commit 775b3f1aac649f6193deb6f9f094c57459ee5e9f
Author: Peter Edmond <peter.edmond@telos.digital>
Date:   Thu Jun 19 22:24:35 2025 +0100

    Working ANSIBLE solution for monitor.telos.digital

diff --git a/ANSIBLE/README.md b/ANSIBLE/README.md
new file mode 100644
index 0000000..031b31e
--- /dev/null
+++ b/ANSIBLE/README.md
@@ -0,0 +1,15 @@
+README.md
+=========
+
+This is an index of all of the ansible scripts used for building Telos Digital systems, as created by Peter Edmond
+
+If running under sudo, then:
+eval `ssh-agent`
+ssh-add
+in order to avoid retyping in the password all the time!
+
+icinga.yml
+----------------
+
+Playbook configures the Telos Digital ICINGA2 monitoring system
+
diff --git a/ANSIBLE/ansible.cfg b/ANSIBLE/ansible.cfg
new file mode 100644
index 0000000..018c8ef
--- /dev/null
+++ b/ANSIBLE/ansible.cfg
@@ -0,0 +1,3 @@
+[defaults]
+inventory = ./hosts
+remote_user = ubuntu
diff --git a/ANSIBLE/group_vars/db/vault.yml b/ANSIBLE/group_vars/db/vault.yml
new file mode 100644
index 0000000..36aa151
--- /dev/null
+++ b/ANSIBLE/group_vars/db/vault.yml
@@ -0,0 +1,12 @@
+$ANSIBLE_VAULT;1.1;AES256
+36613939323066666438386364306162333535383734646265346662316330663830636337353730
+6464306339366432353562633535646238383763623734660a326336623865396233353438353936
+32396434376532633236343539616338323639663837653132666435623138666335663561613262
+3936623531626331360a313538663964343830373761353865663861613833623466656164303038
+66323533373766656563636261643132323165666239336563363736323462623263623932623033
+36646136623561386533613666373733336138653561633165366564326334326666613061613363
+36326134396135323736373633396563613661303066646435326234306363616639333364353231
+65366432373165646161663635376462643364656338316539656561616165373038643038383436
+61373462303537363837633764343466656431323761396332326336383438613461623036333531
+63656234393931633333383935663464396535626164373733316164366537613835643839333333
+386135626233626433656161346439636564
diff --git a/ANSIBLE/host_vars/monitor.telos.digital.yml b/ANSIBLE/host_vars/monitor.telos.digital.yml
new file mode 100644
index 0000000..7d23ad3
--- /dev/null
+++ b/ANSIBLE/host_vars/monitor.telos.digital.yml
@@ -0,0 +1,15 @@
+
+    site_name: monitor.telos.digital
+    site_root: /var/www/html
+    admin_email: peter.edmond@telos.digital
+
+    php_version: 8.3
+
+#These are not used but can be used to customise the php-fpm environment if required.
+    php_upload_max_filesize: 20M
+    php_post_max_size: 25M
+    php_memory_limit: 128M
+    php_max_execution_time: 60
+
+
+
diff --git a/ANSIBLE/hosts b/ANSIBLE/hosts
new file mode 100644
index 0000000..0f09528
--- /dev/null
+++ b/ANSIBLE/hosts
@@ -0,0 +1,6 @@
+[web]
+monitor.telos.digital
+
+
+[monitor]
+monitor.telos.digital
diff --git a/ANSIBLE/httpd.yml b/ANSIBLE/httpd.yml
new file mode 100644
index 0000000..7a3580b
--- /dev/null
+++ b/ANSIBLE/httpd.yml
@@ -0,0 +1,75 @@
+- name: Configure Apache with Let's Encrypt
+  hosts: monitor
+  become: yes
+  gather_facts: yes
+
+  tasks:
+    - name: Install Apache2
+      apt:
+        name: apache2
+        state: present
+        update_cache: yes
+
+    - name: Install Certbot and Apache plugin
+      apt:
+        name:
+          - certbot
+          - python3-certbot-apache
+        state: present
+
+    - name: Ensure site root exists
+      file:
+        path: "{{ site_root }}"
+        state: directory
+        owner: www-data
+        group: www-data
+        mode: '0755'
+
+    - name: Create index.html
+      template:
+        src: templates/index.html.j2
+        dest: "{{ site_root }}/index.html"
+        owner: www-data
+        group: www-data
+        mode: '0644'
+
+    - name: Create Apache virtual host config
+      template:
+        src: templates/vhost.conf.j2
+        dest: /etc/apache2/sites-available/{{ site_name }}.conf
+      notify: Reload Apache
+
+    - name: Enable site
+      command: a2ensite {{ site_name }}
+      notify: Reload Apache
+
+    - name: Enable SSL module
+      command: a2enmod ssl
+      notify: Reload Apache
+
+    - name: Ensure Apache is running and enabled
+      service:
+        name: apache2
+        state: started
+        enabled: yes
+
+    - name: Obtain Let's Encrypt certificate using certbot
+      command: >
+        certbot --apache -n --agree-tos --redirect
+        -d {{ site_name }}
+        --email {{ admin_email }}
+      args:
+        creates: /etc/letsencrypt/live/{{ site_name }}/fullchain.pem
+
+  handlers:
+    - name: Reload Apache
+      service:
+        name: apache2
+        state: reloaded
+
+    - name: Restart Apache
+      service:
+        name: apache2
+        state: restarted
+
+
diff --git a/ANSIBLE/icinga.yml b/ANSIBLE/icinga.yml
new file mode 100644
index 0000000..4bf678a
--- /dev/null
+++ b/ANSIBLE/icinga.yml
@@ -0,0 +1,20 @@
+---
+#- import_playbook: httpd.yml
+
+- name: Install php and icinga2 web
+  hosts: monitor
+  become: yes
+  gather_facts: yes
+  vars_files:
+    - group_vars/db/vault.yml  # This is encrypted
+
+  roles:
+    #- httpd_with_php
+    #- mariadb
+    - icinga2
+    - icingaweb2
+
+  tasks:
+    - debug:
+        msg: "Finished configuring DNS"
+
diff --git a/ANSIBLE/make_new_role.sh b/ANSIBLE/make_new_role.sh
new file mode 100644
index 0000000..0e9c8a1
--- /dev/null
+++ b/ANSIBLE/make_new_role.sh
@@ -0,0 +1,4 @@
+#Create a new role using the command - This gives framework!
