aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--files/usr/local/etc/icinga2/conf.d/app.conf.icinga_server1
-rw-r--r--files/usr/local/etc/icinga2/conf.d/commands.conf.icinga_server40
-rw-r--r--files/usr/local/etc/icinga2/conf.d/downtimes.conf.icinga_server0
-rw-r--r--files/usr/local/etc/icinga2/conf.d/groups.conf.icinga_server119
-rw-r--r--files/usr/local/etc/icinga2/conf.d/hosts.conf.icinga_server3
-rw-r--r--files/usr/local/etc/icinga2/conf.d/notifications.conf.icinga_server23
-rw-r--r--files/usr/local/etc/icinga2/conf.d/services.conf.icinga_server165
-rw-r--r--files/usr/local/etc/icinga2/conf.d/templates.conf.icinga_server50
-rw-r--r--files/usr/local/etc/icinga2/conf.d/timeperiods.conf.icinga_server18
-rw-r--r--files/usr/local/etc/icinga2/conf.d/users.conf.icinga_server12
-rw-r--r--files/usr/local/etc/icinga2/constants.conf.icinga_server14
-rw-r--r--files/usr/local/etc/icinga2/icinga2.conf.icinga_server9
-rw-r--r--files/usr/local/etc/icinga2/zones.conf.icinga_server7
-rw-r--r--files/usr/local/etc/icingaweb2/modules/icingadb/commandtransports.ini.icinga_server3
-rw-r--r--files/usr/local/etc/icingaweb2/roles.ini.icinga_server1
-rw-r--r--files/usr/local/etc/poudriere.d/idm-pkglist.pkg_repository1
-rw-r--r--files/usr/local/etc/poudriere.d/make.conf.pkg_repository2
-rw-r--r--files/usr/local/etc/poudriere.d/pkglist.pkg_repository1
-rwxr-xr-xfiles/usr/local/etc/rc.d/myicinga2.icinga_server113
-rw-r--r--files/usr/share/skel/dot.shrc.freebsd6
-rw-r--r--hostclasses1
-rw-r--r--lib/60-postgres4
-rw-r--r--scripts/hostclass/desktop60
-rw-r--r--scripts/hostclass/icinga_server47
-rw-r--r--scripts/hostclass/postgresql_server5
-rw-r--r--scripts/os/freebsd/20-termcap61
-rw-r--r--scripts/os/freebsd/42-icinga3
-rw-r--r--vars/common1
28 files changed, 697 insertions, 73 deletions
diff --git a/files/usr/local/etc/icinga2/conf.d/app.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/app.conf.icinga_server
new file mode 100644
index 0000000..3e4be0d
--- /dev/null
+++ b/files/usr/local/etc/icinga2/conf.d/app.conf.icinga_server
@@ -0,0 +1 @@
+object IcingaApplication "app" { }
diff --git a/files/usr/local/etc/icinga2/conf.d/commands.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/commands.conf.icinga_server
new file mode 100644
index 0000000..dd78f14
--- /dev/null
+++ b/files/usr/local/etc/icinga2/conf.d/commands.conf.icinga_server
@@ -0,0 +1,40 @@
+object NotificationCommand "mail-host-notification" {
+ command = [ ConfigDir + "/scripts/mail-host-notification.sh" ]
+
+ env = {
+ NOTIFICATIONTYPE = "$notification.type$"
+ HOSTDISPLAYNAME = "$host.display_name$"
+ HOSTNAME = "$host.name$"
+ HOSTADDRESS = "$address$"
+ HOSTSTATE = "$host.state$"
+ LONGDATETIME = "$icinga.long_date_time$"
+ HOSTOUTPUT = "$host.output$"
+ NOTIFICATIONAUTHORNAME = "$notification.author$"
+ NOTIFICATIONCOMMENT = "$notification.comment$"
+ HOSTDISPLAYNAME = "$host.display_name$"
+ USEREMAIL = "$user.email$"
+ HOSTNOTES = "$host.notes$"
+ }
+}
+
+object NotificationCommand "mail-service-notification" {
+ command = [ ConfigDir + "/scripts/mail-service-notification.sh" ]
+
+ env = {
+ NOTIFICATIONTYPE = "$notification.type$"
+ SERVICENAME = "$service.name$"
+ HOSTNAME = "$host.name$"
+ HOSTDISPLAYNAME = "$host.display_name$"
+ HOSTADDRESS = "$address$"
+ SERVICESTATE = "$service.state$"
+ LONGDATETIME = "$icinga.long_date_time$"
+ SERVICEOUTPUT = "$service.output$"
+ NOTIFICATIONAUTHORNAME = "$notification.author$"
+ NOTIFICATIONCOMMENT = "$notification.comment$"
+ HOSTDISPLAYNAME = "$host.display_name$"
+ SERVICEDISPLAYNAME = "$service.display_name$"
+ USEREMAIL = "$user.email$"
+ HOSTNOTES = "$host.notes$"
+ SERVICENOTES = "$service.notes$"
+ }
+}
diff --git a/files/usr/local/etc/icinga2/conf.d/downtimes.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/downtimes.conf.icinga_server
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/files/usr/local/etc/icinga2/conf.d/downtimes.conf.icinga_server
diff --git a/files/usr/local/etc/icinga2/conf.d/groups.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/groups.conf.icinga_server
new file mode 100644
index 0000000..f6f13b8
--- /dev/null
+++ b/files/usr/local/etc/icinga2/conf.d/groups.conf.icinga_server
@@ -0,0 +1,119 @@
+object HostGroup "hypervisors" {
+ display_name = "Hypervisors"
+ assign where regex("^alcatraz[0-9]+", host.name)
+}
+
+object HostGroup "idm-servers" {
+ display_name = "IDM Servers"
+ assign where regex("^idm[0-9]+", host.name)
+}
+
+object HostGroup "pkg-repositories" {
+ display_name = "Pkg Repositories"
+ assign where regex("^pkg[0-9]+", host.name)
+}
+
+object HostGroup "smtp-servers" {
+ display_name = "SMTP Servers"
+ assign where regex("^smtp[0-9]+", host.name)
+}
+
+object HostGroup "imap-servers" {
+ display_name = "IMAP Servers"
+ assign where regex("^imap[0-9]+", host.name)
+}
+
+object HostGroup "radius-servers" {
+ display_name = "RADIUS Servers"
+ assign where regex("^radius[0-9]+", host.name)
+}
+
+object HostGroup "desktops" {
+ display_name = "Desktops"
+ assign where regex("^desktop[0-9]+", host.name)
+}
+
+object HostGroup "laptops" {
+ display_name = "Laptops"
+ assign where regex("^laptop[0-9]+", host.name)
+}
+
+object HostGroup "postgresql-servers" {
