path: root/files/usr/local/etc/icinga2/conf.d/services.conf.icinga_server



apply Service "icinga" {
  check_command = "icinga"
  assign where host.name == NodeName
}

apply Service "icingadb" {
  check_command = "icingadb"
  assign where host.name == NodeName
}

apply Service "ssh" {
  check_command = "ssh"
  assign where host.vars.os in ["FreeBSD"," Linux"]
}

apply Service "upstream-packet-loss" {
  check_command = "ping"
  display_name = "upstream packet loss"
  vars.ping_address = "${icinga_upstream_ping_address}"
  vars.ping_wpl = ${icinga_upstream_packet_loss_warn}
  vars.ping_cpl = ${icinga_upstream_packet_loss_crit}
  vars.ping_wrta = ${icinga_upstream_latency_warn}
  vars.ping_crta = ${icinga_upstream_latency_crit}
  vars.ping_packets = ${icinga_upstream_packet_count}
  assign where host.name == NodeName
}

apply Service "dns" {
  check_command = "dns"
  vars.dns_lookup = "\$address\$"
  vars.dns_server = "\$address\$"
  vars.dns_wtime = ${icinga_response_time_warn}
  vars.dns_ctime = ${icinga_response_time_crit}
  assign where "idm-servers" in host.groups
}

apply Service for (zone in host.vars.zones) {
  check_command = "dns"
  vars.dns_lookup = zone
  name = "dns-" + zone
  display_name = zone
  vars.dns_server = "\$address\$"
  vars.dns_wtime = ${icinga_response_time_warn}
  vars.dns_ctime = ${icinga_response_time_crit}
  assign where "nameservers" in host.groups
}

apply Service "resolver" {
  check_command = "dns"
  vars.dns_lookup = "www.google.com"
  vars.dns_server = "\$address\$"
  vars.dns_wtime = ${icinga_response_time_warn}
  vars.dns_ctime = ${icinga_response_time_crit}
  assign where "idm-servers" in host.groups
}

apply Service "ldap" {
  check_command = "ldap"
  vars.ldap_port = 389
  vars.ldap_warning = ${icinga_response_time_warn}
  vars.ldap_critical = ${icinga_response_time_crit}
  vars.ldap_v2 = false
  vars.ldap_v3 = true
  vars.ldap_starttls = true
  vars.ldap_bind = "${icinga_dn}"
  vars.ldap_pass = IcingaPassword
  vars.ldap_base = "${hosts_basedn}"
  vars.ldap_attr = "(cn=" + NodeName + ")"
  assign where "idm-servers" in host.groups
}

apply Service "ldaps" {
  check_command = "ldap"
  vars.ldap_port = 636
  vars.ldap_warning = ${icinga_response_time_warn}
  vars.ldap_critical = ${icinga_response_time_crit}
  vars.ldap_v2 = false
  vars.ldap_v3 = true
  vars.ldap_ssl = true
  vars.ldap_bind = "${icinga_dn}"
  vars.ldap_pass = IcingaPassword
  vars.ldap_base = "${hosts_basedn}"
  vars.ldap_attr = "(cn=" + NodeName + ")"
  assign where "idm-servers" in host.groups
}

apply Service "imap" {
  check_command = "imap"
  vars.imap_port = 993
  vars.imap_ssl = true
  vars.imap_certificate_age = ${icinga_cert_days_warn} + "," + ${icinga_cert_days_crit}
  vars.imap_warning = ${icinga_response_time_warn}
  vars.imap_critical = ${icinga_response_time_crit}
  assign where "imap-servers" in host.groups
}

apply Service "lmtp" {
  check_command = "smtp2"
  vars.smtp_port = 25
  vars.smtp_starttls = true
  vars.smtp_lmtp = true
  vars.smtp_mail_from = "${icinga_smtp_mail_from}"
  vars.smtp_command = "RCPT TO:<" + "${icinga_lmtp_rcpt_to}" + ">"
  vars.smtp_response = "250 2.1.5 OK"
  assign where "imap-servers" in host.groups
}

