Add Nagios

This commit is contained in:
Salt 2020-07-23 23:13:16 -05:00
parent 2183d5778e
commit c6195d3def
8 changed files with 120 additions and 0 deletions

View File

@ -73,6 +73,15 @@ matrix_server_name: "9iron.club"
matrix_url: "matrix.9iron.club"
matrix_enable_registration: "true"
matrix_admin_contact: "mailto:rehashedsalt@cock.li"
# Nagios
nagios_user_name: salt
nagios_user_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
35353561366233326536313430346266663631663137366130396435363932333766306438323166
6437353630373631393938396232343065396162313732610a653433323466613636393437656663
33396133643730636632613637653164666638346562656463613931663831373039313632363863
3062393539633736610a303932383066663638636165363736323738323838366233333338636636
39663064356363656130386235333566636566303263363365363933656231373733
# Nextcloud
nextcloud_mysql_password: !vault |
$ANSIBLE_VAULT;1.1;AES256

View File

@ -36,3 +36,13 @@
gitweb_url: "www.9iron.club"
gitweb_webroot: "/var/www/www"
tags: [ web, webroot ]
- hosts: web2
roles:
- role: backups
tags: [ backups ]
- role: postfix-ses
tags: [ postfix ]
- role: nagios
vars:
nagios_url: "nagios.9iron.club"
tags: [ web, nagios ]

View File

@ -21,6 +21,7 @@
- php-zip
- php-cgi
- php-cli
- python3-passlib # For htpasswd support
- name: Find PHP config directory
find:
paths: /etc/php

View File

@ -0,0 +1,2 @@
# vim:ft=ansible:
nagios_webroot: /usr/share/nagios3/htdocs

View File

@ -0,0 +1,8 @@
#!/usr/bin/ansible-playbook
# vim:ft=ansible:
---
- name: restart nagios
systemd:
name: nagios
state: restarted
become: yes

View File

@ -0,0 +1,5 @@
---
allow_duplicates: no
dependencies:
- role: apache-php
- role: postfix-ses

View File

@ -0,0 +1,53 @@
#!/usr/bin/ansible-playbook
# vim:ft=ansible:
---
- name: Install and configure Nagios
block:
- name: Install packages
block:
- name: Install Nagios package
apt:
name:
- nagios3
- name: Assure CNAME record
route53:
state: present
overwrite: yes
zone: "{{ zone }}"
type: CNAME
record: "{{ nagios_url }}"
ttl: 3600
value:
- "{{ inventory_hostname }}.{{ zone }}."
- name: Set up Apache
block:
- name: Enable modules
command:
cmd: a2enmod "{{ item }}"
creates: "/etc/apache2/mods-enabled/{{ item }}.load"
loop:
- cgi
- rewrite
notify: restart apache
- name: Assure admin user
htpasswd:
path: /etc/nagios3/htpasswd.users
name: "{{ nagios_user_name }}"
password: "{{ nagios_user_password }}"
notify: restart nagios
- name: Template out vhost
template:
src: "apache2-vhost-ssl.conf"
dest: "/etc/apache2/sites-available/{{ nagios_url }}.conf"
notify: restart apache
- name: Enable site
command:
cmd: "a2ensite {{ nagios_url }}.conf"
creates: "/etc/apache2/sites-enabled/{{ nagios_url }}.conf"
notify: restart apache
- name: Generate certificate
include_role:
name: https
vars:
website_url: "{{ nagios_url }}"
become: yes

View File

@ -0,0 +1,32 @@
# Configuration for {{ nagios_url }}
# vim:ft=apache:
# Accept connections from non-SNI clients
SSLStrictSNIVHostCheck off
# Website configuration
<VirtualHost *:80>
ServerName {{ nagios_url }}
Redirect permanent / https://{{ nagios_url }}
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/cert/crt/{{ nagios_url }}.crt
SSLCertificateKeyFile /etc/pki/cert/private/{{ nagios_url }}.key
SSLCertificateChainFile /etc/pki/cert/crt/{{ nagios_url}}-fullchain.crt
SSLProtocol {{ ssl_protocol }}
SSLCipherSuite {{ ssl_cipher_suite }}
<FilesMatch "\.(cgi|shtml|phtml|php)$">\
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
ServerName {{ nagios_url }}
DocumentRoot {{ nagios_webroot }}
<Directory "{{ nagios_webroot }}">
Require all granted
AllowOverride All
Options MultiViews FollowSymlinks
</Directory>
</VirtualHost>