+ display_name = "PostgreSQL Servers"
+ assign where regex("^postgres[0-9]+", host.name)
+}
+
+object HostGroup "dav-servers" {
+ display_name = "DAV Servers"
+ assign where regex("^dav[0-9]+", host.name)
+}
+
+object HostGroup "bitwarden-servers" {
+ display_name = "Bitwarden Servers"
+ assign where regex("^bitwarden[0-9]+", host.name)
+}
+
+object HostGroup "ttrss-servers" {
+ display_name = "TT-RSS Servers"
+ assign where regex("^ttrss[0-9]+", host.name)
+}
+
+object HostGroup "znc-servers" {
+ display_name = "ZNC Servers"
+ assign where regex("^znc[0-9]+", host.name)
+}
+
+object HostGroup "cups-servers" {
+ display_name = "CUPS Servers"
+ assign where regex("^cups[0-9]+", host.name)
+}
+
+object HostGroup "unifi-controllers" {
+ display_name = "UniFi Controllers"
+ assign where regex("^unifi[0-9]+", host.name)
+}
+
+object HostGroup "invidious-servers" {
+ display_name = "Invidious Servers"
+ assign where regex("^invidious[0-9]+", host.name)
+}
+
+object HostGroup "git-servers" {
+ display_name = "Git Servers"
+ assign where regex("^git[0-9]+", host.name)
+}
+
+object HostGroup "xmpp-servers" {
+ display_name = "XMPP Servers"
+ assign where regex("^xmpp[0-9]+", host.name)
+}
+
+object HostGroup "web-servers" {
+ display_name = "Web Servers"
+ assign where regex("^(www|web)[0-9]+", host.name)
+}
+
+object HostGroup "nameservers" {
+ display_name = "Nameservers"
+ assign where regex("^ns[0-9]+", host.name)
+}
+
+object HostGroup "asterisk-servers" {
+ display_name = "Asterisk Servers"
+ assign where regex("^pbx[0-9]+", host.name)
+}
+
+object HostGroup "nfs-servers" {
+ display_name = "NFS Servers"
+ assign where regex("^nfs[0-9]+", host.name)
+}
+
+object HostGroup "turn-servers" {
+ display_name = "TURN Servers"
+ assign where regex("^turn[0-9]+", host.name)
+}
+
+object HostGroup "icinga-servers" {
+ display_name = "Icinga Servers"
+ assign where regex("^icinga[0-9]+", host.name)
+}
diff --git a/files/usr/local/etc/icinga2/conf.d/hosts.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/hosts.conf.icinga_server
new file mode 100644
index 0000000..dbc2a54
--- /dev/null
+++ b/files/usr/local/etc/icinga2/conf.d/hosts.conf.icinga_server
@@ -0,0 +1,3 @@
+/*
+ * Add custom hosts here.
+ */
diff --git a/files/usr/local/etc/icinga2/conf.d/notifications.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/notifications.conf.icinga_server
new file mode 100644
index 0000000..effff9e
--- /dev/null
+++ b/files/usr/local/etc/icinga2/conf.d/notifications.conf.icinga_server
@@ -0,0 +1,23 @@
+apply Notification "mail-icingaadmin" to Host {
+ import "mail-host-notification"
+ user_groups = host.vars.notification.mail.groups
+ users = host.vars.notification.mail.users
+
+ //interval = 2h
+
+ //vars.notification_logtosyslog = true
+
+ assign where host.vars.notification.mail
+}
+
+apply Notification "mail-icingaadmin" to Service {
+ import "mail-service-notification"
+ user_groups = host.vars.notification.mail.groups
+ users = host.vars.notification.mail.users
+
+ //interval = 2h
+
+ //vars.notification_logtosyslog = true
+
+ assign where host.vars.notification.mail
+}
diff --git a/files/usr/local/etc/icinga2/conf.d/services.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/services.conf.icinga_server
new file mode 100644
index 0000000..5b00864
--- /dev/null
+++ b/files/usr/local/etc/icinga2/conf.d/services.conf.icinga_server
@@ -0,0 +1,165 @@
+apply Service "ssh" {
+ import "generic-service"
+ check_command = "ssh"
+ assign where host.vars.os in ["FreeBSD","Linux"]
+}
+
+apply Service "icinga" {
+ import "generic-service"
+ check_command = "icinga"
+ assign where host.name == NodeName
+}
+
+apply Service "dns" {
+ import "generic-service"
+ check_command = "dns"
+ vars.dns_lookup = "$address$"
+ vars.dns_server = "$address$"
+ vars.dns_wtime = ResponseTimeWarn
+ vars.dns_ctime = ResponseTimeCrit
+ assign where "idm-servers" in host.groups
+}
+
+apply Service "ldap" {
+ import "generic-service"
+ check_command = "ldap"
+ vars.ldap_port = 389
+ vars.ldap_warning = ResponseTimeWarn
+ vars.ldap_critical = ResponseTimeCrit
+ vars.ldap_v2 = false
+ vars.ldap_v3 = true
+ vars.ldap_starttls = true
+ vars.ldap_bind = IcingaDN
+ vars.ldap_pass = IcingaPassword
+ vars.ldap_base = HostsBaseDn
+ vars.ldap_attr = "(cn=" + NodeName + ")"
+ assign where "idm-servers" in host.groups
+}
+
+apply Service "ldaps" {
+ import "generic-service"
+ check_command = "ldap"
+ vars.ldap_port = 636
+ vars.ldap_warning = ResponseTimeWarn
+ vars.ldap_critical = ResponseTimeCrit
+ vars.ldap_v2 = false
+ vars.ldap_v3 = true
+ vars.ldap_ssl = true
+ vars.ldap_bind = IcingaDN
+ vars.ldap_pass = IcingaPassword
+ vars.ldap_base = HostsBaseDn
+ vars.ldap_attr = "(cn=" + NodeName + ")"
+ assign where "idm-servers" in host.groups
+}
+
+apply Service "imap" {
+ import "generic-service"
+ check_command = "imap"
+ vars.imap_port = 993
+ vars.imap_ssl = true
+ vars.imap_certificate_age = CertDaysWarn
+ vars.imap_warning = ResponseTimeWarn
+ vars.imap_critical = ResponseTimeCrit
+ assign where "imap-servers" in host.groups
+}
+
+apply Service "smtp" {
+ import "generic-service"
+ check_command = "smtp"
+ vars.smtp_port = 25
+ vars.smtp_certificate_age = CertDaysWarn
