bundlewrap/nodes/ovh/icinga2.py
Franziska Kunsmann e9f225890a
All checks were successful
bundlewrap/pipeline/head This commit looks good
nodes/ovh.icinga2: add some monitoring for external https vhosts
2020-12-31 12:40:26 +01:00

118 lines
3.7 KiB
Python

nodes['ovh.icinga2'] = {
'bundles': {
'icinga2',
'iptables',
'php',
'postgresql',
'wireguard',
'zfs',
},
'groups': {
'debian-buster',
'webserver',
},
'metadata': {
'interfaces': {
'eth0': {
'ips': {
'51.195.44.8',
'2001:41d0:701:1100::2618/128'
},
'gateway4': '51.195.44.1',
'gateway6': '2001:41d0:701:1100::1'
},
},
'apt': {
'packages': {
'php-imagick': {},
},
},
'icinga2': {
'api_users': {
# Used with <https://git.kunsmann.eu/kunsi/icinga2beamer>
'icinga2beamer': {
'password': vault.decrypt('encrypt$gAAAAABf3wM9YS5ZpRdhp3xyIFX21_MK0omzqHqykWbWdkZWp2xyJ6awaUSXODnZQ5j-rws6n0yrpaeMdXoj1irb2FrgxMDTdfCh88hIsqcKGOObzwGaRg6Ze0tuiMrzIfOO3tRnc9Kd'),
'permissions': {
'objects/query/Host',
'objects/query/Service'
},
},
},
'sipgate_user': vault.decrypt('encrypt$gAAAAABfujAmCUnicSAllq8MskXnPodKp3cGcfA6Abvef-rAYwB2CtCwt9oBRVKFskJPVArDaF1wfjNTfLwgX3gTP7xFutJ1HA=='),
'sipgate_pass': vault.decrypt('encrypt$gAAAAABfui_4B7UmOosI_gsQ-xvmd3X_BUDSl-G2KF_Tg8O6RpUvk0gHexOKsrTb6se1ipXsh7RC9pbZCKMtesW0C6j24LHXDKCOjkqI77oO0ZjnG6SUwfcJqg61biNiRlXy8z-9LCGA'),
},
'icinga2_api': {
'custom': {
# redundant monitoring of services/hosts
'services': {
'flauschekatze.space CERTIFICATE': {
'check_command': 'check_https_cert_at_url',
'vars.domain': 'flauschekatze.space',
},
'matrix.flauschekatze.space CERTIFICATE': {
'check_command': 'check_https_cert_at_url',
'vars.domain': 'matrix.flauschekatze.space',
},
'media.ccc.de CERTIFICATE': {
'check_command': 'check_https_cert_at_url',
'vars.domain': 'media.ccc.de',
},
},
},
},
'iptables': {
'custom_rules': {
# icinga2 api
'iptables -A INPUT -i wg0 -p tcp --dport 5665 -j ACCEPT',
},
},
'nginx': {
'vhosts': {
'icingaweb': {
'domain': 'icinga.kunsmann.eu',
'webroot': '/usr/share/icingaweb2/public',
'extras': True,
},
'icinga_statusmonitor': {
'domain': 'statusmonitor.icinga.kunsmann.eu',
'proxy': {
'/': {
'target': 'http://127.0.0.1:5000/',
}
},
}
},
},
'php': {
'version': '7.4',
'packages': {
'curl',
'gd',
'intl',
'json',
'ldap',
'opcache',
'pgsql',
'readline',
'xml',
},
},
'wireguard': {
'my_ip': '172.19.137.3/32',
'peers': {
'ovh.wireguard': {},
},
},
'zfs': {
'pools': {
'tank': {
'device': '/dev/sdb',
},
},
},
'vm': {
'cpu': 1,
'ram': 2,
},
},
}