From e6e9e425fcded1e13d71ea531b603c1d9b9809a5 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Sat, 9 Sep 2023 14:12:24 +0200 Subject: [PATCH] move icinga2 to new host --- bundles/basic/items.py | 2 +- data/icinga2/icingaweb2_nginx.conf | 15 +++ data/nginx/files/extras/icinga2/icingaweb2 | 1 + groups/os.py | 2 + nodes/home/router.py | 1 + nodes/icinga2.toml | 101 +++++++++++++++++++++ nodes/ovh/icinga2.py | 2 + 7 files changed, 123 insertions(+), 1 deletion(-) create mode 100644 data/icinga2/icingaweb2_nginx.conf create mode 120000 data/nginx/files/extras/icinga2/icingaweb2 create mode 100644 nodes/icinga2.toml diff --git a/bundles/basic/items.py b/bundles/basic/items.py index d25d4c7..74a0518 100644 --- a/bundles/basic/items.py +++ b/bundles/basic/items.py @@ -51,7 +51,7 @@ actions = { description = [] if not node.metadata.get('icinga_options/exclude_from_monitoring', False): - description.append('icingaweb2: https://icinga.kunsmann.eu/monitoring/host/show?host={}'.format(node.name)) + description.append('icingaweb2: https://icinga.franzi.business/monitoring/host/show?host={}'.format(node.name)) if node.has_bundle('telegraf'): description.append('Grafana: https://grafana.kunsmann.eu/d/{}'.format(UUID(int=node.magic_number).hex[:10])) diff --git a/data/icinga2/icingaweb2_nginx.conf b/data/icinga2/icingaweb2_nginx.conf new file mode 100644 index 0000000..bd9415e --- /dev/null +++ b/data/icinga2/icingaweb2_nginx.conf @@ -0,0 +1,15 @@ + location ~ \.php$ { + include fastcgi.conf; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:/run/php/php8.2-fpm.sock; + fastcgi_param SCRIPT_FILENAME /usr/share/icingaweb2/public/index.php; + fastcgi_param ICINGAWEB_CONFIGDIR /etc/icingaweb2; + } + + location = / { + return 301 https://$host/authentication/login; + } + + location / { + try_files $1 $uri $uri/ /index.php$is_args$args; + } diff --git a/data/nginx/files/extras/icinga2/icingaweb2 b/data/nginx/files/extras/icinga2/icingaweb2 new file mode 120000 index 0000000..b6a8498 --- /dev/null +++ b/data/nginx/files/extras/icinga2/icingaweb2 @@ -0,0 +1 @@ +../../../../icinga2/icingaweb2_nginx.conf \ No newline at end of file diff --git a/groups/os.py b/groups/os.py index 754d427..4542cc8 100644 --- a/groups/os.py +++ b/groups/os.py @@ -40,9 +40,11 @@ groups['linux'] = { 'port_rules': { '*': { 'ovh.icinga2', + 'icinga2', }, '*/udp': { 'ovh.icinga2', + 'icinga2', }, }, }, diff --git a/nodes/home/router.py b/nodes/home/router.py index 29eb8c6..da68207 100644 --- a/nodes/home/router.py +++ b/nodes/home/router.py @@ -181,6 +181,7 @@ nodes['home.router'] = { 'health_check': True, 'snat_to': '172.19.138.1', }, + 'icinga2': {}, }, }, }, diff --git a/nodes/icinga2.toml b/nodes/icinga2.toml new file mode 100644 index 0000000..ed9a84c --- /dev/null +++ b/nodes/icinga2.toml @@ -0,0 +1,101 @@ +hostname = "217.160.71.39" +bundles = [ + "bird", + "icinga2", + "php", + "postgresql", +# 