cronekorkn/bundlewrap
1
0
Fork 0
Code Issues Pull requests 8 Projects Releases Wiki Activity

wip

Browse source
This commit is contained in:
mwiegand 2022-08-17 23:47:11 +02:00
parent 532df976db
commit 001ab5edef
4 changed files with 63 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
bundles/icinga2/files/conf.d/templates.conf
View file

@ -11,3 +11,5 @@ template Service "generic-service" {
check_interval = 1m check_interval = 1m
retry_interval = 30s retry_interval = 30s
} }
template User "generic-user" {}

32
bundles/icinga2/items.py
View file

@ -45,6 +45,22 @@ directories = {
'svc_systemd:icinga2.service:restart', 'svc_systemd:icinga2.service:restart',
], ],
}, },
'/var/lib/icinga2': {
'owner': 'nagios',
'group': 'nagios',
'mode': '0750',
'triggers': [
'svc_systemd:icinga2.service:restart',
],
},
'/var/lib/icinga2/certs': {
'owner': 'nagios',
'group': 'nagios',
'mode': '0700',
'triggers': [
'svc_systemd:icinga2.service:restart',
],
},
} }
files = { files = {
@ -62,7 +78,7 @@ files = {
'group': 'nagios', 'group': 'nagios',
'mode': '0640', 'mode': '0640',
'context': { 'context': {
'hostname': node.metadata.get('hostname') 'hostname': node.metadata.get('icinga2/hostname')
}, },
'triggers': [ 'triggers': [
'svc_systemd:icinga2.service:restart', 'svc_systemd:icinga2.service:restart',
@ -157,6 +173,7 @@ files = {
'source': 'features/ido-pgsql.conf', 'source': 'features/ido-pgsql.conf',
'content_type': 'mako', 'content_type': 'mako',
'owner': 'nagios', 'owner': 'nagios',
'group': 'nagios',
'context': { 'context': {
'db_password': node.metadata.get('postgresql/roles/icinga2/password') 'db_password': node.metadata.get('postgresql/roles/icinga2/password')
}, },
@ -167,6 +184,7 @@ files = {
'/etc/icinga2/features.d/syslog.conf': { '/etc/icinga2/features.d/syslog.conf': {
'source': 'features/syslog.conf', 'source': 'features/syslog.conf',
'owner': 'nagios', 'owner': 'nagios',
'group': 'nagios',
'triggers': [ 'triggers': [
'svc_systemd:icinga2.service:restart', 'svc_systemd:icinga2.service:restart',
], ],
@ -174,6 +192,7 @@ files = {
'/etc/icinga2/features.d/notification.conf': { '/etc/icinga2/features.d/notification.conf': {
'source': 'features/notification.conf', 'source': 'features/notification.conf',
'owner': 'nagios', 'owner': 'nagios',
'group': 'nagios',
'triggers': [ 'triggers': [
'svc_systemd:icinga2.service:restart', 'svc_systemd:icinga2.service:restart',
], ],
@ -181,6 +200,7 @@ files = {
'/etc/icinga2/features.d/checker.conf': { '/etc/icinga2/features.d/checker.conf': {
'source': 'features/checker.conf', 'source': 'features/checker.conf',
'owner': 'nagios', 'owner': 'nagios',
'group': 'nagios',
'triggers': [ 'triggers': [
'svc_systemd:icinga2.service:restart', 'svc_systemd:icinga2.service:restart',
], ],
@ -188,6 +208,16 @@ files = {
'/etc/icinga2/features.d/api.conf': { '/etc/icinga2/features.d/api.conf': {
'source': 'features/api.conf', 'source': 'features/api.conf',
'owner': 'nagios', 'owner': 'nagios',
'group': 'nagios',
'triggers': [
'svc_systemd:icinga2.service:restart',
],
},
'/var/lib/icinga2/certs/ca.crt': {
'content_type': 'download',
'source': f'https://letsencrypt.org/certs/isrg-root-x1-cross-signed.pem',
'owner': 'nagios',
'group': 'nagios',
'triggers': [ 'triggers': [
'svc_systemd:icinga2.service:restart', 'svc_systemd:icinga2.service:restart',
], ],

20
bundles/icinga2/metadata.py
View file

@ -45,3 +45,23 @@ defaults = {
}, },
}, },
} }
@metadata_reactor.provides(
'nginx/vhosts',
)
def letsencrypt(metadata):
return {
'letsencrypt': {
'domains': {
metadata.get('icingaweb2/hostname'): {
'reload': {'icinga2'},
'owner': 'nagios',
'group': 'nagios',
'location': '/var/lib/icinga2/certs',
'privkey_name': metadata.get('hostname') + '.key',
'cert_name': metadata.get('hostname') + '.crt',
},
},
},
}

16
bundles/letsencrypt/files/hook.sh
View file

@ -26,19 +26,23 @@ deploy_cert() {
CERTFILE="$3" CERTFILE="$3"
FULLCHAINFILE="$4" FULLCHAINFILE="$4"
CHAINFILE="$5" CHAINFILE="$5"
case $DOMAIN in case $DOMAIN in
% for domain, conf in sorted(domains.items()): % for domain, conf in sorted(domains.items()):
<% if not conf: continue %>\ <% if not conf: continue %>\
${domain}) ${domain})
% if conf.get('location', None): % if conf.get('location', None):
cat "$KEYFILE" > "${conf['location']}/privkey.pem" cat "$KEYFILE" > "${conf['location']}/${conf.get('privkey_name', 'privkey.pem')}"
cat "$CERTFILE" > "${conf['location']}/cert.pem" cat "$CERTFILE" > "${conf['location']}/${conf.get('cert_name', 'cert.pem')}"
cat "$FULLCHAINFILE" > "${conf['location']}/fullchain.pem" cat "$FULLCHAINFILE" > "${conf['location']}/${conf.get('fullchain_name', 'fullchain.pem')}"
cat "$CHAINFILE" > "${conf['location']}/chain.pem" cat "$CHAINFILE" > "${conf['location']}/${conf.get('chain_name', 'chain.pem')}"
% endif % endif
% if conf.get('owner', None): % if conf.get('owner', None):
chown ${conf['owner']} "${conf['location']}/privkey.pem" "${conf['location']}/cert.pem" "${conf['location']}/fullchain.pem" "${conf['location']}/chain.pem" chown ${conf['owner']}:${conf.get('group', '')} \
"${conf['location']}/${conf.get('privkey_name', 'privkey.pem')}" \
"${conf['location']}/${conf.get('cert_name', 'cert.pem')}" \
"${conf['location']}/${conf.get('fullchain_name', 'fullchain.pem')}" \
"${conf['location']}/${conf.get('chain_name', 'chain.pem')}"
% endif % endif
% for service in sorted(conf.get('reload', [])): % for service in sorted(conf.get('reload', [])):
systemctl reload-or-restart ${service} systemctl reload-or-restart ${service}