+ vars.smtp_starttls = true
+ vars.smtp_warning = ResponseTimeWarn
+ vars.smtp_critical = ResponseTimeCrit
+ assign where "smtp-servers" in host.groups
+}
+
+apply Service "submission" {
+ import "generic-service"
+ check_command = "smtp"
+ vars.smtp_port = 587
+ vars.smtp_certificate_age = CertDaysWarn
+ vars.smtp_starttls = true
+ vars.smtp_warning = ResponseTimeWarn
+ vars.smtp_critical = ResponseTimeCrit
+ assign where "smtp-servers" in host.groups
+}
+
+apply Service "postgres" {
+ import "generic-service"
+ check_command = "pgsql"
+ vars.pgsql_warning = ResponseTimeWarn
+ vars.pgsql_critical = ResponseTimeCrit
+ vars.pgsql_username = IcingaUsername
+ vars.pgsql_password = IcingaPassword
+ assign where "postgresql-servers" in host.groups
+}
+
+// Expect HTTP 200
+apply Service "http" {
+ import "generic-service"
+ check_command = "http"
+ vars.http_vhost = "$address$"
+ vars.http_expect = "HTTP/1.1 200 OK"
+ vars.http_ssl = false
+ vars.http_warn_time = ResponseTimeWarn
+ vars.http_critical_time = ResponseTimeCrit
+ assign where ("cups-servers" in host.groups
+ || "pkg-repositories" in host.groups)
+}
+
+// Expect HTTP 301
+apply Service "http" {
+ import "generic-service"
+ check_command = "http"
+ vars.http_vhost = "$address$"
+ vars.http_expect = "HTTP/1.1 301 Moved Permanently"
+ vars.http_ssl = false
+ vars.http_warn_time = ResponseTimeWarn
+ vars.http_critical_time = ResponseTimeCrit
+ assign where ("dav-servers" in host.groups
+ || "smtp-servers" in host.groups
+ || "ttrss-servers" in host.groups
+ || "invidious-servers" in host.groups
+ || "nfs-servers" in host.groups
+ || "pkg-servers" in host.groups
+ || "unifi-controllers" in host.groups
+ || "web-servers" in host.groups
+ || "xmpp-servers" in host.groups
+ || "znc-servers" in host.groups)
+}
+
+// Expect HTTPS 401
+apply Service "https" {
+ import "generic-service"
+ check_command = "http"
+ vars.http_vhost = "$address$"
+ vars.http_expect = "HTTP/1.1 401 Unauthorized"
+ vars.http_ssl = true
+ vars.http_certificate = CertDaysWarn + "," + CertDaysCrit
+ vars.http_warn_time = ResponseTimeWarn
+ vars.http_critical_time = ResponseTimeCrit
+ assign where ("dav-servers" in host.groups
+ || "cups-servers" in host.groups
+ || "smtp-servers" in host.groups
+ || "ttrss-servers" in host.groups)
+}
+
+// Expect HTTPS 200
+apply Service "https" {
+ import "generic-service"
+ check_command = "http"
+ vars.http_vhost = "$address$"
+ vars.http_expect = "HTTP/1.1 200 OK"
+ vars.http_ssl = true
+ vars.http_certificate = CertDaysWarn + "," + CertDaysCrit
+ vars.http_warn_time = ResponseTimeWarn
+ vars.http_critical_time = ResponseTimeCrit
+ assign where ("invidious-servers" in host.groups
+ || "nfs-servers" in host.groups
+ || "pkg-servers" in host.groups
+ || "unifi-controllers" in host.groups
+ || "web-servers" in host.groups
+ || "xmpp-servers" in host.groups
+ || "znc-servers" in host.groups)
+}
diff --git a/files/usr/local/etc/icinga2/conf.d/templates.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/templates.conf.icinga_server
new file mode 100644
index 0000000..1aae5ac
--- /dev/null
+++ b/files/usr/local/etc/icinga2/conf.d/templates.conf.icinga_server
@@ -0,0 +1,50 @@
+template Host "generic-host" default {
+ max_check_attempts = 3
+ check_interval = 1m
+ retry_interval = 30s
+ check_command = "hostalive"
+}
+
+template Service "generic-service" default {
+ max_check_attempts = 5
+ check_interval = 1m
+ retry_interval = 30s
+}
+
+template User "generic-user" default {
+
+}
+
+template Notification "mail-host-notification" {
+ command = "mail-host-notification"
+
+ states = [ Up, Down ]
+ types = [ Problem, Acknowledgement, Recovery, Custom,
+ FlappingStart, FlappingEnd,
+ DowntimeStart, DowntimeEnd, DowntimeRemoved ]
+
+ vars += {
+ // notification_icingaweb2url = "https://www.example.com/icingaweb2"
+ // notification_from = "Icinga 2 Host Monitoring <icinga@example.com>"
+ notification_logtosyslog = false
+ }
+
+ period = "24x7"
+}
+
+template Notification "mail-service-notification" {
+ command = "mail-service-notification"
+
+ states = [ OK, Warning, Critical, Unknown ]
+ types = [ Problem, Acknowledgement, Recovery, Custom,
+ FlappingStart, FlappingEnd,
+ DowntimeStart, DowntimeEnd, DowntimeRemoved ]
+
+ vars += {
+ // notification_icingaweb2url = "https://www.example.com/icingaweb2"
+ // notification_from = "Icinga 2 Service Monitoring <icinga@example.com>"
+ notification_logtosyslog = false
+ }
+
+ period = "24x7"
+}
diff --git a/files/usr/local/etc/icinga2/conf.d/timeperiods.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/timeperiods.conf.icinga_server
new file mode 100644
index 0000000..64cd925
--- /dev/null
+++ b/files/usr/local/etc/icinga2/conf.d/timeperiods.conf.icinga_server
@@ -0,0 +1,18 @@
+object TimePeriod "24x7" {
+ display_name = "24x7"
+ ranges = {
+ "monday" = "00:00-24:00"
+ "tuesday" = "00:00-24:00"
+ "wednesday" = "00:00-24:00"
+ "thursday" = "00:00-24:00"
+ "friday" = "00:00-24:00"
+ "saturday" = "00:00-24:00"
+ "sunday" = "00:00-24:00"
+ }
+}
+
+object TimePeriod "never" {
+ display_name = "Never"
+ ranges = { }
+}
+
diff --git a/files/usr/local/etc/icinga2/conf.d/users.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/users.conf.icinga_server
