aboutsummaryrefslogtreecommitdiff
path: root/files/usr/local/etc/icinga2/conf.d
diff options
context:
space:
mode:
authorCullum Smith <cullum@sacredheartsc.com>2024-10-26 00:07:03 -0400
committerCullum Smith <cullum@sacredheartsc.com>2024-10-26 00:07:03 -0400
commit6e2a5993ce470341bed0e0c6ba8e44de3712d50e (patch)
tree7a6bad35bac69e5f9264a5dde460335b1068ec9e /files/usr/local/etc/icinga2/conf.d
parent7bb5176a0e1d3a7d8a119b92758404d514f59be9 (diff)
downloadinfrastructure-6e2a5993ce470341bed0e0c6ba8e44de3712d50e.tar.gz
more icinga stuff
Diffstat (limited to 'files/usr/local/etc/icinga2/conf.d')
-rw-r--r--files/usr/local/etc/icinga2/conf.d/commands.conf.icinga_server207
-rw-r--r--files/usr/local/etc/icinga2/conf.d/downtimes.conf.icinga_server1
-rw-r--r--files/usr/local/etc/icinga2/conf.d/hosts.conf.icinga_server106
-rw-r--r--files/usr/local/etc/icinga2/conf.d/notifications.conf.icinga_server38
-rw-r--r--files/usr/local/etc/icinga2/conf.d/services.conf.icinga_server296
-rw-r--r--files/usr/local/etc/icinga2/conf.d/templates.conf.icinga_server35
-rw-r--r--files/usr/local/etc/icinga2/conf.d/users.conf.icinga_server13
7 files changed, 543 insertions, 153 deletions
diff --git a/files/usr/local/etc/icinga2/conf.d/commands.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/commands.conf.icinga_server
index dd78f14..f8017ec 100644
--- a/files/usr/local/etc/icinga2/conf.d/commands.conf.icinga_server
+++ b/files/usr/local/etc/icinga2/conf.d/commands.conf.icinga_server
@@ -1,40 +1,189 @@
object NotificationCommand "mail-host-notification" {
command = [ ConfigDir + "/scripts/mail-host-notification.sh" ]
- env = {
- NOTIFICATIONTYPE = "$notification.type$"
- HOSTDISPLAYNAME = "$host.display_name$"
- HOSTNAME = "$host.name$"
- HOSTADDRESS = "$address$"
- HOSTSTATE = "$host.state$"
- LONGDATETIME = "$icinga.long_date_time$"
- HOSTOUTPUT = "$host.output$"
- NOTIFICATIONAUTHORNAME = "$notification.author$"
- NOTIFICATIONCOMMENT = "$notification.comment$"
- HOSTDISPLAYNAME = "$host.display_name$"
- USEREMAIL = "$user.email$"
- HOSTNOTES = "$host.notes$"
+ arguments += {
+ "-4" = "$notification_address$"
+ "-6" = "$notification_address6$"
+ "-b" = "$notification_author$"
+ "-c" = "$notification_comment$"
+ "-d" = {
+ required = true
+ value = "$notification_date$"
+ }
+ "-f" = {
+ value = "$notification_from$"
+ description = "Set from address. Requires GNU mailutils (Debian/Ubuntu) or mailx (RHEL/SUSE)"
+ }
+ "-i" = "$notification_icingaweb2url$"
+ "-l" = {
+ required = true
+ value = "$notification_hostname$"
+ }
+ "-n" = {
+ required = true
+ value = "$notification_hostdisplayname$"
+ }
+ "-o" = {
+ required = true
+ value = "$notification_hostoutput$"
+ }
+ "-r" = {
+ required = true
+ value = "$notification_useremail$"
+ }
+ "-s" = {
+ required = true
+ value = "$notification_hoststate$"
+ }
+ "-X" = "$notification_hostnotes$"
+ "-t" = {
+ required = true
+ value = "$notification_type$"
+ }
+ "-v" = "$notification_logtosyslog$"
+ }
+
+ vars += {
+ notification_address = "$address$"
+ notification_address6 = "$address6$"
+ notification_author = "$notification.author$"
+ notification_comment = "$notification.comment$"
