nodes['ovh.icinga2'] = { 'bundles': { 'icinga2', 'iptables', 'php', 'postgresql', 'wireguard', 'zfs', }, 'groups': { 'debian-buster', 'webserver', }, 'metadata': { 'interfaces': { 'eth0': { 'ips': { '51.195.44.8', '2001:41d0:701:1100::2618/128' }, 'gateway4': '51.195.44.1', 'gateway6': '2001:41d0:701:1100::1' }, }, 'apt': { 'packages': { 'php-imagick': {}, }, }, 'icinga2': { 'api_users': { # Used with 'icinga2beamer': { 'password': vault.decrypt('encrypt$gAAAAABf3wM9YS5ZpRdhp3xyIFX21_MK0omzqHqykWbWdkZWp2xyJ6awaUSXODnZQ5j-rws6n0yrpaeMdXoj1irb2FrgxMDTdfCh88hIsqcKGOObzwGaRg6Ze0tuiMrzIfOO3tRnc9Kd'), 'permissions': { 'objects/query/Host', 'objects/query/Service' }, }, }, 'sipgate_user': vault.decrypt('encrypt$gAAAAABfujAmCUnicSAllq8MskXnPodKp3cGcfA6Abvef-rAYwB2CtCwt9oBRVKFskJPVArDaF1wfjNTfLwgX3gTP7xFutJ1HA=='), 'sipgate_pass': vault.decrypt('encrypt$gAAAAABfui_4B7UmOosI_gsQ-xvmd3X_BUDSl-G2KF_Tg8O6RpUvk0gHexOKsrTb6se1ipXsh7RC9pbZCKMtesW0C6j24LHXDKCOjkqI77oO0ZjnG6SUwfcJqg61biNiRlXy8z-9LCGA'), }, 'icinga2_api': { 'custom': { # redundant monitoring of services/hosts 'services': { 'flauschekatze.space CERTIFICATE': { 'check_command': 'check_https_cert_at_url', 'vars.domain': 'flauschekatze.space', }, 'matrix.flauschekatze.space CERTIFICATE': { 'check_command': 'check_https_cert_at_url', 'vars.domain': 'matrix.flauschekatze.space', }, 'media.ccc.de CERTIFICATE': { 'check_command': 'check_https_cert_at_url', 'vars.domain': 'media.ccc.de', }, }, }, }, 'iptables': { 'custom_rules': { # icinga2 api 'iptables -A INPUT -i wg0 -p tcp --dport 5665 -j ACCEPT', }, }, 'nginx': { 'vhosts': { 'icingaweb': { 'domain': 'icinga.kunsmann.eu', 'webroot': '/usr/share/icingaweb2/public', 'extras': True, }, 'icinga_statusmonitor': { 'domain': 'statusmonitor.icinga.kunsmann.eu', 'proxy': { '/': { 'target': 'http://127.0.0.1:5000/', } }, } }, }, 'php': { 'version': '7.4', 'packages': { 'curl', 'gd', 'intl', 'json', 'ldap', 'opcache', 'pgsql', 'readline', 'xml', }, }, 'wireguard': { 'my_ip': '172.19.137.3/32', 'peers': { 'ovh.wireguard': {}, }, }, 'zfs': { 'pools': { 'tank': { 'device': '/dev/sdb', }, }, }, 'vm': { 'cpu': 1, 'ram': 2, }, }, }