ansible/playbooks/tags_nagios-nrpe.yml

#!/usr/bin/env ansible-playbook
# vim:ft=ansible:
---
- hosts: tags_nagios-nrpe
  roles:
    - role: git
      vars:
        git_repos:
          - repo: https://git.desu.ltd/salt/monitoring-scripts
            dest: /usr/local/bin/monitoring-scripts
      tags: [ nrpe ]
    - role: nrpe
      vars:
        nrpe_server_bind_address: 0.0.0.0
        nrpe_server_allowed_hosts:
          - 127.0.0.0/24 # Local machines
          - 192.168.0.0/16
          - 172.16.0.0/12
          - 10.0.0.0/8
          - 45.79.24.6/32 # web3.desu.ltd
        nrpe_plugin_packages:
          - monitoring-plugins
          - nagios-plugins-contrib
        nrpe_command:
          check_disk_all:
            script: check_disk
            option: -M -u GB -X nfs -X tracefs -X cgroup -X tmpfs -X overlay -X shm -w 15% -c 10% -W 15% -K 10% -A -I '^/run/' -I '^udev$' -I '^/var/lib/kubelet/'
          check_load:
            script: check_load
            option: -r -w 0.8,0.8,0.8 -c 1.0,0.9,0.9
          check_pgsql:
            script: check_pgsql
            option: "-H localhost -l nagios -p {{ secret_postgresql_monitoring_password }} -w 2 -c 5"
          check_swap:
            script: check_swap
            option: -w 20% -c 10%
          check_users:
            script: check_users
            option: -w 3 -c 5
        nrpe_command_extra:
          check_reboot_required:
            script: /usr/local/bin/monitoring-scripts/check_reboot_required
            option: 604800
          check_systemd_ansiblepull_service:
            script: /usr/local/bin/monitoring-scripts/check_systemd_unit
            option: ansible-pull.service
          check_systemd_ansiblepull_timer:
            script: /usr/local/bin/monitoring-scripts/check_systemd_unit
            option: ansible-pull.timer
          check_systemd_backup_service:
            script: /usr/local/bin/monitoring-scripts/check_systemd_unit
            option: backup.service
          check_systemd_backup_timer:
            script: /usr/local/bin/monitoring-scripts/check_systemd_unit
            option: backup.timer
          check_systemd_docker_service:
            script: /usr/local/bin/monitoring-scripts/check_systemd_unit
            option: docker.service
      tags: [ nrpe ]
- hosts: all
  tasks:
    - name: disable nrped when not tagged
      systemd: name={{ item }} state=stopped enabled=no
      with_items:
        - nagios-nrpe-server.service
      when: "'tags_nagios-nrpe' not in group_names and item in services"
      tags: [ nrpe, zerotier ]