+ notification_type = "$notification.type$"
+ notification_date = "$icinga.long_date_time$"
+ notification_hostname = "$host.name$"
+ notification_hostdisplayname = "$host.display_name$"
+ notification_hostoutput = "$host.output$"
+ notification_hoststate = "$host.state$"
+ notification_useremail = "$user.email$"
+ notification_hostnotes = "$host.notes$"
}
}
object NotificationCommand "mail-service-notification" {
command = [ ConfigDir + "/scripts/mail-service-notification.sh" ]
- env = {
- NOTIFICATIONTYPE = "$notification.type$"
- SERVICENAME = "$service.name$"
- HOSTNAME = "$host.name$"
- HOSTDISPLAYNAME = "$host.display_name$"
- HOSTADDRESS = "$address$"
- SERVICESTATE = "$service.state$"
- LONGDATETIME = "$icinga.long_date_time$"
- SERVICEOUTPUT = "$service.output$"
- NOTIFICATIONAUTHORNAME = "$notification.author$"
- NOTIFICATIONCOMMENT = "$notification.comment$"
- HOSTDISPLAYNAME = "$host.display_name$"
- SERVICEDISPLAYNAME = "$service.display_name$"
- USEREMAIL = "$user.email$"
- HOSTNOTES = "$host.notes$"
- SERVICENOTES = "$service.notes$"
+ arguments += {
+ "-4" = "$notification_address$"
+ "-6" = "$notification_address6$"
+ "-b" = "$notification_author$"
+ "-c" = "$notification_comment$"
+ "-d" = {
+ required = true
+ value = "$notification_date$"
+ }
+ "-e" = {
+ required = true
+ value = "$notification_servicename$"
+ }
+ "-f" = {
+ value = "$notification_from$"
+ description = "Set from address. Requires GNU mailutils (Debian/Ubuntu) or mailx (RHEL/SUSE)"
+ }
+ "-i" = "$notification_icingaweb2url$"
+ "-l" = {
+ required = true
+ value = "$notification_hostname$"
+ }
+ "-n" = {
+ required = true
+ value = "$notification_hostdisplayname$"
+ }
+ "-o" = {
+ required = true
+ value = "$notification_serviceoutput$"
+ }
+ "-r" = {
+ required = true
+ value = "$notification_useremail$"
+ }
+ "-s" = {
+ required = true
+ value = "$notification_servicestate$"
+ }
+ "-t" = {
+ required = true
+ value = "$notification_type$"
+ }
+ "-X" = "$notification_hostnotes$"
+ "-x" = "$notification_servicenotes$"
+ "-u" = {
+ required = true
+ value = "$notification_servicedisplayname$"
+ }
+ "-v" = "$notification_logtosyslog$"
+ }
+
+ vars += {
+ notification_address = "$address$"
+ notification_address6 = "$address6$"
+ notification_author = "$notification.author$"
+ notification_comment = "$notification.comment$"
+ notification_type = "$notification.type$"
+ notification_date = "$icinga.long_date_time$"
+ notification_hostname = "$host.name$"
+ notification_hostdisplayname = "$host.display_name$"
+ notification_servicename = "$service.name$"
+ notification_serviceoutput = "$service.output$"
+ notification_servicestate = "$service.state$"
+ notification_useremail = "$user.email$"
+ notification_servicedisplayname = "$service.display_name$"
+ notification_hostnotes = "$host.notes$"
+ notification_servicenotes = "$service.notes$"
+ }
+}
+
+object CheckCommand "eapol" {
+ command = [ PluginDir + "/check_eapol" ]
+ arguments = {
+ "-c" = {
+ value = "$eapol_config_file$"
+ required = true
+ description = "Path to wpa_supplicant config file"
+ }
+ "-a" = {