apply Service "lmtp-cert" {
  display_name = "lmtp certificate"
  check_command = "smtp2"
  vars.smtp_lmtp = true
  vars.smtp_port = 25
  vars.smtp_certificate_age = ${icinga_cert_days_warn} + "," + ${icinga_cert_days_crit}
  vars.smtp_starttls = true
  assign where "imap-servers" in host.groups
}

apply Service "smtp" {
  check_command = "smtp"
  vars.smtp_port = 25
  vars.smtp_starttls = true
  vars.smtp_warning = ${icinga_response_time_warn}
  vars.smtp_critical = ${icinga_response_time_crit}
  vars.smtp_mail_from = "${icinga_smtp_mail_from}"
  vars.smtp_command = "RCPT TO:<" + "${icinga_smtp_rcpt_to}" + ">"
  vars.smtp_response = "250 2.1.5 Ok"
  assign where "smtp-servers" in host.groups
}

apply Service "smtp-cert" {
  display_name = "smtp certificate"
  check_command = "smtp"
  vars.smtp_port = 25
  vars.smtp_certificate_age = ${icinga_cert_days_warn} + "," + ${icinga_cert_days_crit}
  vars.smtp_starttls = true
  assign where "smtp-servers" in host.groups
}


apply Service "submission" {
  check_command = "smtp"
  vars.smtp_port = 587
  vars.smtp_certificate_age = ${icinga_cert_days_warn} + "," + ${icinga_cert_days_crit}
  vars.smtp_starttls = true
  vars.smtp_warning = ${icinga_response_time_warn}
  vars.smtp_critical = ${icinga_response_time_crit}
  assign where "smtp-servers" in host.groups
}

apply Service "mailq" {
  check_command = "mailq_by_ssh"
  vars.mailq_servertype = "postfix"
  vars.mailq_warning = ${icinga_mailq_warn}
  vars.mailq_critical = ${icinga_mailq_crit}
  assign where "smtp-servers" in host.groups
}

apply Service "postgres" {
  check_command = "pgsql"
  vars.pgsql_warning = ${icinga_response_time_warn}
  vars.pgsql_critical = ${icinga_response_time_crit}
  vars.pgsql_username = "${icinga_username}"
  vars.pgsql_password = IcingaPassword
  vars.pgsql_options = ["sslmode=verify-full", "sslrootcert=system"]
  assign where "postgresql-servers" in host.groups
}

apply Service "eap-cert" {
  check_command = "eapol"
  vars.eapol_secret = IcingaRadiusSecret
  vars.eapol_config_file = "${icinga_home_dir}/eap-tls.conf"
  assign where "radius-servers" in host.groups
}

apply Service "eap-ttls-pap" {
  check_command = "eapol"
  vars.eapol_secret = IcingaRadiusSecret
  vars.eapol_config_file = "${icinga_home_dir}/eap-ttls-pap.conf"
  assign where "radius-servers" in host.groups
}

apply Service "irc" {
  check_command = "tcp"
  vars.tcp_port = 6697
  vars.tcp_ssl = true
  vars.tcp_certificate = ${icinga_cert_days_warn} + "," + ${icinga_cert_days_crit}
  vars.tcp_wtime = ${icinga_response_time_warn}
  vars.tcp_ctime = ${icinga_response_time_crit}
  assign where "znc-servers" in host.groups
}

apply Service "turn" {
  check_command = "tcp"
  vars.tcp_port = 3478
  vars.tcp_wtime = ${icinga_response_time_warn}
  vars.tcp_ctime = ${icinga_response_time_crit}
  assign where "turn-servers" in host.groups
}

apply Service "cups" {
  check_command = "http"
  display_name = "cups status"
  vars.http_vhost = "\$address\$"
  vars.http_port = 631
  vars.http_expect = "HTTP/1.1 200 OK"
  vars.http_ssl = true
  vars.http_warn_time = ${icinga_response_time_warn}
  vars.http_critical_time = ${icinga_response_time_crit}
  assign where ("cups-servers" in host.groups)
}

apply Service "cups-cert" {
  check_command = "http"
  display_name = "cups certificate"
  vars.http_vhost = "\$address\$"
  vars.http_port = 631
  vars.http_ssl = true
  vars.http_certificate = ${icinga_cert_days_warn} + "," + ${icinga_cert_days_crit}
  assign where ("cups-servers" in host.groups)
}

