# A deploy key must be added for this to work!
/usr/local/lib/nagios:
  git.cloned:
    - name: {{ salt.pillar.get("icinga2:monitoring_plugins_git_url") | yaml_encode }}
    - target: /usr/local/lib/nagios
    - branch: master
    - user: root


/usr/local/lib/nagios/venv:
  cmd.run:
{% if 'inmotionhosting' in grains.fqdn %}
    - name: imh-python3 -m venv /usr/local/lib/nagios/venv
{% else %}
    - name: python3 -m venv /usr/local/lib/nagios/venv
{% endif %}
    - creates: /usr/local/lib/nagios/venv
    - require:
      - git: /usr/local/lib/nagios
      - pkg: monitoring_packages

# TODO: make all this venv stuff a cmd.script

venv-ensurepip:
  cmd.run:
    - name: /usr/local/lib/nagios/venv/bin/python3 -m ensurepip
    - creates: /usr/local/lib/nagios/venv/bin/pip3
    - require:
      - cmd: /usr/local/lib/nagios/venv

venv-psutil:
  cmd.run:
    - name: /usr/local/lib/nagios/venv/bin/pip3 install psutil
    - require:
      - cmd: venv-ensurepip

monitoring_packages:
  pkg.installed:
    - pkgs:
      - smartmontools
      {% if grains.os_family == 'Debian' %}
      - python3-venv
      {% endif %}

icinga:
  user.present:
    - shell: /bin/bash
    - home: /var/lib/icinga
    - system: true
    - createhome: true

/var/lib/icinga/.ssh:
  file.directory:
    - user: icinga
    - group: icinga
    - mode: 700
    - require:
      - user: icinga

/var/lib/icinga/.ssh/authorized_keys:
  file.managed:
    - user: icinga
    - group: icinga
    - mode: 400
    - contents_pillar: icinga2:icinga_rsa_pubkey
    - require:
      - file: /var/lib/icinga/.ssh

/etc/sudoers.d/icinga:
  file.managed:
    - user: root
    - group: root
    - mode: 440
    - template: jinja
    - source: salt://icinga2/files/client_sudo.jinja
    - check_cmd: /usr/sbin/visudo -c -f