sheppy/no-secrets-athq-ansible
1
0
Fork 0
mirror of https://github.com/FAUSheppy/no-secrets-athq-ansible synced 2025-12-08 03:31:36 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat: icinga2 web oauth2

Browse Source
This commit is contained in:
Johnathen Sheppard
2023-06-27 15:50:26 +00:00
parent b001af119b
commit d2a589fee6
4 changed files with 83 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
group_vars/all.yaml
View File

@@ -144,3 +144,15 @@ keycloak_clients:
groups: "paperless" groups: "paperless"
master_address: "https://paperless.atlantishq.de" master_address: "https://paperless.atlantishq.de"
skips: skips:
icinga:
party_secret : "HISTORY_PURGED_SECRET"
client_id: z_icinga
client_secret: "HISTORY_PURGED_SECRET"
redirect_uris:
- "https://icinga.atlantishq.de/*"
description: "Icinga Web"
keycloak_id: "00000000-0000-0000-0000-000000000009"
groups: "monitoring"
master_address: "https://icinga.atlantishq.de"
skips:

32
roles/monitoring-master/files/icinga-nginx.conf Normal file
View File

@@ -0,0 +1,32 @@
server {
listen 80;
listen 9080;
server_name icinga.atlantishq.de;
#auth_basic "ICINGA";
#auth_basic_user_file /etc/nginx/auth/stats_auth;
access_log /var/log/nginx/access-icinga.log;
error_log /var/log/nginx/error-icinga.log;
location = / {
return 302 https://icinga.atlantishq.de/icingaweb2;
}
##### ICINGA WEB #####
location ~ ^/icingaweb2/index\.php(.*)$ {
include fastcgi.conf;
include fastcgi_params;
# fastcgi_temp_path fastcgi;
fastcgi_pass unix:/etc/alternatives/php-fpm.sock;
fastcgi_index index.php;
# fastcgi_param SCRIPT_NAME /usr/share/icingaweb2/public/index.php;
fastcgi_param SCRIPT_FILENAME /usr/share/icingaweb2/public/index.php;
fastcgi_param ICINGAWEB_CONFIGDIR /etc/icingaweb2;
fastcgi_param REMOTE_USER $http_x_forwarded_preferred_username;
}
location ~ ^/icingaweb2(.+)? {
alias /usr/share/icingaweb2/public;
index index.php;
try_files $1 $uri $uri/ /icingaweb2/index.php$is_args$args;
}
}

38
roles/monitoring-master/tasks/icinga.yaml
View File

@@ -1,6 +1,9 @@
- name: Install Dependecies - name: Install Dependecies
apt: apt:
name: git pkg:
- git
- docker-compose
- nginx
state: present state: present
- name: Clone Passive Monitoring - name: Clone Passive Monitoring
@@ -129,3 +132,36 @@
line: '"include /etc/monitoring-tools/commands.d/signal-notify.conf"' line: '"include /etc/monitoring-tools/commands.d/signal-notify.conf"'
notify: notify:
- restart icinga - restart icinga
- name: OAuth2Proxy directories
file:
path: "/opt/oauth2proxy/{{ item }}/"
state: directory
recurse: yes
with_items:
- icinga
- name: include services ports
include_vars: services.yaml
- name: Deploy OAuth2Proxy compose files
template:
src: oauth-standalone-docker-compose.yaml
dest: "/opt/oauth2proxy/{{ item }}/docker-compose.yaml"
with_items:
- icinga
- name: Deploy OAuth2Proxy
community.docker.docker_compose:
project_src: /opt/oauth2proxy/{{ item }}/
pull: true
with_items:
- icinga
- name: Copy icinga web nginx conf
copy:
src: icinga-nginx.conf
dest: /etc/nginx/sites-enabled/icinga.conf
mode: 0755
notify:
- restart nginx

2
vars/services.yaml
View File

@@ -15,3 +15,5 @@ services:
port: 5011 port: 5011
paperless: paperless:
port: 8000 port: 8000
icinga:
port: 8080