new file mode 100644
index 0000000..1ddaf55
--- /dev/null
+++ b/files/usr/local/etc/icinga2/conf.d/users.conf.icinga_server
@@ -0,0 +1,12 @@
+object User "icingaadmin" {
+ import "generic-user"
+
+ display_name = "Icinga 2 Admin"
+ groups = [ "icingaadmins" ]
+
+ email = "icinga@localhost"
+}
+
+object UserGroup "icingaadmins" {
+ display_name = "Icinga 2 Admin Group"
+}
diff --git a/files/usr/local/etc/icinga2/constants.conf.icinga_server b/files/usr/local/etc/icinga2/constants.conf.icinga_server
new file mode 100644
index 0000000..592da99
--- /dev/null
+++ b/files/usr/local/etc/icinga2/constants.conf.icinga_server
@@ -0,0 +1,14 @@
+const PluginDir = "/usr/local/libexec/nagios"
+const ManubulonPluginDir = "/usr/local/libexec/nagios"
+const PluginContribDir = "/usr/local/libexec/nagios"
+const NodeName = "${BOXCONF_HOSTNAME}"
+const ZoneName = NodeName
+const TicketSalt = "${icinga_ticket_salt}"
+const CertDaysWarn = 30
+const CertDaysCrit = 20
+const ResponseTimeWarn = 0.5
+const ResponseTimeCrit = 1
+const HostsBaseDn = "${hosts_basedn}"
+const IcingaUsername = "${icinga_username}"
+const IcingaPassword = "${icinga_password}"
+const IcingaDN = "${icinga_dn}"
diff --git a/files/usr/local/etc/icinga2/icinga2.conf.icinga_server b/files/usr/local/etc/icinga2/icinga2.conf.icinga_server
new file mode 100644
index 0000000..c97f5fc
--- /dev/null
+++ b/files/usr/local/etc/icinga2/icinga2.conf.icinga_server
@@ -0,0 +1,9 @@
+include "constants.conf"
+include "api-users.conf"
+include "zones.conf"
+include <itl>
+include <plugins>
+include <plugins-contrib>
+include <manubulon>
+include "features-enabled/*.conf"
+include_recursive "conf.d"
diff --git a/files/usr/local/etc/icinga2/zones.conf.icinga_server b/files/usr/local/etc/icinga2/zones.conf.icinga_server
new file mode 100644
index 0000000..59b1fdb
--- /dev/null
+++ b/files/usr/local/etc/icinga2/zones.conf.icinga_server
@@ -0,0 +1,7 @@
+object Endpoint NodeName {
+ host = NodeName
+}
+
+object Zone ZoneName {
+ endpoints = [ NodeName ]
+}
diff --git a/files/usr/local/etc/icingaweb2/modules/icingadb/commandtransports.ini.icinga_server b/files/usr/local/etc/icingaweb2/modules/icingadb/commandtransports.ini.icinga_server
index 990e08a..cf6dea7 100644
--- a/files/usr/local/etc/icingaweb2/modules/icingadb/commandtransports.ini.icinga_server
+++ b/files/usr/local/etc/icingaweb2/modules/icingadb/commandtransports.ini.icinga_server
@@ -1,6 +1,7 @@
[icinga2]
skip_validation = "0"
transport = "api"
+host = "127.0.0.1"
port = "${icinga_port}"
username = "${icingaweb_api_username}"
-password = ${icingaweb_api_password}"
+password = "${icingaweb_api_password}"
diff --git a/files/usr/local/etc/icingaweb2/roles.ini.icinga_server b/files/usr/local/etc/icingaweb2/roles.ini.icinga_server
index 6e20e8a..2511267 100644
--- a/files/usr/local/etc/icingaweb2/roles.ini.icinga_server
+++ b/files/usr/local/etc/icingaweb2/roles.ini.icinga_server
@@ -5,6 +5,7 @@ groups = "$(join ',' $icingaweb_admin_groups)"
EOF
fi)
permissions = "*"
+icingadb/denylist/variables = "*priv*,*auth*,*key*,*pass*,*token*"
[Users]
groups = "${icingaweb_access_role}"
diff --git a/files/usr/local/etc/poudriere.d/idm-pkglist.pkg_repository b/files/usr/local/etc/poudriere.d/idm-pkglist.pkg_repository
index 9504faa..71400a4 100644
--- a/files/usr/local/etc/poudriere.d/idm-pkglist.pkg_repository
+++ b/files/usr/local/etc/poudriere.d/idm-pkglist.pkg_repository
@@ -4,6 +4,7 @@ dns/powerdns
dns/unbound
editors/vim@console
lang/python
+net-mgmt/monitoring-plugins
net/nss-pam-ldapd-sasl
net/openldap26-client
net/openldap26-server
diff --git a/files/usr/local/etc/poudriere.d/make.conf.pkg_repository b/files/usr/local/etc/poudriere.d/make.conf.pkg_repository
index 7e78bbc..1d3a308 100644
--- a/files/usr/local/etc/poudriere.d/make.conf.pkg_repository
+++ b/files/usr/local/etc/poudriere.d/make.conf.pkg_repository
@@ -55,6 +55,8 @@ multimedia_vlc_SET=FLAC MPEG2 X264 X265 VPX DCA FAAD AOM
multimedia_webcamd_UNSET=DVB INPUT RADIO
net-im_dino_UNSET=RTP
net-im_py-matrix-synapse_SET=PGSQL URLPREVIEW LDAP
+net-mgmt_monitoring-plugins_SET=LDAP SSH_PORTABLE PGSQL RADIUS DNS_BINDTOOLS
+net-mgmt_monitoring-plugins_UNSET=DNS_BASE
net_asterisk18_SET=NEWG711 G729 NCURSES
net_asterisk18_UNSET=DAHDI FREETDS RADIUS NEWT
net_freeradius3_SET=LDAP MITKRB_PORT
diff --git a/files/usr/local/etc/poudriere.d/pkglist.pkg_repository b/files/usr/local/etc/poudriere.d/pkglist.pkg_repository
index 2b9587d..1f11a33 100644
--- a/files/usr/local/etc/poudriere.d/pkglist.pkg_repository
+++ b/files/usr/local/etc/poudriere.d/pkglist.pkg_repository
@@ -80,6 +80,7 @@ net-mgmt/icinga2
net-mgmt/icingadb
net-mgmt/icingaweb2
net-mgmt/icingaweb2-module-icingadb
+net-mgmt/monitoring-plugins
net-mgmt/unifi8
net/asterisk18
net/freeradius3
diff --git a/files/usr/local/etc/rc.d/myicinga2.icinga_server b/files/usr/local/etc/rc.d/myicinga2.icinga_server
new file mode 100755
index 0000000..be10192
--- /dev/null
+++ b/files/usr/local/etc/rc.d/myicinga2.icinga_server
@@ -0,0 +1,113 @@
+#!/bin/sh
+
+# PROVIDE: icinga2
+# REQUIRE: LOGIN
+# KEYWORD: shutdown
+
+# Unfortunately, we must duplicate the icinga rc script here in order
+# to provide a mechanism to pass flags to the icinga2 executable.