+ value = "$eapol_address$"
+ required = true
+ description = "IP address of the RADIUS server"
+ }
+ "-p" = {
+ value = "$eapol_port$"
+ required = true
+ description = "Port of the RADIUS server"
+ }
+ "-s" = {
+ value = "$eapol_secret$"
+ required = true
+ description = "Shared secret with the RADIUS server"
+ }
+ "-t" = {
+ value = "$eapol_timeout$"
+ description = "Timeout in seconds"
+ }
+ "-d" = {
+ set_if = "$eapol_debug$"
+ description = "Enable debugging output"
+ }
}
+
+ vars.eapol_timeout = 5
+ vars.eapol_port = 1812
+ vars.eapol_address = "$host.address$"
+ vars.eapol_debug = false
+}
+
+object CheckCommand "smtp2" {
+ import "smtp"
+ arguments += {
+ "-L" = {
+ set_if = "$smtp_lmtp$"
+ description = "Send LHLO instead of HELO/EHLO"
+ }
+ }
+}
+
+object CheckCommand "mailq_by_ssh" {
+ import "mailq"
+ import "by_ssh"
+ vars.by_ssh_command = {{ get_check_command("mailq").command }}
+ vars.by_ssh_arguments = {{ get_check_command("mailq").arguments }}
}
diff --git a/files/usr/local/etc/icinga2/conf.d/downtimes.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/downtimes.conf.icinga_server
index e69de29..49a9912 100644
--- a/files/usr/local/etc/icinga2/conf.d/downtimes.conf.icinga_server
+++ b/files/usr/local/etc/icinga2/conf.d/downtimes.conf.icinga_server
@@ -0,0 +1 @@
+// No downtimes
diff --git a/files/usr/local/etc/icinga2/conf.d/hosts.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/hosts.conf.icinga_server
index dbc2a54..65a3d6d 100644
--- a/files/usr/local/etc/icinga2/conf.d/hosts.conf.icinga_server
+++ b/files/usr/local/etc/icinga2/conf.d/hosts.conf.icinga_server
@@ -1,3 +1,103 @@
-/*
- * Add custom hosts here.
- */
+// TODO: we can generate this from LDAP.
+
+object Host "icinga1" {
+ address = "icinga1.${domain}"
+ check_command = "dummy"
+ vars.os = "FreeBSD"
+}
+
+object Host "idm1" {
+ address = "idm1.${domain}"
+ vars.os = "FreeBSD"
+}
+
+object Host "idm2" {
+ address = "idm2.${domain}"
+ vars.os = "FreeBSD"
+}
+
+object Host "pkg1" {
+ address = "pkg1.${domain}"
+ vars.os = "FreeBSD"
+}
+
+object Host "smtp1" {
+ address = "smtp1.${domain}"
+ vars.os = "FreeBSD"
+}
+
+object Host "imap1" {
+ address = "imap1.${domain}"
+ vars.os = "FreeBSD"
+}
+
+object Host "postgres1" {
+ address = "postgres1.${domain}"
+ vars.os = "FreeBSD"
+}
+
+object Host "turn1" {
+ address = "turn1.${domain}"
+ vars.os = "FreeBSD"
+}
+
+object Host "xmpp1" {
+ address = "xmpp1.${domain}"
+ vars.os = "FreeBSD"
+}
+
+object Host "www1" {
+ address = "www1.${domain}"
+ vars.os = "FreeBSD"
+}
+
+object Host "dav1" {
+ address = "dav1.${domain}"
+ vars.os = "FreeBSD"
+}
+
+object Host "ttrss1" {
+ address = "ttrss1.${domain}"
+ vars.os = "FreeBSD"
+}
+
+object Host "bitwarden1" {
+ address = "bitwarden1.${domain}"
+ vars.os = "FreeBSD"
+}
+
+object Host "znc1" {
+ address = "znc1.${domain}"
+ vars.os = "FreeBSD"
+}
+
+object Host "cups1" {
+ address = "cups1.${domain}"
+ vars.os = "FreeBSD"
+}
+
+object Host "invidious1" {
+ address = "invidious1.${domain}"
+ vars.os = "FreeBSD"
+}
+
+object Host "radius1" {
+ // We must use the raw IP address because eapol_test does not resolve hostnames.
