|
||
---|---|---|
.. | ||
README.md |
Variables
Senstivie data should be encrypted using ansible-vault.
bacula_catalog_name
Name of the Bacula catalog.
bacula_catalog_name: HomeCatalog
bacula_clients
List of Bacula Clients.
bacula_clients:
- name: pilote-fd
address: localhost
catalog: HomeCatalog
password: ***
file_retention: 60 days
job_retention: 6 months
autoprune: 'yes'
- name: vps-fd
address: 192.168.0.1
catalog: HomeCatalog
password: ***
file_retention: 60 days
job_retention: 6 months
autoprune: 'yes'
- name: storage1-fd
address: 192.168.0.2
catalog: HomeCatalog
password: ***
file_retention: 60 days
job_retention: 6 months
autoprune: 'yes'
bacula_device_archive_device
Directory of the Device where to store Bacula backups.
bacula_device_archive_device: /storage/bacula/backup
bacula_device_name
Name of the Bacula Device.
bacula_device_name: FileStorage
bacula_director_address
Address of the Bacula director.
bacula_director_address: 127.0.0.1
bacula_director_name
Name of the Bacula director.
bacula_director_name: pilote-dir
bacula_director_password
Password of the Bacula director.
bacula_director_password: ***
bacula_filedaemon_address
Address of the Bacula Client (File Daemon).
bacula_filedaemon_address: 127.0.0.1
bacula_filedaemon_name
Name of the Bacula Client (File Daemon).
bacula_filedaemon_name: pilote-fd
bacula_filedaemon_password
Password of the Bacula Client (File Daemon).
bacula_filedaemon_password: ***
bacula_filesets
List of Bacula File Sets.
bacula_filesets:
- name: DebianFileSet
include:
options:
signature: MD5
compression: GZIP
files:
- /etc
- /var/log
- /root
- /home
exclude:
files:
- '*~'
- name: CatalogFileSet
include:
options:
signature: MD5
compression: GZIP
files:
- /var/lib/bacula/bacula.sql
- name: InfluxDBFileSet
include:
options:
signature: MD5
files:
- /var/lib/bacula/influxdb
- name: GrafanaFileSet
include:
options:
signature: MD5
files:
- /var/lib/bacula/grafana
bacula_jobs
List of Bacula Jobs.
bacula_jobs:
- name: BackupPilote
client: pilote-fd
fileset: DebianFileSet
- name: BackupStorage1
client: storage1-fd
fileset: DebianFileSet
- name: BackupStorage2
client: storage2-fd
fileset: DebianFileSet
- name: BackupStorage3
client: storage3-fd
fileset: DebianFileSet
- name: BackupCatalog
client: pilote-fd
level: Full
fileset: CatalogFileSet
schedule: DefaultScheduleAfterBackup
run_before_job: /etc/bacula/scripts/make_catalog_backup.pl HomeCatalog
run_after_job: /etc/bacula/scripts/delete_catalog_backup
priority: 11 # run after main backup
- name: BackupInfluxDB
client: storage1-fd
fileset: InfluxDBFileSet
schedule: DefaultScheduleAfterBackup
client_run_before_job: /etc/bacula/scripts/influxdb-backup %l
client_run_after_job: /etc/bacula/scripts/influxdb-cleanup
priority: 11 # run after main backup
- name: BackupGrafana
client: storage1-fd
level: Full
fileset: GrafanaFileSet
schedule: DefaultScheduleAfterBackup
client_run_before_job: /etc/bacula/scripts/grafana-backup
client_run_after_job: /etc/bacula/scripts/grafana-cleanup
priority: 11 # run after main backup
- name: RestoreFiles
type: Restore
client: storage1-fd
storage: storage1-sd
fileset: DebianFileSet # required but not used
pool: FullFile # required but not used
messages: Standard
where: /storage/bacula/restore
bacula_pools
List of Bacula Pools.
bacula_pools:
- name: FullFile
pool_type: Backup
recycle: 'yes'
auto_prune: 'yes'
volume_retention: 10 years
storage: storage1-sd
maximum_volume_bytes: 1G
maximum_volumes: 100
labelformat: Full-
- name: DiffFile
pool_type: Backup
recycle: 'yes'
auto_prune: 'yes'
volume_retention: 6 weeks
storage: storage1-sd
maximum_volume_bytes: 1G
maximum_volumes: 100
labelformat: Diff-
- name: IncrFile
pool_type: Backup
recycle: 'yes'
auto_prune: 'yes'
volume_retention: 3 weeks
storage: storage1-sd
maximum_volume_bytes: 1G
maximum_volumes: 100
labelformat: Incr-
bacula_schedules
List of Bacula Schedules.