+
+. /etc/rc.subr
+
+# Add /usr/local/bin to path, so that the notification scripts
+# can work (#!/usr/bin/env bash)
+export PATH=$PATH:/usr/local/bin:/usr/local/sbin
+
+name="icinga2"
+desc="Icinga 2 monitoring (core)"
+rcvar=myicinga2_enable
+
+load_rc_config "${name}"
+
+: ${myicinga2_enable:="NO"}
+: ${icinga2_configfile="/usr/local/etc/${name}/${name}.conf"}
+: ${icinga2_user:="icinga"}
+: ${icinga2_group:="icinga"}
+: ${icinga2_webgroup:="www"}
+: ${icinga2_flags:=""}
+
+
+command="/usr/local/sbin/${name}"
+procname="/usr/local/lib/icinga2/sbin/icinga2"
+extra_commands="reload checkconfig configtest"
+
+icinga2_cachedir="/var/cache/${name}"
+icinga2_libdir="/var/lib/${name}"
+icinga2_logdir="/var/log/icinga2"
+icinga2_rundir="/var/run/${name}"
+icinga2_spooldir="/var/spool/${name}"
+
+pidfile="${icinga2_rundir}/${name}.pid"
+icinga2_logfile="${icinga2_logdir}/${name}.log"
+icinga2_errorlogfile="${icinga2_logdir}/error.log"
+
+start_cmd="start_cmd"
+start_precmd="start_precmd"
+restart_precmd="icinga2_checkconfig"
+reload_precmd="reload_precmd"
+checkconfig_cmd="icinga2_checkconfig verbose"
+configtest_cmd="${checkconfig_cmd}"
+sig_reload=HUP
+
+required_files="${icinga2_configfile}"
+command_args="daemon -d -e ${icinga2_errorlogfile} -c ${icinga2_configfile} ${icinga2_flags}"
+
+icinga2_checkconfig() {
+ echo -n "Performing sanity check of icinga2 configuration: "
+
+ if [ "$1" != "verbose" ]; then
+ quietredir="2>&1 >/dev/null"
+ fi
+
+ ${command} daemon -c ${icinga2_configfile} -C
+
+ if [ $? -ne 0 ]; then
+ echo "FAILED"
+ return 1
+ else
+ echo "OK"
+ fi
+}
+
+reload_precmd() {
+ if ! icinga2_checkconfig; then
+ return 1
+ fi
+}
+
+start_precmd() {
+ # Create necessary directories / change ownership
+ # While this is also done through pkg-plist, /var might be on a ramdisk,
+ # so make sure all needed files and directories are created before starting
+ # Icinga.
+ for d in "${icinga2_logdir}" "${icinga2_logdir}/compat" \
+ "${icinga2_logdir}/compat/archives" "${icinga2_libdir}" \
+ "${icinga2_spooldir}" "${icinga2_spooldir}/tmp" \
+ "${icinga2_rundir}" "${icinga2_cachedir}"; do
+ if [ ! -d "${d}" ]; then
+ install -d -o ${icinga2_user} -g ${icinga2_group} "${d}"
+ fi
+ done
+
+ install -d -o ${icinga2_user} -g ${icinga2_webgroup} -m 2750 "${icinga2_rundir}/cmd"
+
+ chown -R ${icinga2_user}:${icinga2_group} "${icinga2_libdir}"
+ chown -R ${icinga2_user}:${icinga2_group} "${icinga2_spooldir}"
+ chown -R ${icinga2_user}:${icinga2_group} "${icinga2_cachedir}"
+ chown -R ${icinga2_user}:${icinga2_webgroup} "${icinga2_rundir}/cmd"
+
+
+ if ! icinga2_checkconfig; then
+ return 1
+ fi
+
+ if [ ! -f "${icinga2_logfile}" ]; then
+ install -o "${icinga2_user}" -g "${icinga2_group}" -m 644 /dev/null "${icinga2_logfile}"
+ fi
+}
+
+start_cmd() {
+ ${command} ${command_args}
+}
+
+run_rc_command "$1"
diff --git a/files/usr/share/skel/dot.shrc.freebsd b/files/usr/share/skel/dot.shrc.freebsd
index bc8e8da..a5147c7 100644
--- a/files/usr/share/skel/dot.shrc.freebsd
+++ b/files/usr/share/skel/dot.shrc.freebsd
@@ -4,6 +4,12 @@ green=$'\e[0;32m'
PS1="\[${green}\]\u@\h\[${reset}\]:\[${blue}\]\W\[${green}\]\$\[${reset}\] "
unset reset blue green
+export CLICOLOR=1
+export PAGER=less
+export LESS='-iMRS -x2'
+export EDITOR=vim
+export LSCOLORS=DxfxgxgxcxxbxbaCacADAd
+
alias ls='ls -FHh'
alias ll='ls -l'
alias la='ls -la'
diff --git a/hostclasses b/hostclasses
index 92c1d38..5115b03 100644
--- a/hostclasses
+++ b/hostclasses
@@ -24,5 +24,4 @@ authoritative_nameserver ^ns[0-9]
asterisk_server ^pbx[0-9]
nfs_server ^nfs[0-9]
turn_server ^turn[0-9]
-syncthing_server ^syncthing[0-9]
icinga_server ^icinga[0-9]
diff --git a/lib/60-postgres b/lib/60-postgres
index af37c27..6f418ea 100644
--- a/lib/60-postgres
+++ b/lib/60-postgres
@@ -17,8 +17,8 @@ EOF
}
postgres_create_database(){
- # $1 = postgres_host, $2 = dbname, $3 = owner
+ # $1 = postgres_host, $2 = dbname, $3 = owner $4 = encoding, $5 = locale
cat <<EOF | postgres_run -h "${1}" -d postgres
-SELECT 'CREATE DATABASE "${2}" OWNER "${3:-postgres}"' WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = '${2}')\\gexec
+SELECT 'CREATE DATABASE "${2}" ENCODING "${4:-UTF8}" LOCALE "${5:-en_US.UTF-8}" OWNER "${3:-postgres}" TEMPLATE "template0"' WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = '${2}')\\gexec