+ address = "$(host "radius1.${domain}" | awk '{print $NF}')"
+ vars.os = "FreeBSD"
+}
+
+object Host "unifi1" {
+ address = "unifi1.${domain}"
+ vars.os = "FreeBSD"
+}
+
+object Host "nfs1" {
+ address = "nfs1.${domain}"
+ vars.os = "FreeBSD"
+}
+
+object Host "desktop1" {
+ address = "desktop1.${domain}"
+ vars.os = "FreeBSD"
+}
diff --git a/files/usr/local/etc/icinga2/conf.d/notifications.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/notifications.conf.icinga_server
index effff9e..4f581cc 100644
--- a/files/usr/local/etc/icinga2/conf.d/notifications.conf.icinga_server
+++ b/files/usr/local/etc/icinga2/conf.d/notifications.conf.icinga_server
@@ -1,23 +1,33 @@
-apply Notification "mail-icingaadmin" to Host {
- import "mail-host-notification"
- user_groups = host.vars.notification.mail.groups
- users = host.vars.notification.mail.users
+apply Notification "email" to Host {
+ command = "mail-host-notification"
- //interval = 2h
+ states = [ Up, Down ]
+ types = [ Problem, Acknowledgement, Recovery, Custom,
+ FlappingStart, FlappingEnd,
+ DowntimeStart, DowntimeEnd, DowntimeRemoved ]
- //vars.notification_logtosyslog = true
+ users = [ "sysadmins" ]
- assign where host.vars.notification.mail
+ vars += {
+ notification_icingaweb2url = "https://${icinga_fqdn}"
+ }
+
+ assign where true
}
-apply Notification "mail-icingaadmin" to Service {
- import "mail-service-notification"
- user_groups = host.vars.notification.mail.groups
- users = host.vars.notification.mail.users
+apply Notification "email" to Service {
+ command = "mail-service-notification"
+
+ states = [ OK, Warning, Critical, Unknown ]
+ types = [ Problem, Acknowledgement, Recovery, Custom,
+ FlappingStart, FlappingEnd,
+ DowntimeStart, DowntimeEnd, DowntimeRemoved ]
- //interval = 2h
+ users = [ "sysadmins" ]
- //vars.notification_logtosyslog = true
+ vars += {
+ notification_icingaweb2url = "https://${icinga_fqdn}"
+ }
- assign where host.vars.notification.mail
+ assign where true
}
diff --git a/files/usr/local/etc/icinga2/conf.d/services.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/services.conf.icinga_server
index 5b00864..8d0433f 100644
--- a/files/usr/local/etc/icinga2/conf.d/services.conf.icinga_server
+++ b/files/usr/local/etc/icinga2/conf.d/services.conf.icinga_server
@@ -1,165 +1,331 @@
+apply Service "icinga" {
+ check_command = "icinga"
+ assign where host.name == NodeName
+}
+
+apply Service "icingadb" {
+ check_command = "icingadb"
+ assign where host.name == NodeName
+}
+
apply Service "ssh" {
- import "generic-service"
check_command = "ssh"
- assign where host.vars.os in ["FreeBSD","Linux"]
+ assign where host.vars.os in ["FreeBSD"," Linux"]
}
-apply Service "icinga" {
- import "generic-service"
- check_command = "icinga"
+apply Service "upstream-packet-loss" {
+ check_command = "ping"
+ display_name = "upstream packet loss"
+ vars.ping_address = "${icinga_upstream_ping_address}"
+ vars.ping_wpl = ${icinga_upstream_packet_loss_warn}
+ vars.ping_cpl = ${icinga_upstream_packet_loss_crit}
+ vars.ping_wrta = ${icinga_upstream_latency_warn}
+ vars.ping_crta = ${icinga_upstream_latency_crit}
+ vars.ping_packets = ${icinga_upstream_packet_count}
assign where host.name == NodeName
}
apply Service "dns" {
- import "generic-service"
check_command = "dns"
- vars.dns_lookup = "$address$"
- vars.dns_server = "$address$"
- vars.dns_wtime = ResponseTimeWarn
