feat: Add SSL to nagios and NRPE

Signed-off-by: Julien Riou <julien@riou.xyz>
2026-04-09 12:07:14 +02:00 · 2026-04-09 12:07:14 +02:00 · 6efcdbf337
commit 6efcdbf337
parent 2ad3fb5ea0
4 changed files with 149 additions and 0 deletions
--- a/tasks/nagios.yml
+++ b/tasks/nagios.yml
@ -22,6 +22,36 @@
    - services
    - templates

+- name: Copy SSL CA file
+  ansible.builtin.copy:
+    remote_src: true
+    src: "{{ nagios_ssl_remote_ca_file }}"
+    dest: /etc/nagios4/ca.crt
+    owner: nagios
+    group: nagios
+    mode: "0644"
+  when: nagios_ssl_remote_ca_file is defined
+
+- name: Copy SSL cert file
+  ansible.builtin.copy:
+    remote_src: true
+    src: "{{ nagios_ssl_remote_cert_file }}"
+    dest: /etc/nagios4/client.crt
+    owner: nagios
+    group: nagios
+    mode: "0644"
+  when: nagios_ssl_remote_cert_file is defined
+
+- name: Copy SSL key file
+  ansible.builtin.copy:
+    remote_src: true
+    src: "{{ nagios_ssl_remote_key_file }}"
+    dest: /etc/nagios4/client.key
+    owner: nagios
+    group: nagios
+    mode: "0600"
+  when: nagios_ssl_remote_key_file is defined
+
 - name: Copy nagios contacts configuration
  ansible.builtin.template:
    src: nagios/contacts.cfg.j2
--- a/tasks/nrpe.yml
+++ b/tasks/nrpe.yml
@ -1,4 +1,11 @@
 ---
+- name: Check SSL requirements
+  ansible.builtin.assert:
+    that:
+      - nrpe_remote_ssl_cert_file is defined
+      - nrpe_remote_ssl_key_file is defined
+  when: nrpe_enable_ssl is truthy
+
 - name: Install NRPE
  ansible.builtin.apt:
    name:
@ -38,6 +45,36 @@
    dest: /etc/default/nagios-nrpe-server
    mode: "0644"

+- name: Copy SSL CA
+  ansible.builtin.copy:
+    remote_src: true
+    src: "{{ nrpe_remote_ssl_ca_file }}"
+    dest: /etc/nagios/ca.crt
+    owner: nagios
+    group: nagios
+    mode: "0644"
+  when: nrpe_remote_ssl_ca_file is defined
+
+- name: Copy SSL cert
+  ansible.builtin.copy:
+    remote_src: true
+    src: "{{ nrpe_remote_ssl_cert_file }}"
+    dest: /etc/nagios/server.crt
+    owner: nagios
+    group: nagios
+    mode: "0644"
+  when: nrpe_remote_ssl_cert_file is defined
+
+- name: Copy SSL key
+  ansible.builtin.copy:
+    remote_src: true
+    src: "{{ nrpe_remote_ssl_key_file }}"
+    dest: /etc/nagios/server.key
+    owner: nagios
+    group: nagios
+    mode: "0600"
+  when: nrpe_remote_ssl_key_file is defined
+
 - name: Clone check-mqtt source code
  ansible.builtin.git:
    repo: https://github.com/jpmens/check-mqtt.git