bacula_schedules:
- name: DefaultSchedule
runs:
- datetime: 1st sun at 0:00
job_overrides:
level: Full
- datetime: 2nd-5th sun at 0:00
job_overrides:
level: Differential
- datetime: mon-sat at 0:00
job_overrides:
level: Incremental
- name: DefaultScheduleAfterBackup
runs:
- datetime: sun-sat at 0:00
job_overrides:
level: Full
bacula_storage_address
Address of the Bacula Storage.
bacula_storage_address: 127.0.0.1
bacula_storage_name
Name of the Bacula Storage.
bacula_storage_name: storage1-sd
bacula_storage_password
Password of the Bacula Storage.
bacula_storage_password: ***
bacula_storages
List of Bacula Storages.
bacula_storages:
- name: storage1-sd
address: 192.168.0.2
password: ***
device: FileStorage
media_type: File
easyrsa_ca_dir
Path to the CA directory to create.
easyrsa_ca_dir: /var/lib/easyrsa
easyrsa_clients
List of client hostnames that will have RSA certificates.
easyrsa_clients:
- pilote
- storage1
- storage2
- storage3
- vps
hostname
Name of the remote host.
hostname: pilote
local_subnet
Local subnet where the remote host lives.
local_subnet: 192.168.0.0/24
mosquitto_passwords
List of usernames and passwords to defined mosquitto users.
mosquitto_passwords:
- user: telegraf
hash: '$***'
- user: nagios
hash: '$***'
See mosquitto_passwd command to generate the hash file.
nagios_commands
List of Nagios commands.
nagios_commands:
- command_name: check_nrpe_nossl
command_line: /usr/lib/nagios/plugins/check_nrpe -2 -H '$HOSTADDRESS$' -c '$ARG1$' -n
- command_name: check_https_vhost_certificate
command_line: /usr/lib/nagios/plugins/check_http --ssl --sni -I '$HOSTADDRESS$' -H '$ARG1$' -C '$ARG2$'
nagios_contact_groups
List of Nagios contact groups.
nagios_contact_groups:
- contactgroup_name: admins
alias: Nagios Administrators
members:
- admin
- telegram
nagios_contacts
List of Nagios contacts.
nagios_contacts:
- contact_name: admin
use: generic-contact
alias: Nagios Admin
email: noreply@nonexistant.com
host_notifications_enabled: 0
service_notifications_enabled: 0
- contact_name: telegram
use: generic-contact
alias: Telegram notifications
pager: 000000000
email: noreply@nonexistant.com
service_notification_commands: notify-service-by-telegram
host_notification_commands: notify-host-by-telegram
nagios_hostgroups
List of Nagios host groups.
nagios_hostgroups:
- hostgroup_name: linux-servers
alias: Linux servers
members:
- pilote
- vps
- storage1
- storage2
- storage3
- hostgroup_name: web-servers
alias: Web servers
members:
- vps
nagios_hosts
List of Nagios hosts.
nagios_hosts:
- use: home-host
host_name: pilote
alias: pilote
address: 127.0.0.1
- use: home-host
host_name: vps
alias: vps
address: 10.8.0.1
nagios_host_templates
List of Nagios host templates.
nagios_host_templates:
- name: home-host
use: generic-host
check_command: check-host-alive
contact_groups: admins
notification_options:
- d
- u
- r
check_interval: 5
retry_interval: 5 # retry every 5 minutes
max_check_attempts: 12 # alert at 1 hour (12x5 minutes)
notification_interval: 720 # resend notifications every 12 hours
nagios_htdigest_users
List of users for basic authentication.
nagios_htdigest_users:
- name: admin
hash: '...'
nagios_service_dependencies
List of Nagios service dependencies.
nagios_service_dependencies:
- host_name: pilote
service_description: ovhcloud_voip
dependent_host_name: pilote
dependent_service_description: ovhcloud_ping
execution_failure_criteria: u
notification_failure_criteria: u
nagios_services
List of Nagios services.
nagios_services:
- use: home-service
hostgroup_name: linux-servers
service_description: load
check_command: check_nrpe_nossl!check_load
- use: home-service
hostgroup_name: web-servers
service_description: https_monitoring_tld_certificate
check_command: check_https_vhost_certificate!monitoring.tld!1
nagios_service_templates
List of Nagios service templates.
nagios_service_templates:
- name: home-service
use: generic-service
contact_groups: admins
check_interval: 5
retry_interval: 5 # retry every 5 minutes
max_check_attempts: 12 # alert at 1 hour (12x5 minutes)
notification_interval: 720 # 12 hours
- name: public-service
use: generic-service
contact_groups: admins
check_interval: 1
retry_interval: 1 # retry every minute
max_check_attempts: 3 # alert after 3 minutes
notification_interval: 60 # 1 hour
nagios_telegram_auth_key
Key used to authenticate to the Telegram API. See how to create a bot.
nagios_telegram_auth_key: '***'
nagios_telegram_chat_id
Unique identifier for the target chat or username of the target channel (in the
format @channelusername
). See API
specifications.