- vars.dns_ctime = ResponseTimeCrit
+ vars.dns_lookup = "\$address\$"
+ vars.dns_server = "\$address\$"
+ vars.dns_wtime = ${icinga_response_time_warn}
+ vars.dns_ctime = ${icinga_response_time_crit}
+ assign where "idm-servers" in host.groups
+}
+
+apply Service "resolver" {
+ check_command = "dns"
+ vars.dns_lookup = "www.google.com"
+ vars.dns_server = "\$address\$"
+ vars.dns_wtime = ${icinga_response_time_warn}
+ vars.dns_ctime = ${icinga_response_time_crit}
assign where "idm-servers" in host.groups
}
apply Service "ldap" {
- import "generic-service"
check_command = "ldap"
vars.ldap_port = 389
- vars.ldap_warning = ResponseTimeWarn
- vars.ldap_critical = ResponseTimeCrit
+ vars.ldap_warning = ${icinga_response_time_warn}
+ vars.ldap_critical = ${icinga_response_time_crit}
vars.ldap_v2 = false
vars.ldap_v3 = true
vars.ldap_starttls = true
- vars.ldap_bind = IcingaDN
+ vars.ldap_bind = "${icinga_dn}"
vars.ldap_pass = IcingaPassword
- vars.ldap_base = HostsBaseDn
+ vars.ldap_base = "${hosts_basedn}"
vars.ldap_attr = "(cn=" + NodeName + ")"
assign where "idm-servers" in host.groups
}
apply Service "ldaps" {
- import "generic-service"
check_command = "ldap"
vars.ldap_port = 636
- vars.ldap_warning = ResponseTimeWarn
- vars.ldap_critical = ResponseTimeCrit
+ vars.ldap_warning = ${icinga_response_time_warn}
+ vars.ldap_critical = ${icinga_response_time_crit}
vars.ldap_v2 = false
vars.ldap_v3 = true
vars.ldap_ssl = true
- vars.ldap_bind = IcingaDN
+ vars.ldap_bind = "${icinga_dn}"
vars.ldap_pass = IcingaPassword
- vars.ldap_base = HostsBaseDn
+ vars.ldap_base = "${hosts_basedn}"
vars.ldap_attr = "(cn=" + NodeName + ")"
assign where "idm-servers" in host.groups
}
apply Service "imap" {
- import "generic-service"
check_command = "imap"
vars.imap_port = 993
vars.imap_ssl = true
- vars.imap_certificate_age = CertDaysWarn
- vars.imap_warning = ResponseTimeWarn
- vars.imap_critical = ResponseTimeCrit
+ vars.imap_certificate_age = ${icinga_cert_days_warn} + "," + ${icinga_cert_days_crit}
+ vars.imap_warning = ${icinga_response_time_warn}
+ vars.imap_critical = ${icinga_response_time_crit}
+ assign where "imap-servers" in host.groups
+}
+
+apply Service "lmtp" {
+ check_command = "smtp2"
+ vars.smtp_port = 25
+ vars.smtp_starttls = true
+ vars.smtp_lmtp = true
+ vars.smtp_mail_from = "${icinga_smtp_mail_from}"
+ vars.smtp_command = "RCPT TO:<" + "${icinga_lmtp_rcpt_to}" + ">"
+ vars.smtp_response = "250 2.1.5 OK"
+ assign where "imap-servers" in host.groups
+}
+
+apply Service "lmtp-cert" {
+ display_name = "lmtp certificate"
+ check_command = "smtp2"
+ vars.smtp_lmtp = true
+ vars.smtp_port = 25
+ vars.smtp_certificate_age = ${icinga_cert_days_warn} + "," + ${icinga_cert_days_crit}
+ vars.smtp_starttls = true
assign where "imap-servers" in host.groups
}
apply Service "smtp" {
- import "generic-service"
check_command = "smtp"
vars.smtp_port = 25
- vars.smtp_certificate_age = CertDaysWarn
vars.smtp_starttls = true
- vars.smtp_warning = ResponseTimeWarn
- vars.smtp_critical = ResponseTimeCrit
+ vars.smtp_warning = ${icinga_response_time_warn}
+ vars.smtp_critical = ${icinga_response_time_crit}
+ vars.smtp_mail_from = "${icinga_smtp_mail_from}"
+ vars.smtp_command = "RCPT TO:<" + "${icinga_smtp_rcpt_to}" + ">"
+ vars.smtp_response = "250 2.1.5 Ok"
+ assign where "smtp-servers" in host.groups
+}
+
+apply Service "smtp-cert" {
