feat: icinga2 web oauth2

2025-12-07 00:01:36 +01:00 · 2023-06-27 15:50:26 +00:00
parent b001af119b
commit d2a589fee6
4 changed files with 83 additions and 1 deletions
--- a/group_vars/all.yaml
+++ b/group_vars/all.yaml
@@ -144,3 +144,15 @@ keycloak_clients:
        groups: "paperless"
        master_address: "https://paperless.atlantishq.de"
        skips:
+
+    icinga:
+        party_secret : "HISTORY_PURGED_SECRET"
+        client_id: z_icinga
+        client_secret: "HISTORY_PURGED_SECRET"
+        redirect_uris:
+            - "https://icinga.atlantishq.de/*"
+        description: "Icinga Web"
+        keycloak_id: "00000000-0000-0000-0000-000000000009"
+        groups: "monitoring"
+        master_address: "https://icinga.atlantishq.de"
+        skips:
--- a/roles/monitoring-master/files/icinga-nginx.conf
+++ b/roles/monitoring-master/files/icinga-nginx.conf
@@ -0,0 +1,32 @@
+server {
+    listen 80;
+    listen 9080;
+    server_name icinga.atlantishq.de;
+
+    #auth_basic "ICINGA";
+    #auth_basic_user_file /etc/nginx/auth/stats_auth;
+
+    access_log /var/log/nginx/access-icinga.log;
+    error_log /var/log/nginx/error-icinga.log; 
+    location = / {  
+       return 302 https://icinga.atlantishq.de/icingaweb2;
+    }
+        
+    ##### ICINGA WEB #####
+    location ~ ^/icingaweb2/index\.php(.*)$ {
+            include fastcgi.conf;
+            include fastcgi_params;
+            # fastcgi_temp_path fastcgi;
+            fastcgi_pass  unix:/etc/alternatives/php-fpm.sock;
+            fastcgi_index index.php;
+            # fastcgi_param SCRIPT_NAME /usr/share/icingaweb2/public/index.php;
+            fastcgi_param SCRIPT_FILENAME /usr/share/icingaweb2/public/index.php;
+            fastcgi_param ICINGAWEB_CONFIGDIR /etc/icingaweb2;
+            fastcgi_param REMOTE_USER $http_x_forwarded_preferred_username;
+    }
+    location ~ ^/icingaweb2(.+)? {
+        alias /usr/share/icingaweb2/public;
+        index index.php;
+        try_files $1 $uri $uri/ /icingaweb2/index.php$is_args$args;
+    }
+}
--- a/roles/monitoring-master/tasks/icinga.yaml
+++ b/roles/monitoring-master/tasks/icinga.yaml
@@ -1,6 +1,9 @@
 - name: Install Dependecies
  apt:
-    name: git
+    pkg:
+        - git
+        - docker-compose
+        - nginx
    state: present

 - name: Clone Passive Monitoring 
@@ -129,3 +132,36 @@
    line: '"include /etc/monitoring-tools/commands.d/signal-notify.conf"'
  notify:
    - restart icinga
+
+- name: OAuth2Proxy directories
+  file:
+    path: "/opt/oauth2proxy/{{ item }}/"
+    state: directory
+    recurse: yes
+  with_items:
+   - icinga
+
+- name: include services ports
+  include_vars: services.yaml
+
+- name: Deploy OAuth2Proxy compose files
+  template:
+    src: oauth-standalone-docker-compose.yaml
+    dest: "/opt/oauth2proxy/{{ item }}/docker-compose.yaml"
+  with_items:
+    - icinga
+
+- name: Deploy OAuth2Proxy
+  community.docker.docker_compose:
+    project_src: /opt/oauth2proxy/{{ item }}/
+    pull: true
+  with_items:
+    - icinga
+
+- name: Copy icinga web nginx conf
+  copy:
+    src: icinga-nginx.conf
+    dest: /etc/nginx/sites-enabled/icinga.conf
+    mode: 0755
+  notify:
+    - restart nginx
--- a/vars/services.yaml
+++ b/vars/services.yaml
@@ -15,3 +15,5 @@ services:
        port: 5011
    paperless:
        port: 8000
+    icinga:
+        port: 8080