EOF
}
diff --git a/scripts/hostclass/desktop b/scripts/hostclass/desktop
index ac8bdda..bddce05 100644
--- a/scripts/hostclass/desktop
+++ b/scripts/hostclass/desktop
@@ -168,66 +168,6 @@ esac
# acceleration after resuming from sleep.
set_sysctl kern.vt.suspendswitch="${vt_suspendswitch:-1}"
-# Fix xterm-256color termcap
-# https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280679
-cat <<'EOF' | tic -o /usr/local/share/site-terminfo -
-xterm-256color|xterm with 256 colors,
- am, bce, ccc, km, mc5i, mir, msgr, npc, xenl,
- colors#0x100, cols#80, it#8, lines#24, pairs#0x10000,
- acsc=``aaffggiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz{{||}}~~,
- bel=^G, blink=\E[5m, bold=\E[1m, cbt=\E[Z, civis=\E[?25l,
- clear=\E[H\E[2J, cnorm=\E[?12l\E[?25h, cr=\r,
- csr=\E[%i%p1%d;%p2%dr, cub=\E[%p1%dD, cub1=^H,
- cud=\E[%p1%dB, cud1=\n, cuf=\E[%p1%dC, cuf1=\E[C,
- cup=\E[%i%p1%d;%p2%dH, cuu=\E[%p1%dA, cuu1=\E[A,
- cvvis=\E[?12;25h, dch=\E[%p1%dP, dch1=\E[P, dim=\E[2m,
- dl=\E[%p1%dM, dl1=\E[M, ech=\E[%p1%dX, ed=\E[J, el=\E[K,
- el1=\E[1K, flash=\E[?5h$<100/>\E[?5l, home=\E[H,
- hpa=\E[%i%p1%dG, ht=^I, hts=\EH, ich=\E[%p1%d@,
- il=\E[%p1%dL, il1=\E[L, ind=\n, indn=\E[%p1%dS,
- initc=\E]4;%p1%d;rgb:%p2%{255}%*%{1000}%/%2.2X/%p3%{255}%*%{1000}%/%2.2X/%p4%{255}%*%{1000}%/%2.2X\E\\,
- invis=\E[8m, is2=\E[!p\E[?3;4l\E[4l\E>, kDC=\E[3;2~,
- kEND=\E[1;2F, kHOM=\E[1;2H, kIC=\E[2;2~, kLFT=\E[1;2D,
- kNXT=\E[6;2~, kPRV=\E[5;2~, kRIT=\E[1;2C, ka1=\EOw,
- ka3=\EOy, kb2=\EOu, kbs=^?, kc1=\EOq, kc3=\EOs, kcbt=\E[Z,
- kcub1=\EOD, kcud1=\EOB, kcuf1=\EOC, kcuu1=\EOA,
- kdch1=\E[3~, kend=\EOF, kent=\EOM, kf1=\EOP, kf10=\E[21~,
- kf11=\E[23~, kf12=\E[24~, kf13=\E[1;2P, kf14=\E[1;2Q,
- kf15=\E[1;2R, kf16=\E[1;2S, kf17=\E[15;2~, kf18=\E[17;2~,
- kf19=\E[18;2~, kf2=\EOQ, kf20=\E[19;2~, kf21=\E[20;2~,
- kf22=\E[21;2~, kf23=\E[23;2~, kf24=\E[24;2~,
- kf25=\E[1;5P, kf26=\E[1;5Q, kf27=\E[1;5R, kf28=\E[1;5S,
- kf29=\E[15;5~, kf3=\EOR, kf30=\E[17;5~, kf31=\E[18;5~,
- kf32=\E[19;5~, kf33=\E[20;5~, kf34=\E[21;5~,
- kf35=\E[23;5~, kf36=\E[24;5~, kf37=\E[1;6P, kf38=\E[1;6Q,
- kf39=\E[1;6R, kf4=\EOS, kf40=\E[1;6S, kf41=\E[15;6~,
- kf42=\E[17;6~, kf43=\E[18;6~, kf44=\E[19;6~,
- kf45=\E[20;6~, kf46=\E[21;6~, kf47=\E[23;6~,
- kf48=\E[24;6~, kf49=\E[1;3P, kf5=\E[15~, kf50=\E[1;3Q,
- kf51=\E[1;3R, kf52=\E[1;3S, kf53=\E[15;3~, kf54=\E[17;3~,
- kf55=\E[18;3~, kf56=\E[19;3~, kf57=\E[20;3~,
- kf58=\E[21;3~, kf59=\E[23;3~, kf6=\E[17~, kf60=\E[24;3~,
- kf61=\E[1;4P, kf62=\E[1;4Q, kf63=\E[1;4R, kf7=\E[18~,
- kf8=\E[19~, kf9=\E[20~, khome=\EOH, kich1=\E[2~,
- kind=\E[1;2B, kmous=\E[<, knp=\E[6~, kpp=\E[5~,
- kri=\E[1;2A, mc0=\E[i, mc4=\E[4i, mc5=\E[5i, meml=\El,
- memu=\Em, mgc=\E[?69l, nel=\EE, oc=\E]104\007,
- op=\E[39;49m, rc=\E8, rep=%p1%c\E[%p2%{1}%-%db,
- rev=\E[7m, ri=\EM, rin=\E[%p1%dT, ritm=\E[23m, rmacs=\E(B,
- rmam=\E[?7l, rmcup=\E[?1049l\E[23;0;0t, rmir=\E[4l,
- rmkx=\E[?1l\E>, rmm=\E[?1034l, rmso=\E[27m, rmul=\E[24m,
- rs1=\Ec\E]104\007, rs2=\E[!p\E[?3;4l\E[4l\E>, sc=\E7,
- setab=\E[%?%p1%{8}%<%t4%p1%d%e%p1%{16}%<%t10%p1%{8}%-%d%e48;5;%p1%d%;m,
- setaf=\E[%?%p1%{8}%<%t3%p1%d%e%p1%{16}%<%t9%p1%{8}%-%d%e38;5;%p1%d%;m,
- sgr=%?%p9%t\E(0%e\E(B%;\E[0%?%p6%t;1%;%?%p5%t;2%;%?%p2%t;4%;%?%p1%p3%|%t;7%;%?%p4%t;5%;%?%p7%t;8%;m,