apply Service for (vhost in host.vars.xmpp_vhosts) {
  check_command = "tcp"
  name = vhost + "-xmpp"
  display_name = vhost + " xmpp"
  vars.tcp_port = 5223
  vars.tcp_ssl = true
  vars.tcp_sni = vhost
  vars.tcp_certificate = ${icinga_cert_days_warn} + "," + ${icinga_cert_days_crit}
  vars.tcp_wtime = ${icinga_response_time_warn}
  vars.tcp_ctime = ${icinga_response_time_crit}
  vars.tcp_send = "<stream:stream to='" + vhost + "' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams'>"
  vars.tcp_expect = "<?xml version='1.0'"
}

// Expect HTTP 200
apply Service "http" {
  check_command = "http"
  display_name = "http status"
  vars.http_vhost = "\$address\$"
  vars.http_expect = "HTTP/1.1 200 OK"
  vars.http_ssl = false
  vars.http_warn_time = ${icinga_response_time_warn}
  vars.http_critical_time = ${icinga_response_time_crit}
  assign where ("pkg-repositories"  in host.groups)
}

// Expect HTTP 301
apply Service "http" {
  check_command = "http"
  display_name = "http status"
  vars.http_vhost = "\$address\$"
  vars.http_expect = "HTTP/1.1 301 Moved Permanently"
  vars.http_ssl = false
  vars.http_warn_time = ${icinga_response_time_warn}
  vars.http_critical_time = ${icinga_response_time_crit}
  assign where ("dav-servers"       in host.groups
             || "smtp-servers"      in host.groups
             || "ttrss-servers"     in host.groups
             || "invidious-servers" in host.groups
             || "nfs-servers"       in host.groups
             || "web-servers"       in host.groups
             || "xmpp-servers"      in host.groups
             || "znc-servers"       in host.groups
             || "icinga-servers"    in host.groups
             || "bitwarden-servers" in host.groups)
}

// Expect HTTP 302
apply Service "http" {
  check_command = "http"
  display_name = "http status"
  vars.http_vhost = "\$address\$"
  vars.http_expect = "HTTP/1.1 302"
  vars.http_ssl = false
  vars.http_warn_time = ${icinga_response_time_warn}
  vars.http_critical_time = ${icinga_response_time_crit}
  assign where ("unifi-controllers" in host.groups)
}

// Expect HTTPS 401
apply Service "https" {
  check_command = "http"
  display_name = "https status"
  vars.http_vhost = "\$address\$"
  vars.http_expect = "HTTP/1.1 401 Unauthorized"
  vars.http_ssl = true
  vars.http_warn_time = ${icinga_response_time_warn}
  vars.http_critical_time = ${icinga_response_time_crit}
  assign where ("dav-servers"     in host.groups
             || "smtp-servers"    in host.groups
             || "icinga-servers"  in host.groups
             || "ttrss-servers"   in host.groups)
}

// Expect HTTPS 200
apply Service "https" {
  check_command = "http"
  display_name = "https status"
  vars.http_vhost = "\$address\$"
  vars.http_expect = "HTTP/1.1 200 OK"
  vars.http_ssl = true
  vars.http_warn_time = ${icinga_response_time_warn}
  vars.http_critical_time = ${icinga_response_time_crit}
  assign where ("pkg-repositories"  in host.groups
             || "znc-servers"       in host.groups
             || "bitwarden-servers" in host.groups)
}

// Expect HTTPS 404
apply Service "https" {
  check_command = "http"
  display_name = "https status"
  vars.http_vhost = "\$address\$"
  vars.http_expect = "HTTP/1.1 404 Not Found"
  vars.http_ssl = true
  vars.http_warn_time = ${icinga_response_time_warn}
  vars.http_critical_time = ${icinga_response_time_crit}
  assign where ("nfs-servers" in host.groups)
}

