Initial commit

Signed-off-by: Julien Riou <julien@riou.xyz>
2024-04-27 15:18:41 +02:00 · 2024-04-27 15:18:41 +02:00 · 096a3e0540
commit 096a3e0540
parent d547c7f607
69 changed files with 1650 additions and 0 deletions
--- a/tasks/nagios.yml
+++ b/tasks/nagios.yml
@ -0,0 +1,110 @@
+---
+- name: Install nagios
+  ansible.builtin.apt:
+    name:
+      - nagios4
+      - git
+      - nagios-nrpe-plugin
+      - python3-jinja2
+      - python3-requests
+      - python3-jsonschema
+      - python-pexpect
+    state: latest
+
+- name: Generate nagios configurations
+  ansible.builtin.template:
+    src: "nagios/conf.d/{{ item }}.cfg.j2"
+    dest: "/etc/nagios4/conf.d/{{ item }}.cfg"
+  loop:
+    - commands
+    - hosts
+    - hostgroups
+    - services
+    - templates
+
+- name: Copy nagios contacts configuration
+  ansible.builtin.template:
+    src: nagios/contacts.cfg.j2
+    dest: /etc/nagios4/objects/contacts.cfg
+
+- name: Copy check_timesyncd
+  ansible.builtin.copy:
+    src: files/nagios/check_timesyncd
+    dest: /usr/lib/nagios/plugins/check_timesyncd
+    mode: '0755'
+
+- name: Deploy sudoers rule for nagios
+  community.general.sudoers:
+    name: nagios
+    user: nagios
+    commands:
+      - /usr/lib/nagios/plugins/
+
+- name: Clone notify-by-telegram source code
+  ansible.builtin.git:
+    repo: https://github.com/jouir/notify-by-telegram.git
+    dest: /opt/notify-by-telegram
+
+- name: Configure notify-by-telegram
+  ansible.builtin.copy:
+    content: "{{ {'auth_key': nagios_telegram_auth_key, 'chat_id': nagios_telegram_chat_id } | to_json }}"
+    dest: /etc/nagios4/telegram.json
+    owner: root
+    group: nagios
+    mode: '0640'
+
+- name: Clone nagios-plugin-bacula source code
+  ansible.builtin.git:
+    repo: https://github.com/twpayne/nagios-plugin-bacula.git
+    dest: /opt/nagios-plugin-bacula
+
+- name: Copy global configuration
+  ansible.builtin.copy: 
+    src: files/nagios/nagios.cfg
+    dest: /etc/nagios4/nagios.cfg
+
+- name: Copy CGI configuration
+  ansible.builtin.copy:
+    src: files/nagios/cgi.cfg
+    dest: /etc/nagios4/cgi.cfg
+
+- name: Reload nagios
+  ansible.builtin.service:
+    name: nagios4
+    state: reloaded
+
+- name: Configure htaccess for the web interface
+  ansible.builtin.template:
+    src: nagios/htdigest.users.j2
+    dest: /etc/nagios4/htdigest.users
+
+- name: Secure Apache
+  copy:
+    src: files/nagios/security.conf
+    dest: /etc/apache2/conf-available/security.conf
+
+- name: Configure vhost for the web interface
+  ansible.builtin.copy:
+    src: files/nagios/apache2.conf
+    dest: /etc/nagios4/apache2.conf
+
+- name: Enable Apache modules
+  ansible.builtin.command:
+    cmd: "a2enmod {{ item }}"
+  loop:
+    - auth_digest
+    - headers
+
+- name: Restart apache
+  ansible.builtin.service:
+    name: apache2
+    state: restarted
+
+- name: Allow HTTP from vpn
+  iptables:
+    chain: INPUT
+    protocol: tcp
+    source: "{{ openvpn_subnet }}"
+    destination_port: "80"
+    jump: ACCEPT
+    comment: allow http from vpn