diff --git a/inventory_template/group_vars/all/vault.yml.template b/inventory_template/group_vars/all/vault.yml.template index 821e3f8..a2f2d6e 100644 --- a/inventory_template/group_vars/all/vault.yml.template +++ b/inventory_template/group_vars/all/vault.yml.template @@ -17,3 +17,15 @@ vault_public_key_backup_user_host: SSH_PUBKEY_OF_backup_user_USER_ON_BACKUP_HOST vault_ldap_admin_user_password: LDAP_ADMIN_PASSWORD vault_ldap_config_admin_user_password: LDAP_CONFIG_ADMIN_PASSWORD + +vault_icinga2_server_mariadb_root_password: RANDOM_PASSWORD +vault_icinga2_server_mariadb_users_icinga_password: RANDOM_PASSWORD +vault_icinga2_server_mariadb_users_icingaweb2_password: RANDOM_PASSWORD +vault_icinga2_server_api_users_root_password: RANDOM_PASSWORD +vault_icinga2_server_icingaweb2_main_user_password: RANDOM_PASSWORD +# openssl passwd -1 thePassword +vault_icinga2_server_icingaweb2_main_user_password_hash_manual: HASHED_RANDOM_PASSWORD +vault_icinga2_server_ticket_salt: RANDOM_SALT +vault_icinga2_server_icingaweb2_main_user_email: EMAIL_TO_SEND_ICINGA_ALERTS +vault_icinga2_server_icinga_ssh_pubkey: SSH_PUB_KEY_OF_nagios_user_USER_ON_HOSTS +vault_icinga2_server_icinga_ssh_privkey: SSH_PRIV_KEY_OF_nagios_user_USER_ON_HOSTS diff --git a/inventory_template/group_vars/icinga2_server.yml b/inventory_template/group_vars/icinga2_server.yml new file mode 100644 index 0000000..54e35ab --- /dev/null +++ b/inventory_template/group_vars/icinga2_server.yml @@ -0,0 +1,41 @@ +--- + +icinga2_server_mariadb_root_password: "{{ vault_icinga2_server_mariadb_root_password }}" +icinga2_server_icingaweb2_main_user_password: "{{ vault_icinga2_server_icingaweb2_main_user_password }}" +icinga2_server_icingaweb2_main_user_password_hash_manual: "{{ vault_icinga2_server_icingaweb2_main_user_password_hash_manual }}" + +icinga2_server_mariadb_users: + icinga_user: + name: "icinga_user" + password: "{{ vault_icinga2_server_mariadb_users_icinga_password }}" + priv: "icinga.*:ALL" + icingaweb2_user: + name: "icingaweb2_user" + password: "{{ vault_icinga2_server_mariadb_users_icingaweb2_password }}" + priv: "icingaweb2.*:ALL" + +icinga2_server_api_users: + - username: root + password: "{{ vault_icinga2_server_api_users_root_password }}" + permissions: '*' + +# Role ansible-role-certbot : defina auto renew, schedule, ... +certbot_auto_renew: true +certbot_auto_renew_user: "root" +certbot_auto_renew_hour: "3" +certbot_auto_renew_minute: "36" +certbot_auto_renew_options: "--quiet --no-self-upgrade --pre-hook \"systemctl stop apache2\" --post-hook \"systemctl start apache2\" --deploy-hook \"cp -pf /etc/letsencrypt/live/{{ inventory_hostname }}/*.pem /etc/apache2/ && chown www-data: /etc/apache2/*.pem\"" +certbot_create_if_missing: true +certbot_create_method: standalone +certbot_create_standalone_stop_services: + - apache2 +certbot_certs: + - domains: + - "{{ inventory_hostname }}" + +icinga2_server_ticket_salt: "{{ vault_icinga2_server_ticket_salt }}" +icinga2_server_custom_hostgroup: wirebrass +icinga2_server_icingaweb2_main_user_email: "{{ vault_icinga2_server_icingaweb2_main_user_email }}" + +icinga2_server_icinga_ssh_pubkey: "{{ vault_icinga2_server_icinga_ssh_pubkey }}" +icinga2_server_icinga_ssh_privkey: "{{ vault_icinga2_server_icinga_ssh_privkey }}" diff --git a/inventory_template/group_vars/web_server.yml b/inventory_template/group_vars/web_server.yml new file mode 100644 index 0000000..c80bdca --- /dev/null +++ b/inventory_template/group_vars/web_server.yml @@ -0,0 +1,14 @@ +# Role ansible-role-certbot : defina auto renew, schedule, ... +certbot_auto_renew: true +certbot_auto_renew_user: "root" +certbot_auto_renew_hour: "3" +certbot_auto_renew_minute: "35" +certbot_auto_renew_options: "--quiet --no-self-upgrade --pre-hook \"/etc/init.d/nginx stop\" --post-hook \"/etc/init.d/nginx start\"" +certbot_create_if_missing: true +certbot_create_method: standalone +certbot_create_standalone_stop_services: + - nginx +certbot_certs: + - domains: + - "{{ inventory_hostname }}" +