// Expect HTTPS 302
apply Service "https" {
  check_command = "http"
  display_name = "https status"
  vars.http_vhost = "\$address\$"
  vars.http_expect = "HTTP/1.1 302"
  vars.http_ssl = true
  vars.http_warn_time = ${icinga_response_time_warn}
  vars.http_critical_time = ${icinga_response_time_crit}
  assign where ("unifi-controllers" in host.groups
             || "invidious-servers" in host.groups)
}

// Certificate validity
apply Service "https-cert" {
  check_command = "http"
  display_name = "https certificate"
  vars.http_vhost = "\$address\$"
  vars.http_ssl = true
  vars.http_certificate = ${icinga_cert_days_warn} + "," + ${icinga_cert_days_crit}
  assign where (("invidious-servers" in host.groups
             || "nfs-servers"       in host.groups
             || "pkg-repositories"  in host.groups
             || "unifi-controllers" in host.groups
             || "web-servers"       in host.groups
             || "znc-servers"       in host.groups
             || "bitwarden-servers" in host.groups
             || "dav-servers"       in host.groups
             || "smtp-servers"      in host.groups
             || "icinga-servers"    in host.groups
             || "web-servers"       in host.groups
             || "ttrss-servers"     in host.groups)
             && !host.vars.https_vhosts)
}

// Certificate validity
apply Service for (vhost in host.vars.https_vhosts) {
  check_command = "http"
  name = vhost + "-https-cert"
  display_name = vhost + " https certificate"
  vars.http_vhost = vhost
  vars.http_expect = "HTTP/1.1 200 OK"
  vars.http_ssl = true
  vars.http_sni = true
  vars.http_certificate = ${icinga_cert_days_warn} + "," + ${icinga_cert_days_crit}
}

// Expect HTTPS 200
apply Service for (vhost in host.vars.https_vhosts) {
  check_command = "http"
  name = vhost + "-https-status"
  display_name = vhost + " https status"
  vars.http_vhost = vhost
  vars.http_ssl = true
  vars.http_sni = true
  vars.http_expect = "HTTP/1.1 200 OK"
  vars.http_warn_time = ${icinga_response_time_warn}
  vars.http_critical_time = ${icinga_response_time_crit}
}
apply Service "icinga" {
  check_command = "icinga"
  assign where host.name == NodeName
}

apply Service "icingadb" {
  check_command = "icingadb"
  assign where host.name == NodeName
}

apply Service "ssh" {
  check_command = "ssh"
  assign where host.vars.os in ["FreeBSD"," Linux"]
}

apply Service "upstream-packet-loss" {
  check_command = "ping"
  display_name = "upstream packet loss"
  vars.ping_address = "${icinga_upstream_ping_address}"
  vars.ping_wpl = ${icinga_upstream_packet_loss_warn}
  vars.ping_cpl = ${icinga_upstream_packet_loss_crit}
  vars.ping_wrta = ${icinga_upstream_latency_warn}
  vars.ping_crta = ${icinga_upstream_latency_crit}
  vars.ping_packets = ${icinga_upstream_packet_count}
  assign where host.name == NodeName
}

apply Service "dns" {
  check_command = "dns"
  vars.dns_lookup = "\$address\$"
  vars.dns_server = "\$address\$"
  vars.dns_wtime = ${icinga_response_time_warn}
  vars.dns_ctime = ${icinga_response_time_crit}
  assign where "idm-servers" in host.groups
}

apply Service for (zone in host.vars.zones) {
  check_command = "dns"
  vars.dns_lookup = zone
  name = "dns-" + zone
  display_name = zone
  vars.dns_server = "\$address\$"
  vars.dns_wtime = ${icinga_response_time_warn}
  vars.dns_ctime = ${icinga_response_time_crit}
  assign where "nameservers" in host.groups
}

apply Service "resolver" {
  check_command = "dns"
  vars.dns_lookup = "www.google.com"
  vars.dns_server = "\$address\$"
  vars.dns_wtime = ${icinga_response_time_warn}
  vars.dns_ctime = ${icinga_response_time_crit}
  assign where "idm-servers" in host.groups
}