nagios_telegram_chat_id: 000000000
nrpe_allowed_hosts
List of IP addresses or ranges allowed to talk to the NRPE daemon.
nrpe_allowed_hosts:
- 10.8.0.0/24
- 127.0.0.1
nrpe_commands
List of NRPE commands.
nrpe_commands:
- name: check_load
line: /usr/lib/nagios/plugins/check_load -r -w 1,1,1 -c 4,4,4
- name: check_openvpn
line: '/usr/lib/nagios/plugins/check_procs -c 1: -C openvpn'
- name: check_openvpn_cert
line: >-
/opt/check_ssl_cert/check_ssl_cert -f /etc/openvpn/client.crt --ignore-maximum-validity
--ignore-incomplete-chain --allow-empty-san --ignore-sct --warning 15 --critical 1
nrpe_opts
Options for the NRPE daemon.
nrpe_opts: '-n' # Disable TLS
openvpn_ca
Content of the certificate of the Certificate Authority (CA) used to certify VPN connections.
openvpn_ca: |
-----BEGIN CERTIFICATE-----
openvpn_cert
Content of the certificate used to authenticate to the VPN server.
openvpn_cert: |
-----BEGIN CERTIFICATE-----
openvpn_key
Content of the private key used to authenticate to the VPN server.
openvpn_key:
openvpn_remote_host
Hostname or IP address of the remote VPN server.
openvpn_remote_host: vpn.fqdn
openvpn_subnet
Subnet used by OpenVPN to group clients.
openvpn_subnet: 10.8.0.0/24
openvpn_ta
Content of the OpenVPN static key used for TLS authentication.
openvpn_ta:
ovh_application_key
Application key used to authenticate to the OVH API.
ovh_application_key: deadbeef
See first steps with the OVHcloud APIs.
ovh_application_secret
Application secret used to authenticate to the OVH API.
ovh_application_secret: deadbeef
See first steps with the OVHcloud APIs.
ovh_consumer_key
Consumer key used to authenticate to the OVH API.
ovh_consumer_key: deadbeef
See first steps with the OVHcloud APIs.
ovh_endpoint
Endpoint of the OVH API.
ovh_endpoint: ovh-eu
See first steps with the OVHcloud APIs.
serial2mqtt_host
Hostname or IP address used by serial2mqtt to send messages to the MQTT broker.
serial2mqtt_host: localhost
serial2mqtt_interface
Name of the serial interface name used by serial2mqtt to gather metrics produced by the Arduino board.
serial2mqtt_interface: /dev/ttyACM0
serial2mqtt_password
Password used by serial2mqtt to send messages to the MQTT broker.
serial2mqtt_password: ***
serial2mqtt_port
Port used by serial2mqtt to send messages to the MQTT broker.
serial2mqtt_port: 1883
serial2mqtt_topic_prefix
Add this prefix to topic names on the MQTT broker for serial2mqtt messages.
serial2mqtt_topic_prefix: sensors
serial2mqtt_username
Username used by serial2mqtt to send messages to the MQTT broker.
serial2mqtt_username: telegraf
ssh_authorized_keys
List of SSH authorized keys.
ssh_authorized_keys:
- user: root
key: ssh-ed25519 hash
comment: desktop
Used by ansible.posix.authorized_keys module.
telegraf_influxdb_database
Name of the InfluxDB database used by telegraf to send metrics.
telegraf_influxdb_database: metrics
telegraf_influxdb_password
Password of the InfluxDB user used by telegraf to send metrics.
telegraf_influxdb_password: ***
telegraf_influxdb_urls
List of InfluxDB endpoints used by telegraf to send metrics.
telegraf_influxdb_urls:
- https://192.168.0.1:8088
telegraf_influxdb_username
Name of the InfluxDB user used by telegraf to send metrics.
telegraf_influxdb_username: telegraf
telegraf_mqtt_consumer_password
Password used to authenticate to the MQTT broker for telegraf.
telegraf_mqtt_consumer_password: ***
telegraf_mqtt_consumer_servers
List of MQTT brokers for telegraf.
telegraf_mqtt_consumer_servers:
- tcp://localhost:1883
telegraf_mqtt_consumer_topics
List of MQTT topics to consume for telegraf.
telegraf_mqtt_consumer_topics:
- sensors/humidity
- sensors/temperature
telegraf_mqtt_consumer_username
Name used to authenticate to the MQTT broker for telegraf.
telegraf_mqtt_consumer_username: telegraf
telegraf_ping_ip
IP address of the host to ping for latency metrics.
telegraf_ping_ip: 192.168.0.1
timezone
Alias of the time zone.
timezone: Europe/Brussels
users
List of users to configure on the remote host.
users:
- name: root
password: hash
Used by ansible.builtin.user module.