Add Nagios and some dysfunctional templating code

2021-08-08 00:28:18 -05:00 · 2021-08-08 00:28:18 -05:00 · 5d5cab59eb
commit 5d5cab59eb
parent 691a934297
3 changed files with 59 additions and 0 deletions
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@ -112,6 +112,15 @@ gitea_internal_token: !vault |
          62633234313261363537663061373931303832653531356566633739636264666635653936313965
          623964653936646334313864643030653763

+# For Nagios
+secret_nagios_admin_pass: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          64333231393831303031616363363030613464653161313531316465346263313063626638363437
+          3965303861646232393663633066363039636637343161340a643162633133336335313632383861
+          34616338636630633539353335336631313361656633333539323130626132356263653436343363
+          3930323538613137370a373861376566376631356564623665313662636562626234643862343863
+          61326232633266633262613931303631396163326266386363366639366639613938
+
 # For Netbox
 secret_netbox_user_pass: !vault |
          $ANSIBLE_VAULT;1.1;AES256
--- a/playbooks/tasks/web/nagios.yml
+++ b/playbooks/tasks/web/nagios.yml
@ -0,0 +1,35 @@
+# vim:ft=ansible:
+- name: assure data directory for nagios
+  file: path=/data/nagios state=directory mode=0755
+  tags: [ nagios ]
+- name: assure ssmtp.conf file for nagios
+  file: path=/data/nagios/ssmtp.conf state=file mode=0640
+  tags: [ nagios ]
+- name: template out hosts for nagios
+  template:
+    src: |
+      {% for host in query('netbox.netbox.nb_lookup', 'devices', api_endpoint='https://netbox.desu.ltd', token=secret_netbox_api_token)%}
+      {{ host }}
+      {% endfor %}
+    dest: /data/nagios/etc/objects/ansible-hosts.cfg
+    owner: root
+    group: root
+    mode: 0644
+  tags: [ nagios, template ]
+- name: docker deploy nagios
+  docker_container:
+    name: nagios
+    image: manios/nagios
+    env:
+      NAGIOSADMIN_USER: admin
+      NAGIOSADMIN_PASS: "{{ secret_nagios_admin_pass }}"
+      TZ: "America/Chicago"
+    networks:
+      - name: web
+        aliases: [ "nagios" ]
+    volumes:
+      - /data/nagios/etc:/opt/nagios/etc
+      - /data/nagios/var:/opt/nagios/var
+      - /data/nagios/plugins:/opt/Custom-Nagios-Plugins
+      - /data/nagios/ssmtp.conf:/etc/ssmtp/ssmtp.conf
+  tags: [ docker, nagios ]
--- a/playbooks/web.yml
+++ b/playbooks/web.yml
@ -153,6 +153,19 @@
              proxy_pass http://netbox:8080;
            }
          }
+          server {
+            listen 443 ssl;
+            server_name nagios.desu.ltd;
+            ssl_certificate /etc/letsencrypt/live/netbox.desu.ltd/fullchain.pem;
+            ssl_certificate_key /etc/letsencrypt/live/netbox.desu.ltd/privkey.pem;
+            ssl_trusted_certificate /etc/letsencrypt/live/netbox.desu.ltd/chain.pem;
+            ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
+            location / {
+              proxy_set_header Host $host;
+              proxy_set_header X-Real-IP $remote_addr;
+              proxy_pass http://nagios:80;
+            }
+          }
      tags: [ docker, ingress ]
    - name: include tasks for apps
      include_tasks: tasks/app/{{ task }}
@ -165,6 +178,8 @@
      include_tasks: tasks/web/{{ task }}
      with_items:
        - netbox.yml
+        - nagios.yml
+        - ingress-generic.yml
      loop_control:
        loop_var: task
      tags: [ always ]