apply Service "ldap" {
  check_command = "ldap"
  vars.ldap_port = 389
  vars.ldap_warning = ${icinga_response_time_warn}
  vars.ldap_critical = ${icinga_response_time_crit}
  vars.ldap_v2 = false
  vars.ldap_v3 = true
  vars.ldap_starttls = true
  vars.ldap_bind = "${icinga_dn}"
  vars.ldap_pass = IcingaPassword
  vars.ldap_base = "${hosts_basedn}"
  vars.ldap_attr = "(cn=" + NodeName + ")"
  assign where "idm-servers" in host.groups
}

apply Service "ldaps" {
  check_command = "ldap"
  vars.ldap_port = 636
  vars.ldap_warning = ${icinga_response_time_warn}
  vars.ldap_critical = ${icinga_response_time_crit}
  vars.ldap_v2 = false
  vars.ldap_v3 = true
  vars.ldap_ssl = true
  vars.ldap_bind = "${icinga_dn}"
  vars.ldap_pass = IcingaPassword
  vars.ldap_base = "${hosts_basedn}"
  vars.ldap_attr = "(cn=" + NodeName + ")"
  assign where "idm-servers" in host.groups
}

apply Service "imap" {
  check_command = "imap"
  vars.imap_port = 993
  vars.imap_ssl = true
  vars.imap_certificate_age = ${icinga_cert_days_warn} + "," + ${icinga_cert_days_crit}
  vars.imap_warning = ${icinga_response_time_warn}
  vars.imap_critical = ${icinga_response_time_crit}
  assign where "imap-servers" in host.groups
}

apply Service "lmtp" {
  check_command = "smtp2"
  vars.smtp_port = 25
  vars.smtp_starttls = true
  vars.smtp_lmtp = true
  vars.smtp_mail_from = "${icinga_smtp_mail_from}"
  vars.smtp_command = "RCPT TO:<" + "${icinga_lmtp_rcpt_to}" + ">"
  vars.smtp_response = "250 2.1.5 OK"
  assign where "imap-servers" in host.groups
}

apply Service "lmtp-cert" {
  display_name = "lmtp certificate"
  check_command = "smtp2"
  vars.smtp_lmtp = true
  vars.smtp_port = 25
  vars.smtp_certificate_age = ${icinga_cert_days_warn} + "," + ${icinga_cert_days_crit}
  vars.smtp_starttls = true
  assign where "imap-servers" in host.groups
}

apply Service "smtp" {
  check_command = "smtp"
  vars.smtp_port = 25
  vars.smtp_starttls = true
  vars.smtp_warning = ${icinga_response_time_warn}
  vars.smtp_critical = ${icinga_response_time_crit}
  vars.smtp_mail_from = "${icinga_smtp_mail_from}"
  vars.smtp_command = "RCPT TO:<" + "${icinga_smtp_rcpt_to}" + ">"
  vars.smtp_response = "250 2.1.5 Ok"
  assign where "smtp-servers" in host.groups
}

apply Service "smtp-cert" {
  display_name = "smtp certificate"
  check_command = "smtp"
  vars.smtp_port = 25
  vars.smtp_certificate_age = ${icinga_cert_days_warn} + "," + ${icinga_cert_days_crit}
  vars.smtp_starttls = true
  assign where "smtp-servers" in host.groups
}


apply Service "submission" {
  check_command = "smtp"
  vars.smtp_port = 587
  vars.smtp_certificate_age = ${icinga_cert_days_warn} + "," + ${icinga_cert_days_crit}
  vars.smtp_starttls = true
  vars.smtp_warning = ${icinga_response_time_warn}
  vars.smtp_critical = ${icinga_response_time_crit}
  assign where "smtp-servers" in host.groups
}

apply Service "mailq" {
  check_command = "mailq_by_ssh"
  vars.mailq_servertype = "postfix"
  vars.mailq_warning = ${icinga_mailq_warn}
  vars.mailq_critical = ${icinga_mailq_crit}
  assign where "smtp-servers" in host.groups
}

apply Service "postgres" {
  check_command = "pgsql"
  vars.pgsql_warning = ${icinga_response_time_warn}
  vars.pgsql_critical = ${icinga_response_time_crit}
  vars.pgsql_username = "${icinga_username}"
  vars.pgsql_password = IcingaPassword
  vars.pgsql_options = ["sslmode=verify-full", "sslrootcert=system"]
  assign where "postgresql-servers" in host.groups
}

