Franziska Kunsmann
e9f225890a
All checks were successful
bundlewrap/pipeline/head This commit looks good
118 lines
3.7 KiB
Python
118 lines
3.7 KiB
Python
nodes['ovh.icinga2'] = {
|
|
'bundles': {
|
|
'icinga2',
|
|
'iptables',
|
|
'php',
|
|
'postgresql',
|
|
'wireguard',
|
|
'zfs',
|
|
},
|
|
'groups': {
|
|
'debian-buster',
|
|
'webserver',
|
|
},
|
|
'metadata': {
|
|
'interfaces': {
|
|
'eth0': {
|
|
'ips': {
|
|
'51.195.44.8',
|
|
'2001:41d0:701:1100::2618/128'
|
|
},
|
|
'gateway4': '51.195.44.1',
|
|
'gateway6': '2001:41d0:701:1100::1'
|
|
},
|
|
},
|
|
'apt': {
|
|
'packages': {
|
|
'php-imagick': {},
|
|
},
|
|
},
|
|
'icinga2': {
|
|
'api_users': {
|
|
# Used with <https://git.kunsmann.eu/kunsi/icinga2beamer>
|
|
'icinga2beamer': {
|
|
'password': vault.decrypt('encrypt$gAAAAABf3wM9YS5ZpRdhp3xyIFX21_MK0omzqHqykWbWdkZWp2xyJ6awaUSXODnZQ5j-rws6n0yrpaeMdXoj1irb2FrgxMDTdfCh88hIsqcKGOObzwGaRg6Ze0tuiMrzIfOO3tRnc9Kd'),
|
|
'permissions': {
|
|
'objects/query/Host',
|
|
'objects/query/Service'
|
|
},
|
|
},
|
|
},
|
|
'sipgate_user': vault.decrypt('encrypt$gAAAAABfujAmCUnicSAllq8MskXnPodKp3cGcfA6Abvef-rAYwB2CtCwt9oBRVKFskJPVArDaF1wfjNTfLwgX3gTP7xFutJ1HA=='),
|
|
'sipgate_pass': vault.decrypt('encrypt$gAAAAABfui_4B7UmOosI_gsQ-xvmd3X_BUDSl-G2KF_Tg8O6RpUvk0gHexOKsrTb6se1ipXsh7RC9pbZCKMtesW0C6j24LHXDKCOjkqI77oO0ZjnG6SUwfcJqg61biNiRlXy8z-9LCGA'),
|
|
},
|
|
'icinga2_api': {
|
|
'custom': {
|
|
# redundant monitoring of services/hosts
|
|
'services': {
|
|
'flauschekatze.space CERTIFICATE': {
|
|
'check_command': 'check_https_cert_at_url',
|
|
'vars.domain': 'flauschekatze.space',
|
|
},
|
|
'matrix.flauschekatze.space CERTIFICATE': {
|
|
'check_command': 'check_https_cert_at_url',
|
|
'vars.domain': 'matrix.flauschekatze.space',
|
|
},
|
|
'media.ccc.de CERTIFICATE': {
|
|
'check_command': 'check_https_cert_at_url',
|
|
'vars.domain': 'media.ccc.de',
|
|
},
|
|
},
|
|
},
|
|
},
|
|
'iptables': {
|
|
'custom_rules': {
|
|
# icinga2 api
|
|
'iptables -A INPUT -i wg0 -p tcp --dport 5665 -j ACCEPT',
|
|
},
|
|
},
|
|
'nginx': {
|
|
'vhosts': {
|
|
'icingaweb': {
|
|
'domain': 'icinga.kunsmann.eu',
|
|
'webroot': '/usr/share/icingaweb2/public',
|
|
'extras': True,
|
|
},
|
|
'icinga_statusmonitor': {
|
|
'domain': 'statusmonitor.icinga.kunsmann.eu',
|
|
'proxy': {
|
|
'/': {
|
|
'target': 'http://127.0.0.1:5000/',
|
|
}
|
|
},
|
|
}
|
|
},
|
|
},
|
|
'php': {
|
|
'version': '7.4',
|
|
'packages': {
|
|
'curl',
|
|
'gd',
|
|
'intl',
|
|
'json',
|
|
'ldap',
|
|
'opcache',
|
|
'pgsql',
|
|
'readline',
|
|
'xml',
|
|
},
|
|
},
|
|
'wireguard': {
|
|
'my_ip': '172.19.137.3/32',
|
|
'peers': {
|
|
'ovh.wireguard': {},
|
|
},
|
|
},
|
|
'zfs': {
|
|
'pools': {
|
|
'tank': {
|
|
'device': '/dev/sdb',
|
|
},
|
|
},
|
|
},
|
|
'vm': {
|
|
'cpu': 1,
|
|
'ram': 2,
|
|
},
|
|
},
|
|
}
|