+ display_name = "smtp certificate"
+ check_command = "smtp"
+ vars.smtp_port = 25
+ vars.smtp_certificate_age = ${icinga_cert_days_warn} + "," + ${icinga_cert_days_crit}
+ vars.smtp_starttls = true
assign where "smtp-servers" in host.groups
}
+
apply Service "submission" {
- import "generic-service"
check_command = "smtp"
vars.smtp_port = 587
- vars.smtp_certificate_age = CertDaysWarn
+ vars.smtp_certificate_age = ${icinga_cert_days_warn} + "," + ${icinga_cert_days_crit}
vars.smtp_starttls = true
- vars.smtp_warning = ResponseTimeWarn
- vars.smtp_critical = ResponseTimeCrit
+ vars.smtp_warning = ${icinga_response_time_warn}
+ vars.smtp_critical = ${icinga_response_time_crit}
+ assign where "smtp-servers" in host.groups
+}
+
+apply Service "mailq" {
+ check_command = "mailq_by_ssh"
+ vars.mailq_servertype = "postfix"
+ vars.mailq_warning = ${icinga_mailq_warn}
+ vars.mailq_critical = ${icinga_mailq_crit}
assign where "smtp-servers" in host.groups
}
apply Service "postgres" {
- import "generic-service"
check_command = "pgsql"
- vars.pgsql_warning = ResponseTimeWarn
- vars.pgsql_critical = ResponseTimeCrit
- vars.pgsql_username = IcingaUsername
+ vars.pgsql_warning = ${icinga_response_time_warn}
+ vars.pgsql_critical = ${icinga_response_time_crit}
+ vars.pgsql_username = "${icinga_username}"
vars.pgsql_password = IcingaPassword
+ vars.pgsql_options = ["sslmode=verify-full", "sslrootcert=system"]
assign where "postgresql-servers" in host.groups
}
+apply Service "eap-cert" {
+ check_command = "eapol"
+ vars.eapol_secret = IcingaRadiusSecret
+ vars.eapol_config_file = "${icinga_home_dir}/eap-tls.conf"
+ assign where "radius-servers" in host.groups
+}
+
+apply Service "eap-ttls-pap" {
+ check_command = "eapol"
+ vars.eapol_secret = IcingaRadiusSecret
+ vars.eapol_config_file = "${icinga_home_dir}/eap-ttls-pap.conf"
+ assign where "radius-servers" in host.groups
+}
+
+apply Service "irc" {
+ check_command = "tcp"
+ vars.tcp_port = 6697
+ vars.tcp_ssl = true
+ vars.tcp_certificate = ${icinga_cert_days_warn} + "," + ${icinga_cert_days_crit}
+ vars.tcp_wtime = ${icinga_response_time_warn}
+ vars.tcp_ctime = ${icinga_response_time_crit}
+ assign where "znc-servers" in host.groups
+}
+
+apply Service "turn" {
+ check_command = "tcp"
+ vars.tcp_port = 3478
+ vars.tcp_wtime = ${icinga_response_time_warn}
+ vars.tcp_ctime = ${icinga_response_time_crit}
+ assign where "turn-servers" in host.groups
+}
+
+apply Service "cups" {
+ check_command = "http"
+ display_name = "cups status"
+ vars.http_vhost = "\$address\$"
+ vars.http_port = 631
+ vars.http_expect = "HTTP/1.1 200 OK"
+ vars.http_ssl = true
+ vars.http_warn_time = ${icinga_response_time_warn}
+ vars.http_critical_time = ${icinga_response_time_crit}
+ assign where ("cups-servers" in host.groups)
+}
+
+apply Service "cups-cert" {
+ check_command = "http"
+ display_name = "cups certificate"
+ vars.http_vhost = "\$address\$"
+ vars.http_port = 631
+ vars.http_ssl = true
+ vars.http_certificate = ${icinga_cert_days_warn} + "," + ${icinga_cert_days_crit}
+ assign where ("cups-servers" in host.groups)
+}
+
// Expect HTTP 200
apply Service "http" {
- import "generic-service"
check_command = "http"
- vars.http_vhost = "$address$"
+ display_name = "http status"
+ vars.http_vhost = "\$address\$"
vars.http_expect = "HTTP/1.1 200 OK"
vars.http_ssl = false
- vars.http_warn_time = ResponseTimeWarn
