#!/usr/bin/env ansible-playbook
# vim:ft=ansible:
---
- hosts: tags_nagios
  gather_facts: no
  roles:
    - role: git
      vars:
        git_repos:
          - repo: https://git.desu.ltd/salt/monitoring-scripts
            dest: /usr/local/bin/monitoring-scripts
      tags: [ nagios, git ]
  tasks:
    - name: assure nagios plugin packages
      apt: name=monitoring-plugins,nagios-plugins-contrib
      tags: [ nagios ]
    - name: assure nagios user
      user: name=nagios-checker state=present system=yes
      tags: [ nagios ]
    - name: assure nagios user ssh key
      authorized_key:
        user: nagios-checker
        state: present
        key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKNavw28C0mKIQVRLQDW2aoovliU1XCGaenDhIMwumK/ Nagios monitoring"
      tags: [ nagios ]
    - name: assure nagios user sudo rule file
      file: path=/etc/sudoers.d/50-nagios-checker mode=0750 owner=root group=root state=touch modification_time=preserve access_time=preserve
      tags: [ nagios, sudo ]
    - name: assure nagios user sudo rules
      lineinfile:
        path: /etc/sudoers.d/50-nagios-checker
        line: "nagios-checker ALL = (root) NOPASSWD: {{ item }}"
      with_items:
        - /usr/lib/nagios/plugins/check_disk
        - /usr/local/bin/monitoring-scripts/check_docker
        - /usr/local/bin/monitoring-scripts/check_temp
      tags: [ nagios, sudo ]
- hosts: all
  gather_facts: no
  tasks:
    - name: disable nagios user when not tagged
      user: name=nagios-checker state=absent remove=yes
      when: "'tags_nagios' not in group_names"
      tags: [ nagios ]