Salt
bad192e93e
I was never particularly fond of having a random one-off daemon doing my RCE. Sure, it offers some protection, but limiting my exposure to the open internet is far more ideal. I have tremendously more trust in the OpenSSH project than I do in Nagios. And for that reason, I'll be deprecating NRPE and shredding config files once these plays clean up
31 lines
958 B
YAML
Executable File
31 lines
958 B
YAML
Executable File
#!/usr/bin/env ansible-playbook
|
|
# vim:ft=ansible:
|
|
---
|
|
- hosts: tags_nagios
|
|
roles:
|
|
- role: git
|
|
vars:
|
|
git_repos:
|
|
- repo: https://git.desu.ltd/salt/monitoring-scripts
|
|
dest: /usr/local/bin/monitoring-scripts
|
|
tags: [ nagios ]
|
|
tasks:
|
|
- name: assure nagios plugin packages
|
|
apt: name=monitoring-plugins,nagios-plugins-contrib
|
|
tags: [ nagios ]
|
|
- name: assure nagios user
|
|
user: name=nagios-checker state=present system=yes
|
|
tags: [ nagios ]
|
|
- name: assure nagios user ssh key
|
|
authorized_key:
|
|
user: nagios-checker
|
|
state: present
|
|
key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKNavw28C0mKIQVRLQDW2aoovliU1XCGaenDhIMwumK/ Nagios monitoring"
|
|
tags: [ nagios ]
|
|
- hosts: all
|
|
tasks:
|
|
- name: disable nagios user when not tagged
|
|
user: name=nagios-checker state=absent remove=yes
|
|
when: "'tags_nagios' not in group_names"
|
|
tags: [ nagios ]
|