- vars.http_critical_time = ResponseTimeCrit
- assign where ("cups-servers" in host.groups
- || "pkg-repositories" in host.groups)
+ vars.http_warn_time = ${icinga_response_time_warn}
+ vars.http_critical_time = ${icinga_response_time_crit}
+ assign where ("pkg-repositories" in host.groups)
}
// Expect HTTP 301
apply Service "http" {
- import "generic-service"
check_command = "http"
- vars.http_vhost = "$address$"
+ display_name = "http status"
+ vars.http_vhost = "\$address\$"
vars.http_expect = "HTTP/1.1 301 Moved Permanently"
vars.http_ssl = false
- vars.http_warn_time = ResponseTimeWarn
- vars.http_critical_time = ResponseTimeCrit
+ vars.http_warn_time = ${icinga_response_time_warn}
+ vars.http_critical_time = ${icinga_response_time_crit}
assign where ("dav-servers" in host.groups
|| "smtp-servers" in host.groups
|| "ttrss-servers" in host.groups
|| "invidious-servers" in host.groups
|| "nfs-servers" in host.groups
- || "pkg-servers" in host.groups
- || "unifi-controllers" in host.groups
|| "web-servers" in host.groups
|| "xmpp-servers" in host.groups
- || "znc-servers" in host.groups)
+ || "znc-servers" in host.groups
+ || "icinga-servers" in host.groups
+ || "bitwarden-servers" in host.groups)
+}
+
+// Expect HTTP 302
+apply Service "http" {
+ check_command = "http"
+ display_name = "http status"
+ vars.http_vhost = "\$address\$"
+ vars.http_expect = "HTTP/1.1 302"
+ vars.http_ssl = false
+ vars.http_warn_time = ${icinga_response_time_warn}
+ vars.http_critical_time = ${icinga_response_time_crit}
+ assign where ("unifi-controllers" in host.groups)
}
// Expect HTTPS 401
apply Service "https" {
- import "generic-service"
check_command = "http"
- vars.http_vhost = "$address$"
+ display_name = "https status"
+ vars.http_vhost = "\$address\$"
vars.http_expect = "HTTP/1.1 401 Unauthorized"
vars.http_ssl = true
- vars.http_certificate = CertDaysWarn + "," + CertDaysCrit
- vars.http_warn_time = ResponseTimeWarn
- vars.http_critical_time = ResponseTimeCrit
- assign where ("dav-servers" in host.groups
- || "cups-servers" in host.groups
- || "smtp-servers" in host.groups
- || "ttrss-servers" in host.groups)
+ vars.http_warn_time = ${icinga_response_time_warn}
+ vars.http_critical_time = ${icinga_response_time_crit}
+ assign where ("dav-servers" in host.groups
+ || "smtp-servers" in host.groups
+ || "icinga-servers" in host.groups
+ || "ttrss-servers" in host.groups)
}
// Expect HTTPS 200
apply Service "https" {
- import "generic-service"
check_command = "http"
- vars.http_vhost = "$address$"
+ display_name = "https status"
+ vars.http_vhost = "\$address\$"
vars.http_expect = "HTTP/1.1 200 OK"
vars.http_ssl = true
- vars.http_certificate = CertDaysWarn + "," + CertDaysCrit
- vars.http_warn_time = ResponseTimeWarn
- vars.http_critical_time = ResponseTimeCrit
+ vars.http_warn_time = ${icinga_response_time_warn}
+ vars.http_critical_time = ${icinga_response_time_crit}
+ assign where ("pkg-repositories" in host.groups
+ || "web-servers" in host.groups
+ || "xmpp-servers" in host.groups
+ || "znc-servers" in host.groups
+ || "bitwarden-servers" in host.groups)
+}
+
+// Expect HTTPS 404
+apply Service "https" {
+ check_command = "http"
+ display_name = "https status"
+ vars.http_vhost = "\$address\$"
+ vars.http_expect = "HTTP/1.1 404 Not Found"
+ vars.http_ssl = true
+ vars.http_warn_time = ${icinga_response_time_warn}
+ vars.http_critical_time = ${icinga_response_time_crit}