apply Service "eap-cert" {
  check_command = "eapol"
  vars.eapol_secret = IcingaRadiusSecret
  vars.eapol_config_file = "${icinga_home_dir}/eap-tls.conf"
  assign where "radius-servers" in host.groups
}

apply Service "eap-ttls-pap" {
  check_command = "eapol"
  vars.eapol_secret = IcingaRadiusSecret
  vars.eapol_config_file = "${icinga_home_dir}/eap-ttls-pap.conf"
  assign where "radius-servers" in host.groups
}

apply Service "irc" {
  check_command = "tcp"
  vars.tcp_port = 6697
  vars.tcp_ssl = true
  vars.tcp_certificate = ${icinga_cert_days_warn} + "," + ${icinga_cert_days_crit}
  vars.tcp_wtime = ${icinga_response_time_warn}
  vars.tcp_ctime = ${icinga_response_time_crit}
  assign where "znc-servers" in host.groups
}

apply Service "turn" {
  check_command = "tcp"
  vars.tcp_port = 3478
  vars.tcp_wtime = ${icinga_response_time_warn}
  vars.tcp_ctime = ${icinga_response_time_crit}
  assign where "turn-servers" in host.groups
}

apply Service "cups" {
  check_command = "http"
  display_name = "cups status"
  vars.http_vhost = "\$address\$"
  vars.http_port = 631
  vars.http_expect = "HTTP/1.1 200 OK"
  vars.http_ssl = true
  vars.http_warn_time = ${icinga_response_time_warn}
  vars.http_critical_time = ${icinga_response_time_crit}
  assign where ("cups-servers" in host.groups)
}

apply Service "cups-cert" {
  check_command = "http"
  display_name = "cups certificate"
  vars.http_vhost = "\$address\$"
  vars.http_port = 631
  vars.http_ssl = true
  vars.http_certificate = ${icinga_cert_days_warn} + "," + ${icinga_cert_days_crit}
  assign where ("cups-servers" in host.groups)
}

apply Service for (vhost in host.vars.xmpp_vhosts) {
  check_command = "tcp"
  name = vhost + "-xmpp"
  display_name = vhost + " xmpp"
  vars.tcp_port = 5223
  vars.tcp_ssl = true
  vars.tcp_sni = vhost
  vars.tcp_certificate = ${icinga_cert_days_warn} + "," + ${icinga_cert_days_crit}
  vars.tcp_wtime = ${icinga_response_time_warn}
  vars.tcp_ctime = ${icinga_response_time_crit}
  vars.tcp_send = "<stream:stream to='" + vhost + "' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams'>"
  vars.tcp_expect = "<?xml version='1.0'"
}

// Expect HTTP 200
apply Service "http" {
  check_command = "http"
  display_name = "http status"
  vars.http_vhost = "\$address\$"
  vars.http_expect = "HTTP/1.1 200 OK"
  vars.http_ssl = false
  vars.http_warn_time = ${icinga_response_time_warn}
  vars.http_critical_time = ${icinga_response_time_crit}
  assign where ("pkg-repositories"  in host.groups)
}

// Expect HTTP 301
apply Service "http" {
  check_command = "http"
  display_name = "http status"
  vars.http_vhost = "\$address\$"
  vars.http_expect = "HTTP/1.1 301 Moved Permanently"
  vars.http_ssl = false
  vars.http_warn_time = ${icinga_response_time_warn}
  vars.http_critical_time = ${icinga_response_time_crit}
  assign where ("dav-servers"       in host.groups
             || "smtp-servers"      in host.groups
             || "ttrss-servers"     in host.groups
             || "invidious-servers" in host.groups
             || "nfs-servers"       in host.groups
             || "web-servers"       in host.groups
             || "xmpp-servers"      in host.groups
             || "znc-servers"       in host.groups
             || "icinga-servers"    in host.groups
             || "bitwarden-servers" in host.groups)
}

