aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCullum Smith <cullum@sacredheartsc.com>2024-10-26 09:13:22 -0400
committerCullum Smith <cullum@sacredheartsc.com>2024-10-26 09:13:22 -0400
commit6566745769b86f19d5d3b54f7de7f0c89a103b23 (patch)
treebba88c45df351316dedd5f2c38faebb20cd4859b
parenteafeea317761bae375e591f763fb42c4664aa74e (diff)
downloadinfrastructure-6566745769b86f19d5d3b54f7de7f0c89a103b23.tar.gz
icinga cleanup
Diffstat
-rw-r--r--scripts/hostclass/icinga_server/40-plugins21
1 files changed, 9 insertions, 12 deletions
diff --git a/scripts/hostclass/icinga_server/40-plugins b/scripts/hostclass/icinga_server/40-plugins
index a0fb36a..673b7aa 100644
--- a/scripts/hostclass/icinga_server/40-plugins
+++ b/scripts/hostclass/icinga_server/40-plugins
@@ -1,9 +1,16 @@
#!/bin/sh
-# These are used for RADIUS authentication checks.
icinga_tls_client_cert="${icinga_home_dir}/${icinga_username}.crt"
icinga_tls_client_key="${icinga_home_dir}/${icinga_username}.key"
+# Copy icinga ssh private key.
+install_directory -m 0755 -o "$icinga_local_user" -g "$icinga_local_user" "${icinga_home_dir}/.ssh"
+install_file -m 0600 -o "$icinga_local_user" -g "$icinga_local_user" "${icinga_home_dir}/.ssh/id_ed25519"
+
+# Generate ssh client configuration.
+install_directory -m 0700 -o "$icinga_local_user" -g "$icinga_local_user" "${icinga_home_dir}/.ssh/sockets"
+install_file -m 0600 -o "$icinga_local_user" -g "$icinga_local_user" "${icinga_home_dir}/.ssh/config"
+
# Install package dependencies for custom plugins.
pkg install -y \
wpa_supplicant
@@ -12,25 +19,15 @@ pkg install -y \
install_file -m 0555 \
"${icinga_plugin_dir}/check_eapol"
-# Create wpa_supplicant file for radius checks.
+# Generate configs for check_eapol (RADIUS auth checks)
install_template -m 0640 -g "$icinga_local_user" "${icinga_home_dir}/eap-ttls-pap.conf"
install_template -m 0640 -g "$icinga_local_user" "${icinga_home_dir}/eap-tls.conf"
-# Add icinga user to wifi access role.
ldap_add "cn=${wifi_access_role},${roles_basedn}" <<EOF
objectClass: groupOfMembers
cn: ${wifi_access_role}
EOF
ldap_add_attribute "cn=${wifi_access_role},${roles_basedn}" member "$icinga_dn"
-# Copy icinga client certificate.
install_certificate -g "$icinga_local_user" icinga "$icinga_tls_client_cert"
install_certificate_key -m 0640 -g "$icinga_local_user" icinga "$icinga_tls_client_key"
-
-# Copy icinga ssh key.
-install_directory -m 0755 -o "$icinga_local_user" -g "$icinga_local_user" "${icinga_home_dir}/.ssh"
-install_directory -m 0700 -o "$icinga_local_user" -g "$icinga_local_user" "${icinga_home_dir}/.ssh/sockets"
-install_file -m 0600 -o "$icinga_local_user" -g "$icinga_local_user" "${icinga_home_dir}/.ssh/id_ed25519"
-
-# Generate ssh client configuration.
-install_file -m 0600 -o "$icinga_local_user" -g "$icinga_local_user" "${icinga_home_dir}/.ssh/config"
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-27 20:48:19 -0500