Add Nagios
This commit is contained in:
parent
2183d5778e
commit
c6195d3def
@ -73,6 +73,15 @@ matrix_server_name: "9iron.club"
|
||||
matrix_url: "matrix.9iron.club"
|
||||
matrix_enable_registration: "true"
|
||||
matrix_admin_contact: "mailto:rehashedsalt@cock.li"
|
||||
# Nagios
|
||||
nagios_user_name: salt
|
||||
nagios_user_password: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
35353561366233326536313430346266663631663137366130396435363932333766306438323166
|
||||
6437353630373631393938396232343065396162313732610a653433323466613636393437656663
|
||||
33396133643730636632613637653164666638346562656463613931663831373039313632363863
|
||||
3062393539633736610a303932383066663638636165363736323738323838366233333338636636
|
||||
39663064356363656130386235333566636566303263363365363933656231373733
|
||||
# Nextcloud
|
||||
nextcloud_mysql_password: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
|
@ -36,3 +36,13 @@
|
||||
gitweb_url: "www.9iron.club"
|
||||
gitweb_webroot: "/var/www/www"
|
||||
tags: [ web, webroot ]
|
||||
- hosts: web2
|
||||
roles:
|
||||
- role: backups
|
||||
tags: [ backups ]
|
||||
- role: postfix-ses
|
||||
tags: [ postfix ]
|
||||
- role: nagios
|
||||
vars:
|
||||
nagios_url: "nagios.9iron.club"
|
||||
tags: [ web, nagios ]
|
||||
|
@ -21,6 +21,7 @@
|
||||
- php-zip
|
||||
- php-cgi
|
||||
- php-cli
|
||||
- python3-passlib # For htpasswd support
|
||||
- name: Find PHP config directory
|
||||
find:
|
||||
paths: /etc/php
|
||||
|
2
roles/nagios/defaults/main.yml
Normal file
2
roles/nagios/defaults/main.yml
Normal file
@ -0,0 +1,2 @@
|
||||
# vim:ft=ansible:
|
||||
nagios_webroot: /usr/share/nagios3/htdocs
|
8
roles/nagios/handlers/main.yml
Normal file
8
roles/nagios/handlers/main.yml
Normal file
@ -0,0 +1,8 @@
|
||||
#!/usr/bin/ansible-playbook
|
||||
# vim:ft=ansible:
|
||||
---
|
||||
- name: restart nagios
|
||||
systemd:
|
||||
name: nagios
|
||||
state: restarted
|
||||
become: yes
|
5
roles/nagios/meta/main.yml
Normal file
5
roles/nagios/meta/main.yml
Normal file
@ -0,0 +1,5 @@
|
||||
---
|
||||
allow_duplicates: no
|
||||
dependencies:
|
||||
- role: apache-php
|
||||
- role: postfix-ses
|
53
roles/nagios/tasks/main.yml
Normal file
53
roles/nagios/tasks/main.yml
Normal file
@ -0,0 +1,53 @@
|
||||
#!/usr/bin/ansible-playbook
|
||||
# vim:ft=ansible:
|
||||
---
|
||||
- name: Install and configure Nagios
|
||||
block:
|
||||
- name: Install packages
|
||||
block:
|
||||
- name: Install Nagios package
|
||||
apt:
|
||||
name:
|
||||
- nagios3
|
||||
- name: Assure CNAME record
|
||||
route53:
|
||||
state: present
|
||||
overwrite: yes
|
||||
zone: "{{ zone }}"
|
||||
type: CNAME
|
||||
record: "{{ nagios_url }}"
|
||||
ttl: 3600
|
||||
value:
|
||||
- "{{ inventory_hostname }}.{{ zone }}."
|
||||
- name: Set up Apache
|
||||
block:
|
||||
- name: Enable modules
|
||||
command:
|
||||
cmd: a2enmod "{{ item }}"
|
||||
creates: "/etc/apache2/mods-enabled/{{ item }}.load"
|
||||
loop:
|
||||
- cgi
|
||||
- rewrite
|
||||
notify: restart apache
|
||||
- name: Assure admin user
|
||||
htpasswd:
|
||||
path: /etc/nagios3/htpasswd.users
|
||||
name: "{{ nagios_user_name }}"
|
||||
password: "{{ nagios_user_password }}"
|
||||
notify: restart nagios
|
||||
- name: Template out vhost
|
||||
template:
|
||||
src: "apache2-vhost-ssl.conf"
|
||||
dest: "/etc/apache2/sites-available/{{ nagios_url }}.conf"
|
||||
notify: restart apache
|
||||
- name: Enable site
|
||||
command:
|
||||
cmd: "a2ensite {{ nagios_url }}.conf"
|
||||
creates: "/etc/apache2/sites-enabled/{{ nagios_url }}.conf"
|
||||
notify: restart apache
|
||||
- name: Generate certificate
|
||||
include_role:
|
||||
name: https
|
||||
vars:
|
||||
website_url: "{{ nagios_url }}"
|
||||
become: yes
|
32
roles/nagios/templates/apache2-vhost-ssl.conf
Normal file
32
roles/nagios/templates/apache2-vhost-ssl.conf
Normal file
@ -0,0 +1,32 @@
|
||||
# Configuration for {{ nagios_url }}
|
||||
# vim:ft=apache:
|
||||
|
||||
# Accept connections from non-SNI clients
|
||||
SSLStrictSNIVHostCheck off
|
||||
|
||||
# Website configuration
|
||||
<VirtualHost *:80>
|
||||
ServerName {{ nagios_url }}
|
||||
Redirect permanent / https://{{ nagios_url }}
|
||||
</VirtualHost>
|
||||
<VirtualHost *:443>
|
||||
SSLEngine on
|
||||
SSLCertificateFile /etc/pki/cert/crt/{{ nagios_url }}.crt
|
||||
SSLCertificateKeyFile /etc/pki/cert/private/{{ nagios_url }}.key
|
||||
SSLCertificateChainFile /etc/pki/cert/crt/{{ nagios_url}}-fullchain.crt
|
||||
SSLProtocol {{ ssl_protocol }}
|
||||
SSLCipherSuite {{ ssl_cipher_suite }}
|
||||
<FilesMatch "\.(cgi|shtml|phtml|php)$">\
|
||||
SSLOptions +StdEnvVars
|
||||
</FilesMatch>
|
||||
<Directory /usr/lib/cgi-bin>
|
||||
SSLOptions +StdEnvVars
|
||||
</Directory>
|
||||
ServerName {{ nagios_url }}
|
||||
DocumentRoot {{ nagios_webroot }}
|
||||
<Directory "{{ nagios_webroot }}">
|
||||
Require all granted
|
||||
AllowOverride All
|
||||
Options MultiViews FollowSymlinks
|
||||
</Directory>
|
||||
</VirtualHost>
|
Loading…
Reference in New Issue
Block a user