+ assign where ("nfs-servers" in host.groups)
+}
+
+// Expect HTTPS 302
+apply Service "https" {
+ check_command = "http"
+ display_name = "https status"
+ vars.http_vhost = "\$address\$"
+ vars.http_expect = "HTTP/1.1 302"
+ vars.http_ssl = true
+ vars.http_warn_time = ${icinga_response_time_warn}
+ vars.http_critical_time = ${icinga_response_time_crit}
+ assign where ("unifi-controllers" in host.groups
+ || "invidious-servers" in host.groups)
+}
+
+// Certificate validity
+apply Service "https-cert" {
+ check_command = "http"
+ display_name = "https certificate"
+ vars.http_vhost = "\$address\$"
+ vars.http_ssl = true
+ vars.http_certificate = ${icinga_cert_days_warn} + "," + ${icinga_cert_days_crit}
assign where ("invidious-servers" in host.groups
|| "nfs-servers" in host.groups
- || "pkg-servers" in host.groups
+ || "pkg-repositories" in host.groups
|| "unifi-controllers" in host.groups
|| "web-servers" in host.groups
|| "xmpp-servers" in host.groups
- || "znc-servers" in host.groups)
+ || "znc-servers" in host.groups
+ || "bitwarden-servers" in host.groups
+ || "dav-servers" in host.groups
+ || "smtp-servers" in host.groups
+ || "icinga-servers" in host.groups
+ || "ttrss-servers" in host.groups)
}
diff --git a/files/usr/local/etc/icinga2/conf.d/templates.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/templates.conf.icinga_server
index 1aae5ac..0ebe46e 100644
--- a/files/usr/local/etc/icinga2/conf.d/templates.conf.icinga_server
+++ b/files/usr/local/etc/icinga2/conf.d/templates.conf.icinga_server
@@ -12,39 +12,10 @@ template Service "generic-service" default {
}
template User "generic-user" default {
-
-}
-
-template Notification "mail-host-notification" {
- command = "mail-host-notification"
-
- states = [ Up, Down ]
- types = [ Problem, Acknowledgement, Recovery, Custom,
- FlappingStart, FlappingEnd,
- DowntimeStart, DowntimeEnd, DowntimeRemoved ]
-
- vars += {
- // notification_icingaweb2url = "https://www.example.com/icingaweb2"
- // notification_from = "Icinga 2 Host Monitoring <icinga@example.com>"
- notification_logtosyslog = false
- }
-
- period = "24x7"
}
-template Notification "mail-service-notification" {
- command = "mail-service-notification"
-
- states = [ OK, Warning, Critical, Unknown ]
- types = [ Problem, Acknowledgement, Recovery, Custom,
- FlappingStart, FlappingEnd,
- DowntimeStart, DowntimeEnd, DowntimeRemoved ]
-
- vars += {
- // notification_icingaweb2url = "https://www.example.com/icingaweb2"
- // notification_from = "Icinga 2 Service Monitoring <icinga@example.com>"
- notification_logtosyslog = false
- }
-
+template Notification "generic-notification" default {
+ // Don't repeat notifications.
+ interval = 0
period = "24x7"
}
diff --git a/files/usr/local/etc/icinga2/conf.d/users.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/users.conf.icinga_server
index 1ddaf55..5d3f19d 100644
--- a/files/usr/local/etc/icinga2/conf.d/users.conf.icinga_server
+++ b/files/usr/local/etc/icinga2/conf.d/users.conf.icinga_server
@@ -1,12 +1,5 @@
-object User "icingaadmin" {
+object User "sysadmins" {
import "generic-user"
-
- display_name = "Icinga 2 Admin"
- groups = [ "icingaadmins" ]
-
- email = "icinga@localhost"
-}
-
-object UserGroup "icingaadmins" {
- display_name = "Icinga 2 Admin Group"
+ display_name = "System Administrators"
+ email = "${icinga_notification_mail_to}"
}