From 36c0ce1de655ea606641918193ad9bed43d9faed Mon Sep 17 00:00:00 2001
From: Julien Riou <julien@riou.xyz>
Date: Sat, 27 Jul 2024 19:20:30 +0200
Subject: [PATCH] feat: Debian 12 compatibility

Signed-off-by: Julien Riou <julien@riou.xyz>
---
 group_vars/README.md                |  2 --
 main.yml                            |  6 +++---
 tasks/bacula.yml                    | 10 +++++++++-
 tasks/iptables.yml                  |  5 +++++
 tasks/mosquitto.yml                 | 19 ++++++++++---------
 tasks/nagios.yml                    |  3 ++-
 tasks/nrpe.yml                      |  2 +-
 tasks/telegraf.yml                  |  2 +-
 templates/mosquitto/default.conf.j2 |  3 +++
 9 files changed, 34 insertions(+), 18 deletions(-)
 create mode 100644 templates/mosquitto/default.conf.j2

diff --git a/group_vars/README.md b/group_vars/README.md
index eea9993..9a9e653 100644
--- a/group_vars/README.md
+++ b/group_vars/README.md
@@ -349,8 +349,6 @@ List of Nagios commands.
 
 ```yaml
 nagios_commands:
-  - command_name: check_nrpe_nossl
-    command_line: /usr/lib/nagios/plugins/check_nrpe -2 -H '$HOSTADDRESS$' -c '$ARG1$' -n
   - command_name: check_https_vhost_certificate
     command_line: /usr/lib/nagios/plugins/check_http --ssl --sni -I '$HOSTADDRESS$' -H '$ARG1$' -C '$ARG2$'
 ```
diff --git a/main.yml b/main.yml
index a413b86..893d476 100644
--- a/main.yml
+++ b/main.yml
@@ -24,6 +24,9 @@
     - name: Configure time
       ansible.builtin.include_tasks: tasks/time.yml
 
+    - name: Configure iptables
+      ansible.builtin.include_tasks: tasks/iptables.yml
+
     - name: Configure SSH
       ansible.builtin.include_tasks: tasks/ssh.yml
 
@@ -48,9 +51,6 @@
     - name: Configure bacula
       ansible.builtin.include_tasks: tasks/bacula.yml
 
-    - name: Configure iptables
-      ansible.builtin.include_tasks: tasks/iptables.yml
-
     - name: Configure vim
       ansible.builtin.include_tasks: tasks/vim.yml
 
diff --git a/tasks/bacula.yml b/tasks/bacula.yml
index c8f2660..f3e5fd6 100644
--- a/tasks/bacula.yml
+++ b/tasks/bacula.yml
@@ -1,6 +1,6 @@
 ---
 - name: Install bacula
-  ansible.builtin.apt:
+  ansible.builtin.package:
     name:
       - bacula-director
       - bacula-director-sqlite3
@@ -56,6 +56,14 @@
     owner: root
     group: bacula
 
+- name: Create configuration directory
+  ansible.builtin.file:
+    path: /etc/bacula/conf.d
+    state: directory
+    owner: root
+    group: root
+    mode: '0755'
+
 - name: Copy configuration files
   ansible.builtin.template:
     src: "bacula/conf.d/{{ item }}.conf.j2"
diff --git a/tasks/iptables.yml b/tasks/iptables.yml
index 3737468..9cdb9b4 100644
--- a/tasks/iptables.yml
+++ b/tasks/iptables.yml
@@ -1,4 +1,9 @@
 ---
+- name: Install iptables
+  ansible.builtin.package:
+    name: iptables
+    state: present
+
 - name: Allow related and established connections
   ansible.builtin.iptables:
     chain: INPUT
diff --git a/tasks/mosquitto.yml b/tasks/mosquitto.yml
index d90ea6e..1921cee 100644
--- a/tasks/mosquitto.yml
+++ b/tasks/mosquitto.yml
@@ -1,22 +1,23 @@
 ---
 - name: Install packages
-  ansible.builtin.apt:
-    name:
-      - mosquitto
+  ansible.builtin.package:
+    name: mosquitto
 
-- name: Configure mosquitto
-  ansible.builtin.copy:
-    src: files/mosquitto/conf.d
-    dest: /etc/mosquitto
+- name: Deploy general configuration
+  ansible.builtin.template:
+    src: mosquitto/default.conf.j2
+    dest: /etc/mosquitto/conf.d/default.conf
     mode: "0644"
+    owner: root
+    group: root
 
 - name: Copy mosquitto password
   ansible.builtin.template:
     src: mosquitto/passwd.j2
     dest: /etc/mosquitto/passwd
-    mode: '0600'
+    mode: '0640'
     owner: root
-    group: root
+    group: mosquitto
 
 - name: Restart mosquitto
   ansible.builtin.service:
diff --git a/tasks/nagios.yml b/tasks/nagios.yml
index 8075580..e04f70e 100644
--- a/tasks/nagios.yml
+++ b/tasks/nagios.yml
@@ -8,7 +8,7 @@
       - python3-jinja2
       - python3-requests
       - python3-jsonschema
-      - python-pexpect
+      - python3-pexpect
 
 - name: Generate nagios configurations
   ansible.builtin.template:
@@ -100,6 +100,7 @@
   loop:
     - auth_digest
     - headers
+    - cgi
   changed_when: true
 
 - name: Restart apache
diff --git a/tasks/nrpe.yml b/tasks/nrpe.yml
index 42e6e7f..05c2623 100644
--- a/tasks/nrpe.yml
+++ b/tasks/nrpe.yml
@@ -50,7 +50,7 @@
 - name: Install check_ovhcloud dependencies
   ansible.builtin.pip:
     requirements: /opt/check_ovhcloud/requirements.txt
-    extra_args: "--user"
+    extra_args: "--user --break-system-packages"
   become: true
   become_user: nagios
 
diff --git a/tasks/telegraf.yml b/tasks/telegraf.yml
index 681c121..842258c 100644
--- a/tasks/telegraf.yml
+++ b/tasks/telegraf.yml
@@ -7,7 +7,7 @@
 
 - name: Download influxdata APT key
   ansible.builtin.apt_key:
-    url: https://repos.influxdata.com/influxdb.key
+    url: https://repos.influxdata.com/influxdata-archive_compat.key
     state: present
 
 - name: Install telegraf and dependencies
diff --git a/templates/mosquitto/default.conf.j2 b/templates/mosquitto/default.conf.j2
new file mode 100644
index 0000000..f1d2456
--- /dev/null
+++ b/templates/mosquitto/default.conf.j2
@@ -0,0 +1,3 @@
+{{ ansible_managed | comment }}
+allow_anonymous false
+password_file /etc/mosquitto/passwd