117 lines
2.8 KiB
YAML
117 lines
2.8 KiB
YAML
---
|
|
- name: Install nagios
|
|
ansible.builtin.apt:
|
|
name:
|
|
- nagios4
|
|
- git
|
|
- nagios-nrpe-plugin
|
|
- python3-jinja2
|
|
- python3-requests
|
|
- python3-jsonschema
|
|
- python-pexpect
|
|
|
|
- name: Generate nagios configurations
|
|
ansible.builtin.template:
|
|
src: "nagios/conf.d/{{ item }}.cfg.j2"
|
|
dest: "/etc/nagios4/conf.d/{{ item }}.cfg"
|
|
mode: "0644"
|
|
loop:
|
|
- commands
|
|
- hosts
|
|
- hostgroups
|
|
- services
|
|
- templates
|
|
|
|
- name: Copy nagios contacts configuration
|
|
ansible.builtin.template:
|
|
src: nagios/contacts.cfg.j2
|
|
dest: /etc/nagios4/objects/contacts.cfg
|
|
mode: "0644"
|
|
|
|
- name: Copy check_timesyncd
|
|
ansible.builtin.copy:
|
|
src: files/nagios/check_timesyncd
|
|
dest: /usr/lib/nagios/plugins/check_timesyncd
|
|
mode: '0755'
|
|
|
|
- name: Deploy sudoers rule for nagios
|
|
community.general.sudoers:
|
|
name: nagios
|
|
user: nagios
|
|
commands:
|
|
- /usr/lib/nagios/plugins/
|
|
|
|
- name: Clone notify-by-telegram source code
|
|
ansible.builtin.git:
|
|
repo: https://github.com/jouir/notify-by-telegram.git
|
|
dest: /opt/notify-by-telegram
|
|
|
|
- name: Configure notify-by-telegram
|
|
ansible.builtin.copy:
|
|
content: "{{ {'auth_key': nagios_telegram_auth_key, 'chat_id': nagios_telegram_chat_id} | to_json }}"
|
|
dest: /etc/nagios4/telegram.json
|
|
owner: root
|
|
group: nagios
|
|
mode: '0640'
|
|
|
|
- name: Clone nagios-plugin-bacula source code
|
|
ansible.builtin.git:
|
|
repo: https://github.com/twpayne/nagios-plugin-bacula.git
|
|
dest: /opt/nagios-plugin-bacula
|
|
|
|
- name: Copy global configuration
|
|
ansible.builtin.copy:
|
|
src: files/nagios/nagios.cfg
|
|
dest: /etc/nagios4/nagios.cfg
|
|
mode: "0644"
|
|
|
|
- name: Copy CGI configuration
|
|
ansible.builtin.copy:
|
|
src: files/nagios/cgi.cfg
|
|
dest: /etc/nagios4/cgi.cfg
|
|
mode: "0644"
|
|
|
|
- name: Reload nagios
|
|
ansible.builtin.service:
|
|
name: nagios4
|
|
state: reloaded
|
|
|
|
- name: Configure htaccess for the web interface
|
|
ansible.builtin.template:
|
|
src: nagios/htdigest.users.j2
|
|
dest: /etc/nagios4/htdigest.users
|
|
mode: "0644"
|
|
|
|
- name: Secure Apache
|
|
ansible.builtin.copy:
|
|
src: files/nagios/security.conf
|
|
dest: /etc/apache2/conf-available/security.conf
|
|
mode: "0644"
|
|
|
|
- name: Configure vhost for the web interface
|
|
ansible.builtin.copy:
|
|
src: files/nagios/apache2.conf
|
|
dest: /etc/nagios4/apache2.conf
|
|
mode: "0644"
|
|
|
|
- name: Enable Apache modules
|
|
ansible.builtin.command:
|
|
cmd: "a2enmod {{ item }}"
|
|
loop:
|
|
- auth_digest
|
|
- headers
|
|
changed_when: true
|
|
|
|
- name: Restart apache
|
|
ansible.builtin.service:
|
|
name: apache2
|
|
state: restarted
|
|
|
|
- name: Allow HTTP from vpn
|
|
ansible.builtin.iptables:
|
|
chain: INPUT
|
|
protocol: tcp
|
|
source: "{{ openvpn_subnet }}"
|
|
destination_port: "80"
|
|
jump: ACCEPT
|
|
comment: allow http from vpn
|