// Expect HTTP 302
apply Service "http" {
  check_command = "http"
  display_name = "http status"
  vars.http_vhost = "\$address\$"
  vars.http_expect = "HTTP/1.1 302"
  vars.http_ssl = false
  vars.http_warn_time = ${icinga_response_time_warn}
  vars.http_critical_time = ${icinga_response_time_crit}
  assign where ("unifi-controllers" in host.groups)
}

// Expect HTTPS 401
apply Service "https" {
  check_command = "http"
  display_name = "https status"
  vars.http_vhost = "\$address\$"
  vars.http_expect = "HTTP/1.1 401 Unauthorized"
  vars.http_ssl = true
  vars.http_warn_time = ${icinga_response_time_warn}
  vars.http_critical_time = ${icinga_response_time_crit}
  assign where ("dav-servers"     in host.groups
             || "smtp-servers"    in host.groups
             || "icinga-servers"  in host.groups
             || "ttrss-servers"   in host.groups)
}

// Expect HTTPS 200
apply Service "https" {
  check_command = "http"
  display_name = "https status"
  vars.http_vhost = "\$address\$"
  vars.http_expect = "HTTP/1.1 200 OK"
  vars.http_ssl = true
  vars.http_warn_time = ${icinga_response_time_warn}
  vars.http_critical_time = ${icinga_response_time_crit}
  assign where ("pkg-repositories"  in host.groups
             || "znc-servers"       in host.groups
             || "bitwarden-servers" in host.groups)
}

// Expect HTTPS 404
apply Service "https" {
  check_command = "http"
  display_name = "https status"
  vars.http_vhost = "\$address\$"
  vars.http_expect = "HTTP/1.1 404 Not Found"
  vars.http_ssl = true
  vars.http_warn_time = ${icinga_response_time_warn}
  vars.http_critical_time = ${icinga_response_time_crit}
  assign where ("nfs-servers" in host.groups)
}

// Expect HTTPS 302
apply Service "https" {
  check_command = "http"
  display_name = "https status"
  vars.http_vhost = "\$address\$"
  vars.http_expect = "HTTP/1.1 302"
  vars.http_ssl = true
  vars.http_warn_time = ${icinga_response_time_warn}
  vars.http_critical_time = ${icinga_response_time_crit}
  assign where ("unifi-controllers" in host.groups
             || "invidious-servers" in host.groups)
}

// Certificate validity
apply Service "https-cert" {
  check_command = "http"
  display_name = "https certificate"
  vars.http_vhost = "\$address\$"
  vars.http_ssl = true
  vars.http_certificate = ${icinga_cert_days_warn} + "," + ${icinga_cert_days_crit}
  assign where (("invidious-servers" in host.groups
             || "nfs-servers"       in host.groups
             || "pkg-repositories"  in host.groups
             || "unifi-controllers" in host.groups
             || "web-servers"       in host.groups
             || "znc-servers"       in host.groups
             || "bitwarden-servers" in host.groups
             || "dav-servers"       in host.groups
             || "smtp-servers"      in host.groups
             || "icinga-servers"    in host.groups
             || "web-servers"       in host.groups
             || "ttrss-servers"     in host.groups)
             && !host.vars.https_vhosts)
}

// Certificate validity
apply Service for (vhost in host.vars.https_vhosts) {
  check_command = "http"
  name = vhost + "-https-cert"
  display_name = vhost + " https certificate"
  vars.http_vhost = vhost
  vars.http_expect = "HTTP/1.1 200 OK"
  vars.http_ssl = true
  vars.http_sni = true
  vars.http_certificate = ${icinga_cert_days_warn} + "," + ${icinga_cert_days_crit}
}

// Expect HTTPS 200
apply Service for (vhost in host.vars.https_vhosts) {
  check_command = "http"
  name = vhost + "-https-status"
  display_name = vhost + " https status"
  vars.http_vhost = vhost
  vars.http_ssl = true
  vars.http_sni = true
  vars.http_expect = "HTTP/1.1 200 OK"
  vars.http_warn_time = ${icinga_response_time_warn}
  vars.http_critical_time = ${icinga_response_time_crit}
}