bundlewrap/nodes/ovh/icinga2.py
Franziska Kunsmann 89f91f3857
All checks were successful
kunsi/bundlewrap/pipeline/head This commit looks good
nodes: add bird to wireguard nodes
2021-09-29 19:47:14 +02:00

164 lines
5.1 KiB
Python

nodes['ovh.icinga2'] = {
'bundles': {
'bird',
'icinga2',
'php',
'postgresql',
'simple-icinga-dashboard',
'unbound',
'wireguard',
'zfs',
},
'groups': {
'debian-buster',
'webserver',
},
'metadata': {
'interfaces': {
'eth0': {
'ips': {
'51.195.44.8',
'2001:41d0:701:1100::2618/128'
},
'gateway4': '51.195.44.1',
'gateway6': '2001:41d0:701:1100::1'
},
'dummy-snat': {
'ips': {
'172.19.136.3',
},
},
},
'apt': {
'packages': {
'php-imagick': {},
},
},
'bird': {
'static_routes': {
'172.19.136.3/32',
},
},
'icinga2': {
'api_users': {
# Used with <https://git.kunsmann.eu/kunsi/icinga2beamer>
'dashboard': {
'password': vault.password_for('ovh.icinga2 icinga2 api_user dashboard'),
'permissions': {
'objects/query/Service'
},
},
'icinga2beamer': {
'password': vault.decrypt('encrypt$gAAAAABf3wM9YS5ZpRdhp3xyIFX21_MK0omzqHqykWbWdkZWp2xyJ6awaUSXODnZQ5j-rws6n0yrpaeMdXoj1irb2FrgxMDTdfCh88hIsqcKGOObzwGaRg6Ze0tuiMrzIfOO3tRnc9Kd'),
'permissions': {
'objects/query/Host',
'objects/query/Service'
},
},
},
'restrict-to': {
'172.19.138.0/24',
},
'sipgate_user': bwpass.attr('sipgate.de/hi@kunsmann.eu', 'icinga_tokenid'),
'sipgate_pass': bwpass.attr('sipgate.de/hi@kunsmann.eu', 'icinga_token'),
},
'icinga2_api': {
'custom': {
# redundant monitoring of services/hosts
'services': {
'flauschekatze.space CERTIFICATE': {
'check_command': 'check_https_cert_at_url',
'vars.domain': 'flauschekatze.space',
},
'matrix.flauschekatze.space CERTIFICATE': {
'check_command': 'check_https_cert_at_url',
'vars.domain': 'matrix.flauschekatze.space',
},
'media.ccc.de CERTIFICATE': {
'check_command': 'check_https_cert_at_url',
'vars.domain': 'media.ccc.de',
},
},
},
},
'nginx': {
'vhosts': {
'icingaweb': {
'domain': 'icinga.kunsmann.eu',
'webroot': '/usr/share/icingaweb2/public',
'extras': True,
},
'icinga_statusmonitor': {
'domain': 'statusmonitor.icinga.kunsmann.eu',
'locations': {
'/': {
'target': 'http://127.0.0.1:5000/',
}
},
},
'statuspage': {
'domain': 'status.franzi.business',
'ssl': '_.franzi.business',
'webroot': '/opt/simple-icinga-dashboard/out',
},
},
},
'php': {
'version': '7.4',
'packages': {
'curl',
'gd',
'intl',
'json',
'ldap',
'mysql',
'opcache',
'pgsql',
'readline',
'xml',
},
},
'simple-icinga-dashboard': {
'icinga2_api': {
'baseurl': 'https://127.0.0.1:5665',
'username': 'dashboard',
'password': vault.password_for('ovh.icinga2 icinga2 api_user dashboard'),
},
'filters': {
'services': '"checks_with_sms" in service.groups',
},
'output': {
'page_title': 'franzi.business Service Status',
},
'prettify': {
'CONTENT': '',
'NGINX': 'WEBSERVER',
'PROCESS': 'SERVICE',
},
},
'wireguard': {
'peers': {
'ovh.wireguard': {
'snat_to': '172.19.136.3',
},
},
},
'zfs': {
'pools': {
'tank': {
'when_creating': {
'config': [{
'devices': {
'/dev/sdb'
},
}],
},
},
},
},
'vm': {
'cpu': 1,
'ram': 2,
},
},
}