move icinga2 to new host

2023-09-09 14:12:24 +02:00 · 2023-09-09 14:12:24 +02:00 · e6e9e425fc
parent 99e261fe24
commit e6e9e425fc
7 changed files with 123 additions and 1 deletions
--- a/bundles/basic/items.py
+++ b/bundles/basic/items.py
@ -51,7 +51,7 @@ actions = {
 description = []

 if not node.metadata.get('icinga_options/exclude_from_monitoring', False):
-    description.append('icingaweb2: https://icinga.kunsmann.eu/monitoring/host/show?host={}'.format(node.name))
+    description.append('icingaweb2: https://icinga.franzi.business/monitoring/host/show?host={}'.format(node.name))

 if node.has_bundle('telegraf'):
    description.append('Grafana: https://grafana.kunsmann.eu/d/{}'.format(UUID(int=node.magic_number).hex[:10]))
--- a/data/icinga2/icingaweb2_nginx.conf
+++ b/data/icinga2/icingaweb2_nginx.conf
@ -0,0 +1,15 @@
+    location ~ \.php$ {
+        include fastcgi.conf;
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_pass unix:/run/php/php8.2-fpm.sock;
+        fastcgi_param SCRIPT_FILENAME /usr/share/icingaweb2/public/index.php;
+        fastcgi_param ICINGAWEB_CONFIGDIR /etc/icingaweb2;
+    }
+
+    location = / {
+        return 301 https://$host/authentication/login;
+    }
+
+    location / {
+        try_files $1 $uri $uri/ /index.php$is_args$args;
+    }
--- a/data/nginx/files/extras/icinga2/icingaweb2
+++ b/data/nginx/files/extras/icinga2/icingaweb2
@ -0,0 +1 @@
+../../../../icinga2/icingaweb2_nginx.conf
--- a/groups/os.py
+++ b/groups/os.py
@ -40,9 +40,11 @@ groups['linux'] = {
            'port_rules': {
                '*': {
                    'ovh.icinga2',
+                    'icinga2',
                },
                '*/udp': {
                    'ovh.icinga2',
+                    'icinga2',
                },
            },
        },
--- a/nodes/home/router.py
+++ b/nodes/home/router.py
@ -181,6 +181,7 @@ nodes['home.router'] = {
                    'health_check': True,
                    'snat_to': '172.19.138.1',
                },
+                'icinga2': {},
            },
        },
    },
--- a/nodes/icinga2.toml
+++ b/nodes/icinga2.toml
@ -0,0 +1,101 @@
+hostname = "217.160.71.39"
+bundles = [
+    "bird",
+    "icinga2",
+    "php",
+    "postgresql",
+#        'simple-icinga-dashboard',
+    "unbound",
+    "wireguard",
+]
+groups = [
+    'debian-bookworm',
+    'webserver',
+]
+
+[metadata]
+location = "ionos"
+
+[metadata.interfaces.ens192]
+ips = [
+    "217.160.71.39/32",
+    "2001:8d8:1800:d5::1/128"
+]
+gateway4 = "10.255.255.1"
+gateway6 = "fe80::1"
+
+[metadata.interfaces.wg_home_router]
+ips = ["172.19.136.4"]
+
+[metadata.bird]
+static_routes = ["172.19.136.4/32"]
+
+[metadata.icinga2]
+web_domain = "icinga.franzi.business"
+ntfy.pass = "!decrypt:encrypt$gAAAAABkMtfD8lenogwJc8uKeGZUQ8QVWHMpAqY_GLW3VhF3Jt0TOC4JiJn49qfaC9Ij5rw6GGsowNIsNBe1Ac83HXOLveANEU2o-O4fp5TxNF0xFWebCCtcaTkj_L2DjUbSUe8QVDn3"
+ntfy.url = "https://ntfy.franzi.business/icinga2"
+ntfy.user = "!decrypt:encrypt$gAAAAABkMtfW_tyGDUh7TkVX6AN8wSkKixWcQiOrPUWHtDZqnzjqrAkfD40fD8M_PiPDvW5pAa6xHNcUSU34jHolxnC44rDiLw=="
+sipgate.pass = "!bwpass_attr:sipgate.de/hi@kunsmann.eu:icinga_token"
+sipgate.user = "!bwpass_attr:sipgate.de/hi@kunsmann.eu:icinga_tokenid"
+
+[metadata.icinga2.api_users.icinga2beamer]
+# Used with <https://git.franzi.business/kunsi/icinga2beamer>
+password = "!decrypt:encrypt$gAAAAABf3wM9YS5ZpRdhp3xyIFX21_MK0omzqHqykWbWdkZWp2xyJ6awaUSXODnZQ5j-rws6n0yrpaeMdXoj1irb2FrgxMDTdfCh88hIsqcKGOObzwGaRg6Ze0tuiMrzIfOO3tRnc9Kd"
+permissions = [
+    "objects/query/Host",
+    "objects/query/Service",
+]
+
+#        'icinga2_api': {
+#            'custom': {
+#                # redundant monitoring of services/hosts
+#                'services': {
+#                    'flauschekatze.space CERTIFICATE': {
+#                        'check_command': 'check_https_cert_at_url',
+#                        'vars.domain': 'flauschekatze.space',
+#                    },
+#                    'matrix.flauschekatze.space CERTIFICATE': {
+#                        'check_command': 'check_https_cert_at_url',
+#                        'vars.domain': 'matrix.flauschekatze.space',
+#                    },
+#                },
+#            },
+#        },
+#        'nginx': {
+#            'vhosts': {
+#                'statuspage': {
+#                    'domain': 'status.franzi.business',
+#                    'ssl': '_.franzi.business',
+#                    'webroot': '/opt/simple-icinga-dashboard/out',
+#                },
+#            },
+#        },
+
+[metadata.postgresql]
+version = 15
+
+#        'simple-icinga-dashboard': {
+#            'icinga2_api': {
+#                'baseurl': 'https://127.0.0.1:5665',
+#                'username': 'dashboard',
+#                'password': vault.password_for('ovh.icinga2 icinga2 api_user dashboard'),
+#            },
+#            'filters': {
+#                'services': '"statuspage" in service.groups',
+#            },
+#            'output': {
+#                'page_title': 'franzi.business Service Status',
+#            },
+#            'prettify': {
+#                'CONTENT': '',
+#                'NGINX':  'WEBSERVER',
+#                'PROCESS': 'SERVICE',
+#            },
+#        },
+
+[metadata.wireguard.peers.'home.router']
+snat_to = "172.19.136.4"
+
+[metadata.vm]
+cpu = 2
+ram = 2
--- a/nodes/ovh/icinga2.py
+++ b/nodes/ovh/icinga2.py
@ -1,4 +1,5 @@
 nodes['ovh.icinga2'] = {
+    'dummy': True, # gekündigt
    'bundles': {
        'bird',
        'icinga2',
@ -35,6 +36,7 @@ nodes['ovh.icinga2'] = {
            },
        },
        'icinga2': {
+            'web_domain': 'icinga.kunsmann.eu',
            'api_users': {
                'dashboard': {
                    'password': vault.password_for('ovh.icinga2 icinga2 api_user dashboard'),