- sgr0=\E(B\E[m, sitm=\E[3m, smacs=\E(0, smam=\E[?7h,
- smcup=\E[?1049h\E[22;0;0t,
- smglr=\E[?69h\E[%i%p1%d;%p2%ds, smir=\E[4h,
- smkx=\E[?1h\E=, smm=\E[?1034h, smso=\E[7m, smul=\E[4m,
- tbc=\E[3g, u6=\E[%i%d;%dR, u7=\E[6n,
- u8=\E[?%[;0123456789]c, u9=\E[c, vpa=\E[%i%p1%dd,
-EOF
-
# Start login manager.
case $desktop_type in
kde)
diff --git a/scripts/hostclass/icinga_server b/scripts/hostclass/icinga_server
index ccd1d46..75ef7b8 100644
--- a/scripts/hostclass/icinga_server
+++ b/scripts/hostclass/icinga_server
@@ -1,9 +1,10 @@
#!/bin/sh
-: ${icinga_username:='s-icinga'}
+: ${icinga_threads:="$nproc"}
: ${icinga_dbname:='icinga'}
: ${icinga_dbhost:="$postgres_host"}
: ${icinga_password:='changeme'}
+: ${icinga_ticket_salt:='changeme'}
: ${icingaweb_api_password:='changeme'}
: ${icingaweb_dbhost:="$postgres_host"}
: ${icingaweb_dbname:='icingaweb'}
@@ -118,10 +119,10 @@ install_directory -m 0700 -o "$icinga_local_user" -g "$icinga_local_user" \
"$icinga_ca_dir"
[ -f "${icinga_ca_dir}/ca.crt" ] \
|| icinga2 pki new-ca
-[ -f "${icinga_cert_dir}/${fqdn}.csr" ] \
- || icinga2 pki new-cert --cn "$fqdn" --key "${icinga_cert_dir}/${fqdn}.key" --csr "${icinga_cert_dir}/${fqdn}.csr"
-[ -f "${icinga_cert_dir}/${fqdn}.crt" ] \
- || icinga2 pki sign-csr --csr "${icinga_cert_dir}/${fqdn}.csr" --cert "${icinga_cert_dir}/${fqdn}.crt"
+[ -f "${icinga_cert_dir}/${BOXCONF_HOSTNAME}.csr" ] \
+ || icinga2 pki new-cert --cn "$BOXCONF_HOSTNAME" --key "${icinga_cert_dir}/${BOXCONF_HOSTNAME}.key" --csr "${icinga_cert_dir}/${BOXCONF_HOSTNAME}.csr"
+[ -f "${icinga_cert_dir}/${BOXCONF_HOSTNAME}.crt" ] \
+ || icinga2 pki sign-csr --csr "${icinga_cert_dir}/${BOXCONF_HOSTNAME}.csr" --cert "${icinga_cert_dir}/${BOXCONF_HOSTNAME}.crt"
ln -snfv "${icinga_ca_dir}/ca.crt" "${icinga_cert_dir}/ca.crt"
# Enable icinga modules.
@@ -132,7 +133,21 @@ done
# Generate icinga configuration.
install_template -m 0640 -g "$icinga_local_user" \
"${icinga_conf_dir}/api-users.conf" \
- "${icinga_conf_dir}/features-available/icingadb.conf"
+ "${icinga_conf_dir}/constants.conf" \
+ "${icinga_conf_dir}/icinga2.conf" \
+ "${icinga_conf_dir}/zones.conf" \
+ "${icinga_conf_dir}/features-available/icingadb.conf" \
+ "${icinga_conf_dir}/conf.d/users.conf" \
+ "${icinga_conf_dir}/conf.d/hosts.conf"
+install_file -m 0640 -g "$icinga_local_user" \
+ "${icinga_conf_dir}/conf.d/app.conf" \
+ "${icinga_conf_dir}/conf.d/commands.conf" \
+ "${icinga_conf_dir}/conf.d/downtimes.conf" \
+ "${icinga_conf_dir}/conf.d/groups.conf" \
+ "${icinga_conf_dir}/conf.d/notifications.conf" \
+ "${icinga_conf_dir}/conf.d/services.conf" \
+ "${icinga_conf_dir}/conf.d/templates.conf" \
+ "${icinga_conf_dir}/conf.d/timeperiods.conf"
# Create icingaweb postgres user and database.
postgres_create_database "$icingaweb_dbhost" "$icingaweb_dbname" "$icinga_username"
@@ -143,6 +158,7 @@ if ! icingaweb_psql -c 'SELECT 1 FROM icingaweb_schema'; then
fi
# Generate icingaweb configuration.
+find "$icinga_conf_dir" -name '*.sample' -delete
install_directory -m 2770 -g "$nginx_user" \
"$icingaweb_conf_dir" \
"${icingaweb_conf_dir}/enabledModules" \
@@ -183,18 +199,31 @@ install_template -m 0644 \
install_certificate nginx "$icingaweb_https_cert"
install_certificate_key nginx "$icingaweb_https_key"
+# Icinga spawns a number of threads based on the core count of the machine. On machines
+# with a large number of CPU cores, this can be undesirable (especially if run from a jail
+# with cpuset()).
+#
+# The thread count can be overriden with the -DConcurrency=N argument to icinga2.
+# Unfortunately, icinga2 rc script from ports does not have a way to override the
+# daemon arguments. So we have to copy over a custom one ("myicinga2").
+#
+# https://icinga.com/docs/icinga-2/latest/doc/15-troubleshooting/#try-reducing-concurrency-threads
+install_file -m 0555 /usr/local/etc/rc.d/myicinga2
+
# Enable and start daemons.
sysrc -v \
nginx_enable=YES \
php_fpm_enable=YES \
redis_enable=YES \
icingadb_enable=YES \
- icinga2_enable=YES
+ myicinga2_enable=YES \
+ icinga2_flags="-DConfiguration.Concurrency=${icinga_threads}"
service nginx restart
service php_fpm restart
+
service redis restart
-service icingadb restart > /dev/null 2>&1 < /dev/null || die 'failed to start icingadb'
-service icinga2 restart
+service icingadb restart > /dev/null 2>&1
+service myicinga2 restart
# Create access role.
ldap_add "cn=${icingaweb_access_role},${roles_basedn}" <<EOF
diff --git a/scripts/hostclass/postgresql_server b/scripts/hostclass/postgresql_server
index cbd9c17..b3e8804 100644
--- a/scripts/hostclass/postgresql_server
+++ b/scripts/hostclass/postgresql_server
@@ -104,3 +104,8 @@ END
# Load citext extension (required by icingadb)
postgres_psql -c 'create extension if not exists citext;'
+
+# Create icinga user.
