# This file is managed via Ansible
# Any changes made WILL be overwritten

# Templates
define host {
	name			ansible-linux-server
	check_period		24x7
	check_interval		5
	retry_interval		1
	max_check_attempts	10
	check_command		check-host-alive
	notification_period	24x7
	notification_interval	120
	hostgroups		ansible
	check_period		24x7
	contacts		salt
	register		0
}
define service {
	use			generic-service
	name			ansible-generic-service
	max_check_attempts	5
	check_interval		5
	retry_interval		1
	register		0
}

# Contacts
define contact {
	contact_name			salt
	host_notifications_enabled	1
	host_notification_period	24x7
	host_notification_commands	notify-host-by-email
	service_notifications_enabled	1
	service_notification_period	24x7
	service_notification_commands	notify-service-by-email
	email				rehashedsalt@cock.li
}

# Default hostgroup and its checks
define hostgroup {
	hostgroup_name		ansible
	alias			Ansible-managed Hosts
}
define service {
	use			ansible-generic-service
	service_description	SSH
	check_command		check_ssh
	hostgroup_name		ansible
}

# Commands
define command {
	# This command was manually added and should be present in all backups
	command_name		check_snmp_storage_v3
	command_line		/opt/Custom-Nagios-Plugins/check_snmp_storage.pl -H $HOSTADDRESS$ -l {{ secret_snmp_rouser_username }} -x {{ secret_snmp_rouser_password }} -X {{ secret_snmp_rouser_privacy_passphrase }} -L sha,aes -t 20 -m $ARG1$ -w $ARG2$ -c $ARG3$
}
define command {
	# This command is included in the container image
	command_name		check_nrpe
	command_line		$USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
}

# Services for all hosts
define service {
	use			ansible-generic-service
	service_description	HTTP
	check_command		check_http
	hostgroup_name		nagios-checkhttp
}
define service {
	use			ansible-generic-service
	service_description	HTTPS
	check_command		check_http!--ssl
	hostgroup_name		nagios-checkhttp
}

# Services for SNMP-capable hosts
define service {
	use			ansible-generic-service
	service_description	Hostname
	check_command		check_snmp!-P 3 -a SHA -x AES -o 1.3.6.1.2.1.1.1.0 -U {{ secret_snmp_rouser_username }} -A {{ secret_snmp_rouser_password }} -X {{ secret_snmp_rouser_privacy_passphrase }} -r $HOSTNAME$ -L authPriv
	hostgroup_name		snmp
}
define service {
	use			ansible-generic-service
	service_description	Disk Usage
	check_command		check_snmp_storage_v3!^/$!85!90
	hostgroup_name		snmp
}

# Services for NRPE-capable hosts
define service {
	use			ansible-generic-service
	service_description	Disk Usage
	check_command		check_nrpe!check_disk_all
	hostgroup_name		nagios-nrpe
}
define service {
	use			ansible-generic-service
	service_description	Users
	check_command		check_nrpe!check_users
	hostgroup_name		nagios-nrpe
}
define service {
	use			ansible-generic-service
	service_description	CPU Load
	check_command		check_nrpe!check_load
	hostgroup_name		nagios-nrpe
}
define service {
	use			ansible-generic-service
	service_description	Reboot Required
	check_command		check_nrpe!check_reboot_required
	hostgroup_name		nagios-nrpe
}
# Systemd unit checks
define service {
	use			ansible-generic-service
	service_description	Unit backup.service
	check_command		check_nrpe!check_systemd_backup_service
	hostgroup_name		nagios-nrpe
}
define service {
	use			ansible-generic-service
	service_description	Unit backup.timer
	check_command		check_nrpe!check_systemd_backup_timer
	hostgroup_name		nagios-nrpe
}
define service {
	use			ansible-generic-service
	service_description	Unit ansible-pull.service
	check_command		check_nrpe!check_systemd_ansiblepull_service
	hostgroup_name		ansible-pull
}
define service {
	use			ansible-generic-service
	service_description	Unit ansible-pull.timer
	check_command		check_nrpe!check_systemd_ansiblepull_timer
	hostgroup_name		ansible-pull
}
define service {
	use			ansible-generic-service
	service_description	Unit docker.service
	check_command		check_nrpe!check_systemd_docker_service
	hostgroup_name		nagios-nrpe
}
define service {
	use			ansible-generic-service
	service_description	Swap Usage
	check_command		check_nrpe!check_swap
	hostgroup_name		nagios-nrpeswap
}
define service {
	use			ansible-generic-service
	service_description	PostgreSQL
	check_command		check_nrpe!check_pgsql
	hostgroup_name		nagios-checkpgsql
}

# Hostgroups
# Everything here is dynamically-generated based on tags from Netbox
{% for tag in query('netbox.netbox.nb_lookup', 'tags', api_endpoint='https://netbox.desu.ltd', token=netbox_token) %}
define hostgroup {
	hostgroup_name		{{ tag.value.slug }}
	alias			{{ tag.value.display }}
}
{% endfor %}

# This list of hosts is dynamically generated based on devices and VMs tagged with "nagios" in Netbox
{% for host in query('netbox.netbox.nb_lookup', 'devices', api_endpoint='https://netbox.desu.ltd', token=netbox_token) + query('netbox.netbox.nb_lookup', 'virtual-machines', api_endpoint='https://netbox.desu.ltd', token=netbox_token)%}
{% if host.value.primary_ip %}
{% for tag in host.value.tags %}
{% if tag.slug == "nagios" %}
define host {
	use			ansible-linux-server
	host_name		{{ host.value.name }}
	alias			{{ host.value.display }}
	address			{{ host.value.primary_ip.address.split('/',1)[0] }}
	hostgroups		ansible{% for tag in host.value.tags %},{{ tag.slug }}{% endfor %}

}
{% endif %}
{% endfor %}
{% endif %}
{% endfor %}

# This list of services is dynamically generated based on services in Netbox and how they're tagged
{% for service in query('netbox.netbox.nb_lookup', 'services', api_endpoint='https://netbox.desu.ltd', token=netbox_token) %}
{% if service.value.device %}
{% set host_name = service.value.device.name %}
{% elif service.value.virtual_machine %}
{% set host_name = service.value.virtual_machine.name %}
{% endif %}
# {{ host_name }} - {{ service.value.display }}
# 	Description:	{{ service.value.description }}
# 	Created:	{{ service.value.created }}
# 	Updated:	{{ service.value.last_updated }}
{% for tag in service.value.tags %}
{# #}
{% if tag.slug == "nagios-checkhttp" %}
{% if 80 in service.value.ports %}
define service {
	use			ansible-generic-service
	service_description	HTTP - {{ service.value.name }}
	check_command		check_http!-H {{ service.value.name }} -f sticky
	host_name		{{ host_name }}
}
{% endif %}
{% if 443 in service.value.ports %}
define service {
	use			ansible-generic-service
	service_description	HTTPS - {{ service.value.name }}
	check_command		check_http!--ssl -H {{ service.value.name }} -f sticky
	host_name		{{ host_name }}
}
{% endif %}
{% endif %}
{# #}
{% if tag.slug == "nagios-checktcp" %}
{% for port in service.value.ports %}
define service {
	use			ansible-generic-service
	service_description	TCP {{ service.value.name }} - {{ port }}
	check_command		check_tcp!{{ port }}
	host_name		{{ host_name }}
}
{% endfor %}
{% endif %}
{# #}
{% endfor %}
{% endfor %}