'simple-icinga-dashboard', + "unbound", + "wireguard", +] +groups = [ + 'debian-bookworm', + 'webserver', +] + +[metadata] +location = "ionos" + +[metadata.interfaces.ens192] +ips = [ + "217.160.71.39/32", + "2001:8d8:1800:d5::1/128" +] +gateway4 = "10.255.255.1" +gateway6 = "fe80::1" + +[metadata.interfaces.wg_home_router] +ips = ["172.19.136.4"] + +[metadata.bird] +static_routes = ["172.19.136.4/32"] + +[metadata.icinga2] +web_domain = "icinga.franzi.business" +ntfy.pass = "!decrypt:encrypt$gAAAAABkMtfD8lenogwJc8uKeGZUQ8QVWHMpAqY_GLW3VhF3Jt0TOC4JiJn49qfaC9Ij5rw6GGsowNIsNBe1Ac83HXOLveANEU2o-O4fp5TxNF0xFWebCCtcaTkj_L2DjUbSUe8QVDn3" +ntfy.url = "https://ntfy.franzi.business/icinga2" +ntfy.user = "!decrypt:encrypt$gAAAAABkMtfW_tyGDUh7TkVX6AN8wSkKixWcQiOrPUWHtDZqnzjqrAkfD40fD8M_PiPDvW5pAa6xHNcUSU34jHolxnC44rDiLw==" +sipgate.pass = "!bwpass_attr:sipgate.de/hi@kunsmann.eu:icinga_token" +sipgate.user = "!bwpass_attr:sipgate.de/hi@kunsmann.eu:icinga_tokenid" + +[metadata.icinga2.api_users.icinga2beamer] +# Used with +password = "!decrypt:encrypt$gAAAAABf3wM9YS5ZpRdhp3xyIFX21_MK0omzqHqykWbWdkZWp2xyJ6awaUSXODnZQ5j-rws6n0yrpaeMdXoj1irb2FrgxMDTdfCh88hIsqcKGOObzwGaRg6Ze0tuiMrzIfOO3tRnc9Kd" +permissions = [ + "objects/query/Host", + "objects/query/Service", +] + +# 'icinga2_api': { +# 'custom': { +# # redundant monitoring of services/hosts +# 'services': { +# 'flauschekatze.space CERTIFICATE': { +# 'check_command': 'check_https_cert_at_url', +# 'vars.domain': 'flauschekatze.space', +# }, +# 'matrix.flauschekatze.space CERTIFICATE': { +# 'check_command': 'check_https_cert_at_url', +# 'vars.domain': 'matrix.flauschekatze.space', +# }, +# }, +# }, +# }, +# 'nginx': { +# 'vhosts': { +# 'statuspage': { +# 'domain': 'status.franzi.business', +# 'ssl': '_.franzi.business', +# 'webroot': '/opt/simple-icinga-dashboard/out', +# }, +# }, +# }, + +[metadata.postgresql] +version = 15 + +# 'simple-icinga-dashboard': { +# 'icinga2_api': { +# 'baseurl': 'https://127.0.0.1:5665', +# 'username': 'dashboard', +# 'password': vault.password_for('ovh.icinga2 icinga2 api_user dashboard'), +# }, +# 'filters': { +# 'services': '"statuspage" in service.groups', +# }, +# 'output': { +# 'page_title': 'franzi.business Service Status', +# }, +# 'prettify': { +# 'CONTENT': '', +# 'NGINX': 'WEBSERVER', +# 'PROCESS': 'SERVICE', +# }, +# }, + +[metadata.wireguard.peers.'home.router'] +snat_to = "172.19.136.4" + +[metadata.vm] +cpu = 2 +ram = 2 diff --git a/nodes/ovh/icinga2.py b/nodes/ovh/icinga2.py index ea24874..8b9b975 100644 --- a/nodes/ovh/icinga2.py +++ b/nodes/ovh/icinga2.py @@ -1,4 +1,5 @@ nodes['ovh.icinga2'] = { + 'dummy': True, # gekündigt 'bundles': { 'bird', 'icinga2', @@ -35,6 +36,7 @@ nodes['ovh.icinga2'] = { }, }, 'icinga2': { + 'web_domain': 'icinga.kunsmann.eu', 'api_users': { 'dashboard': { 'password': vault.password_for('ovh.icinga2 icinga2 api_user dashboard'),