+postgres_psql <<EOF
+SELECT 'CREATE ROLE "${icinga_username}" WITH LOGIN' WHERE NOT EXISTS (SELECT FROM pg_roles WHERE rolname = '${icinga_username}')\\gexec
+EOF
diff --git a/scripts/os/freebsd/20-termcap b/scripts/os/freebsd/20-termcap
new file mode 100644
index 0000000..ea5a1b5
--- /dev/null
+++ b/scripts/os/freebsd/20-termcap
@@ -0,0 +1,61 @@
+#!/bin/sh
+
+# Fix xterm-256color termcap
+# https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280679
+cat <<'EOF' | tic -o /usr/local/share/site-terminfo -
+xterm-256color|xterm with 256 colors,
+ am, bce, ccc, km, mc5i, mir, msgr, npc, xenl,
+ colors#0x100, cols#80, it#8, lines#24, pairs#0x10000,
+ acsc=``aaffggiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz{{||}}~~,
+ bel=^G, blink=\E[5m, bold=\E[1m, cbt=\E[Z, civis=\E[?25l,
+ clear=\E[H\E[2J, cnorm=\E[?12l\E[?25h, cr=\r,
+ csr=\E[%i%p1%d;%p2%dr, cub=\E[%p1%dD, cub1=^H,
+ cud=\E[%p1%dB, cud1=\n, cuf=\E[%p1%dC, cuf1=\E[C,
+ cup=\E[%i%p1%d;%p2%dH, cuu=\E[%p1%dA, cuu1=\E[A,
+ cvvis=\E[?12;25h, dch=\E[%p1%dP, dch1=\E[P, dim=\E[2m,
+ dl=\E[%p1%dM, dl1=\E[M, ech=\E[%p1%dX, ed=\E[J, el=\E[K,
+ el1=\E[1K, flash=\E[?5h$<100/>\E[?5l, home=\E[H,
+ hpa=\E[%i%p1%dG, ht=^I, hts=\EH, ich=\E[%p1%d@,
+ il=\E[%p1%dL, il1=\E[L, ind=\n, indn=\E[%p1%dS,
+ initc=\E]4;%p1%d;rgb:%p2%{255}%*%{1000}%/%2.2X/%p3%{255}%*%{1000}%/%2.2X/%p4%{255}%*%{1000}%/%2.2X\E\\,
+ invis=\E[8m, is2=\E[!p\E[?3;4l\E[4l\E>, kDC=\E[3;2~,
+ kEND=\E[1;2F, kHOM=\E[1;2H, kIC=\E[2;2~, kLFT=\E[1;2D,
+ kNXT=\E[6;2~, kPRV=\E[5;2~, kRIT=\E[1;2C, ka1=\EOw,
+ ka3=\EOy, kb2=\EOu, kbs=^?, kc1=\EOq, kc3=\EOs, kcbt=\E[Z,
+ kcub1=\EOD, kcud1=\EOB, kcuf1=\EOC, kcuu1=\EOA,
+ kdch1=\E[3~, kend=\EOF, kent=\EOM, kf1=\EOP, kf10=\E[21~,
+ kf11=\E[23~, kf12=\E[24~, kf13=\E[1;2P, kf14=\E[1;2Q,
+ kf15=\E[1;2R, kf16=\E[1;2S, kf17=\E[15;2~, kf18=\E[17;2~,
+ kf19=\E[18;2~, kf2=\EOQ, kf20=\E[19;2~, kf21=\E[20;2~,
+ kf22=\E[21;2~, kf23=\E[23;2~, kf24=\E[24;2~,
+ kf25=\E[1;5P, kf26=\E[1;5Q, kf27=\E[1;5R, kf28=\E[1;5S,
+ kf29=\E[15;5~, kf3=\EOR, kf30=\E[17;5~, kf31=\E[18;5~,
+ kf32=\E[19;5~, kf33=\E[20;5~, kf34=\E[21;5~,
+ kf35=\E[23;5~, kf36=\E[24;5~, kf37=\E[1;6P, kf38=\E[1;6Q,
+ kf39=\E[1;6R, kf4=\EOS, kf40=\E[1;6S, kf41=\E[15;6~,
+ kf42=\E[17;6~, kf43=\E[18;6~, kf44=\E[19;6~,
+ kf45=\E[20;6~, kf46=\E[21;6~, kf47=\E[23;6~,
+ kf48=\E[24;6~, kf49=\E[1;3P, kf5=\E[15~, kf50=\E[1;3Q,
+ kf51=\E[1;3R, kf52=\E[1;3S, kf53=\E[15;3~, kf54=\E[17;3~,
+ kf55=\E[18;3~, kf56=\E[19;3~, kf57=\E[20;3~,
+ kf58=\E[21;3~, kf59=\E[23;3~, kf6=\E[17~, kf60=\E[24;3~,
+ kf61=\E[1;4P, kf62=\E[1;4Q, kf63=\E[1;4R, kf7=\E[18~,
+ kf8=\E[19~, kf9=\E[20~, khome=\EOH, kich1=\E[2~,
+ kind=\E[1;2B, kmous=\E[<, knp=\E[6~, kpp=\E[5~,
+ kri=\E[1;2A, mc0=\E[i, mc4=\E[4i, mc5=\E[5i, meml=\El,
+ memu=\Em, mgc=\E[?69l, nel=\EE, oc=\E]104\007,
+ op=\E[39;49m, rc=\E8, rep=%p1%c\E[%p2%{1}%-%db,
+ rev=\E[7m, ri=\EM, rin=\E[%p1%dT, ritm=\E[23m, rmacs=\E(B,
+ rmam=\E[?7l, rmcup=\E[?1049l\E[23;0;0t, rmir=\E[4l,
+ rmkx=\E[?1l\E>, rmm=\E[?1034l, rmso=\E[27m, rmul=\E[24m,
+ rs1=\Ec\E]104\007, rs2=\E[!p\E[?3;4l\E[4l\E>, sc=\E7,
+ setab=\E[%?%p1%{8}%<%t4%p1%d%e%p1%{16}%<%t10%p1%{8}%-%d%e48;5;%p1%d%;m,
+ setaf=\E[%?%p1%{8}%<%t3%p1%d%e%p1%{16}%<%t9%p1%{8}%-%d%e38;5;%p1%d%;m,
+ sgr=%?%p9%t\E(0%e\E(B%;\E[0%?%p6%t;1%;%?%p5%t;2%;%?%p2%t;4%;%?%p1%p3%|%t;7%;%?%p4%t;5%;%?%p7%t;8%;m,
+ sgr0=\E(B\E[m, sitm=\E[3m, smacs=\E(0, smam=\E[?7h,
+ smcup=\E[?1049h\E[22;0;0t,
+ smglr=\E[?69h\E[%i%p1%d;%p2%ds, smir=\E[4h,
+ smkx=\E[?1h\E=, smm=\E[?1034h, smso=\E[7m, smul=\E[4m,
+ tbc=\E[3g, u6=\E[%i%d;%dR, u7=\E[6n,
+ u8=\E[?%[;0123456789]c, u9=\E[c, vpa=\E[%i%p1%dd,
+EOF
diff --git a/scripts/os/freebsd/42-icinga b/scripts/os/freebsd/42-icinga
new file mode 100644
index 0000000..872c1c6
--- /dev/null
+++ b/scripts/os/freebsd/42-icinga
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+pkg install -y monitoring-plugins
diff --git a/vars/common b/vars/common
index 8e9fab0..0dc1a6b 100644
--- a/vars/common
+++ b/vars/common
@@ -45,6 +45,7 @@ host_keytab_groupname=hostkeytab
host_keytab_gid=788
lmtp_port=25
quota_status_port=10993
+icinga_username='s-icinga'
krb5_ticket_lifetime=24h
krb5_renew_lifetime=7d
nslcd_min_uid=1000