bundlewrap/nodes/ovh/icinga2.py

171 lines
5.5 KiB
Python

nodes['ovh.icinga2'] = {
'dummy': True, # gekündigt
'bundles': {
'bird',
'icinga2',
'php',
'postgresql',
'simple-icinga-dashboard',
'unbound',
'wireguard',
'zfs',
},
'groups': {
'debian-bullseye',
'webserver',
},
'metadata': {
'interfaces': {
'eth0': {
'ips': {
'51.195.44.8',
'2001:41d0:701:1100::2618/128'
},
'gateway4': '51.195.44.1',
'gateway6': '2001:41d0:701:1100::1'
},
'dummy-snat': {
'ips': {
'172.19.136.3',
},
},
},
'icinga_options': {
'exclude_from_monitoring': True,
},
'bird': {
'static_routes': {
'172.19.136.3/32',
},
},
'icinga2': {
'web_domain': 'icinga.kunsmann.eu',
'api_users': {
'dashboard': {
'password': vault.password_for('ovh.icinga2 icinga2 api_user dashboard'),
'permissions': {
'objects/query/Service',
'objects/query/Host',
},
},
# Used with <https://git.franzi.business/kunsi/icinga2eamer>
'icinga2beamer': {
'password': vault.decrypt('encrypt$gAAAAABf3wM9YS5ZpRdhp3xyIFX21_MK0omzqHqykWbWdkZWp2xyJ6awaUSXODnZQ5j-rws6n0yrpaeMdXoj1irb2FrgxMDTdfCh88hIsqcKGOObzwGaRg6Ze0tuiMrzIfOO3tRnc9Kd'),
'permissions': {
'objects/query/Host',
'objects/query/Service'
},
},
},
'restrict-to': {
'172.19.138.0/24',
},
'sipgate': {
'user': bwpass.attr('sipgate.de/hi@kunsmann.eu', 'icinga_tokenid'),
'pass': bwpass.attr('sipgate.de/hi@kunsmann.eu', 'icinga_token'),
},
'ntfy': {
'url': 'https://ntfy.franzi.business/icinga2',
'user': vault.decrypt('encrypt$gAAAAABkMtfW_tyGDUh7TkVX6AN8wSkKixWcQiOrPUWHtDZqnzjqrAkfD40fD8M_PiPDvW5pAa6xHNcUSU34jHolxnC44rDiLw=='),
'pass': vault.decrypt('encrypt$gAAAAABkMtfD8lenogwJc8uKeGZUQ8QVWHMpAqY_GLW3VhF3Jt0TOC4JiJn49qfaC9Ij5rw6GGsowNIsNBe1Ac83HXOLveANEU2o-O4fp5TxNF0xFWebCCtcaTkj_L2DjUbSUe8QVDn3'),
},
},
'icinga2_api': {
'custom': {
# redundant monitoring of services/hosts
'services': {
'flauschekatze.space CERTIFICATE': {
'check_command': 'check_https_cert_at_url',
'vars.domain': 'flauschekatze.space',
},
'matrix.flauschekatze.space CERTIFICATE': {
'check_command': 'check_https_cert_at_url',
'vars.domain': 'matrix.flauschekatze.space',
},
},
},
},
'nginx': {
'vhosts': {
'icingaweb': {
'domain': 'icinga.kunsmann.eu',
'webroot': '/usr/share/icingaweb2/public',
'extras': True,
},
'icinga_statusmonitor': {
'domain': 'statusmonitor.icinga.kunsmann.eu',
'locations': {
'/': {
'target': 'http://127.0.0.1:5000/',
}
},
},
'statuspage': {
'domain': 'status.franzi.business',
'ssl': '_.franzi.business',
'webroot': '/opt/simple-icinga-dashboard/out',
},
},
},
'php': {
'version': '8.0',
'packages': {
'curl',
'gd',
'intl',
'imagick',
'ldap',
'mysql',
'opcache',
'pgsql',
'readline',
'xml',
},
},
'postgresql': {
'version': '11',
},
'simple-icinga-dashboard': {
'icinga2_api': {
'baseurl': 'https://127.0.0.1:5665',
'username': 'dashboard',
'password': vault.password_for('ovh.icinga2 icinga2 api_user dashboard'),
},
'filters': {
'services': '"statuspage" in service.groups',
},
'output': {
'page_title': 'franzi.business Service Status',
},
'prettify': {
'CONTENT': '',
'NGINX': 'WEBSERVER',
'PROCESS': 'SERVICE',
},
},
'wireguard': {
'peers': {
'ovh.wireguard': {
'snat_to': '172.19.136.3',
},
},
},
'zfs': {
'pools': {
'tank': {
'when_creating': {
'config': [{
'devices': {
'/dev/sdb'
},
}],
},
},
},
},
'vm': {
'cpu': 1,
'ram': 2,
},
},
}