,0 +1,189 @@
- name: Install Dependecies
apt:
pkg:
- git
- docker-compose
- nginx
state: present
- name: Clone Passive Monitoring
git:
repo: https://github.com/FAUSheppy/icinga-passive-checks-monitoring
dest: "/etc/monitoring/"
version: master
- name: Clone Monitoring tools
git:
repo: https://github.com/FAUSheppy/monitoring-tools
dest: "/etc/monitoring-tools/"
version: master
notify: restart icinga
- name: Set monitoring tools permissions
file:
dest: /etc/monitoring-tools/
owner: root
mode: u=rwX,g=rX,o=rX
recurse: yes
- name: Set monitoring permissions
file:
dest: /etc/monitoring/
owner: root
mode: u=rwX,g=rX,o=rX
recurse: yes
- name: Copy nsca-ng and send_nsca to /bin/
copy:
src: nsca-ng
dest: /bin/nsca-ng
mode: 0755
- name: Copy nsca-ng and send_nsca to /bin/
copy:
src: send_nsca
dest: /bin/send_nsca
mode: 0755
- name: Create nsca server directory
file:
path: /etc/nsca-ng/
mode: 0750
owner: root
group: nagios
- name: Copy nsca server config
copy:
src: nsca_server.conf
dest: /etc/nsca-ng/nsca-ng.cfg
owner: root
group: nagios
mode: 0644
notify:
- nsca-ng service reload
- name: Copy nsca systemd unit
copy:
src: nsca-ng.service
dest: /etc/systemd/user/nsca-ng.service
mode: 0644
notify:
- nsca-ng service reload
- name: Enable and start nsca-ng
systemd:
name: nsca-ng.service
state: started
enabled: yes
- name: Copy icinga configuration
copy:
src: "{{ item }}"
dest: /etc/icinga2/conf.d/
owner: root
group: nagios
mode: 0640
with_items:
- icinga_master_hosts.conf
- services_vhosts_http_checks.conf
- services_passive.conf
- services_passive_mail_extern.conf
- services_async.conf
- users.conf
- michy-ese-server.conf
- async-icinga-services-dynamic.conf
notify:
- restart icinga
- name: Template icinga configuration
template:
src: "{{ item }}"
dest: /etc/icinga2/conf.d/
owner: root
group: nagios
mode: 0640
with_items:
- mail_notifications.conf
notify:
- restart icinga
- name: Change icinga log level
lineinfile:
path: /etc/icinga2/features-enabled/mainlog.conf
line: ' severity = "warning"'
notify: restart icinga
- name: Add signal vars
lineinfile:
path: /etc/icinga2/constants.conf
line: "{{ item }}"
with_items:
# WARNING ME LAZY BITCH, YOU HAVE TO DELETE THOSE ON THE SERVER OR IT WONT WORK #
# i mean it will work because they will be added at the end and overwrite
# previous definitions but ya know write a regex its fucking 03:39 am
- 'const signal_gateway_host = "{{ event_dispatcher_host }}"'
- 'const signal_gateway_port = "{{ event_dispatcher_port }}"'
- 'const signal_gateway_proto = "{{ event_dispatcher_proto }}"'
notify: restart icinga
- name: Signal command loaded from monitoring tools
lineinfile:
path: /etc/icinga2/icinga2.conf
line: '"include /etc/monitoring-tools/commands.d/signal-notify.conf"'
notify:
- restart icinga
- name: OAuth2Proxy directories
file:
path: "/opt/oauth2proxy/{{ item }}/"
state: directory
recurse: yes
with_items:
- icinga
- name: include services ports
include_vars: services.yaml
- name: Deploy OAuth2Proxy compose files
template:
src: oauth-standalone-docker-compose.yaml
dest: "/opt/oauth2proxy/{{ item }}/docker-compose.yaml"
with_items:
- icinga
- name: Deploy OAuth2Proxy
community.docker.docker_compose:
project_src: /opt/oauth2proxy/{{ item }}/
pull: true
with_items:
- icinga
- name: Copy icinga web nginx conf
copy:
src: icinga-nginx.conf
dest: /etc/nginx/sites-enabled/icinga.conf
mode: 0755
notify:
- restart nginx
- name: Copy icingaweb2-config
template:
src: "icingaweb2/{{ item }}"
dest: "/etc/icingaweb2/{{ item }}"
mode: 0660
owner: root
group: icingaweb2
with_items:
- resources.ini
- roles.ini
- config.ini
- authentication.ini
- groups.ini
- name: Template dispatcher gateway passfile
template:
src: dispatcher-pass-file.txt
dest: /etc/icinga2/dispatcher-pass-file.txt
mode: 0660
owner: root
group: nagios
roles/monitoring-master/tasks/icinga_postfix.yaml
+11
View File
@@ -0,0 +1,11 @@
- name: install postfix
apt:
pkg:
- postfix
- name: copy postfix config
template:
src: postfix_main.cf
dest: /etc/postfix/main.cf
notify:
- restart postfix
roles/monitoring-master/tasks/logs.yaml
+31
View File
@@ -0,0 +1,31 @@
- name: Copy influx apt keyring
copy:
src: influx-repo.gpg
dest: /usr/share/keyrings/
mode: 0644
notify:
- apt update
- name: Add Influx repo
copy:
src: influxdb.list
dest: /etc/apt/sources.list.d/influxdb.list
mode: 0644
notify:
apt update
- meta: flush_handlers
- name: Install Telegraf
apt:
pkg:
- telegraf
- name: Copy telegraf config files
template:
src: "{{ item }}"
dest: /etc/telegraf/telegraf.d/
with_items:
- telegraf_influxdb.conf
- telegraf_rsyslog_input.conf
notify: restart telegraf
roles/monitoring-master/tasks/main.yaml
+44
View File
@@ -0,0 +1,44 @@
- name: Icinga
include: icinga.yaml
when: monitoring_master
tags:
- icinga
- monitoring-master
- name: Postfix/Mail for icinga
include: icinga_postfix.yaml
when: monitoring_master
tags:
- icinga
- monitoring-master
- name: logs.yaml
include: logs.yaml
when: monitoring_master
tags:
- grafana
- monitoring-master
- name: Report to Rudi nsca cfg
copy:
src: report_to_rudi_send_nsca_rudi.cfg
dest: /etc/report_to_rudi_send_nsca_rudi.cfg
mode: 0666
tags:
- monitoring-master
- name: Report to Rudi monitoring cfg
copy:
src: report_to_rudi_monitoring.conf
dest: /etc/report_to_rudi_monitoring.conf
mode: 0666
tags:
- monitoring-master
- name: Add Report to Rudi cron
cron:
name: "Monitoring at Rudi"
job: /etc/monitoring/monitoring-report.py -H atlantishq.de -c /etc/report_to_rudi_monitoring.conf --nsca-config /etc/report_to_rudi_send_nsca_rudi.cfg
minute: "*"
hour: "*"
day: "*"