icinga2.ssh_client

icinga2/files/client_sudo.jinja

@@ -0,0 +1,3 @@
+# monitoring sudoers rules
+nagios ALL=(ALL) NOPASSWD: \
+  {{ salt.pillar.get('icinga2:client_sudo') | join(", \\\n") | indent(2) }}

icinga2/ssh_client.sls

@@ -0,0 +1,51 @@
+# todo: git clone to /usr/local/lib/nagios
+
+# A deploy key must be added for this to work!
+{{ salt.pillar.get("icinga2:monitoring_plugins_git_url") | yaml_encode }}:
+  git.cloned:
+    - target: /usr/local/lib/nagios
+    - branch: master
+    - user: root
+
+monitoring_packages:
+  pkg.installed:
+    - pkgs:
+      # TODO: these are the Debian names. Figure out the others
+      - monitoring-plugins-basic
+      - smartmontools
+
+nagios:
+  user.present:
+    - shell: /bin/bash
+    - home: /var/lib/nagios
+    - system: true
+    - createhome: true
+
+/var/lib/nagios/.ssh:
+  file.directory:
+    - user: nagios
+    - group: nagios
+    - mode: 700
+    - require:
+      - user: nagios
+
+/var/lib/nagios/.ssh/authorized_keys:
+  file.managed:
+    - user: nagios
+    - group: nagios
+    - mode: 400
+    - contents_pillar: icinga2:nagios_rsa_pubkey
+    - require:
+      - file: /var/lib/nagios/.ssh
+
+/etc/sudoers.d/nagios:
+  file.managed:
+    - user: root
+    - group: root
+    - mode: 440
+    - template: jinja
+    - source: salt://icinga2/files/client_sudo.jinja
+    - check_cmd: /usr/sbin/visudo -c -f
+
+# FIXME
+# [2023-12-06 00:13:41 -0500] warning/PluginNotificationTask: Notification command for object 'usfn-ovh!nvme0' (PID: 12270, arguments: '/etc/icinga2/scripts/mail-service-notification.sh') terminated with exit code 127, output: /etc/icinga2/scripts/mail-service-notification.sh: 20: /etc/icinga2/scripts/mail-service-notification.sh: mail: not found