+
+cp -aRp roles/skel roles/gittea
+
diff --git a/ANSIBLE/roles/httpd/handlers/main.yml b/ANSIBLE/roles/httpd/handlers/main.yml
new file mode 100644
index 0000000..7f30057
--- /dev/null
+++ b/ANSIBLE/roles/httpd/handlers/main.yml
@@ -0,0 +1,11 @@
+---
+- name: Reload Apache
+  service:
+    name: apache2
+    state: reloaded
+
+- name: Restart Apache
+  service:
+    name: apache2
+    state: restarted
+
diff --git a/ANSIBLE/roles/httpd/tasks/main.yml b/ANSIBLE/roles/httpd/tasks/main.yml
new file mode 100644
index 0000000..dda83c1
--- /dev/null
+++ b/ANSIBLE/roles/httpd/tasks/main.yml
@@ -0,0 +1,59 @@
+---
+- name: Install Apache2
+  apt:
+    name: apache2
+    state: present
+    update_cache: yes
+
+- name: Install Certbot and Apache plugin
+  apt:
+    name:
+      - certbot
+      - python3-certbot-apache
+    state: present
+
+- name: Ensure site root exists
+  file:
+    path: "{{ site_root }}"
+    state: directory
+    owner: www-data
+    group: www-data
+    mode: '0755'
+
+- name: Create index.html
+  template:
+    src: index.html.j2
+    dest: "{{ site_root }}/index.html"
+    owner: www-data
+    group: www-data
+    mode: '0644'
+
+- name: Create Apache virtual host config
+  template:
+    src: vhost.conf.j2
+    dest: /etc/apache2/sites-available/{{ site_name }}.conf
+  notify: Reload Apache
+
+- name: Enable site
+  command: a2ensite {{ site_name }}
+  notify: Reload Apache
+
+- name: Enable SSL module
+  command: a2enmod ssl
+  notify: Reload Apache
+
+- name: Ensure Apache is running and enabled
+  service:
+    name: apache2
+    state: started
+    enabled: yes
+
+- name: Obtain Let's Encrypt certificate using certbot
+  command: >
+    certbot --apache -n --agree-tos --redirect
+    -d {{ site_name }}
+    --email your-email@example.com
+  args:
+    creates: /etc/letsencrypt/live/{{ site_name }}/fullchain.pem
+
+
diff --git a/ANSIBLE/roles/httpd/templates/index.html.j2 b/ANSIBLE/roles/httpd/templates/index.html.j2
new file mode 100644
index 0000000..939a6ee
--- /dev/null
+++ b/ANSIBLE/roles/httpd/templates/index.html.j2
@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>Welcome to {{ site_name }}</title>
+</head>
+<body>
+    <h1>Welcome to {{ site_name }}</h1>
+    <p>This site is served from: {{ site_root }}</p>
+</body>
+</html>
+
diff --git a/ANSIBLE/roles/httpd/templates/vhost.conf.j2 b/ANSIBLE/roles/httpd/templates/vhost.conf.j2
new file mode 100644
index 0000000..a8f6ff5
--- /dev/null
+++ b/ANSIBLE/roles/httpd/templates/vhost.conf.j2
@@ -0,0 +1,14 @@
+<VirtualHost *:80>
+    ServerName {{ site_name }}
+    DocumentRoot {{ site_root }}
+
+    <Directory {{ site_root }}>
+        Options Indexes FollowSymLinks
+        AllowOverride All
+        Require all granted
+    </Directory>
+
+    ErrorLog ${APACHE_LOG_DIR}/{{ site_name }}_error.log
+    CustomLog ${APACHE_LOG_DIR}/{{ site_name }}_access.log combined
+</VirtualHost>
+
diff --git a/ANSIBLE/roles/httpd_with_php/handlers/main.yml b/ANSIBLE/roles/httpd_with_php/handlers/main.yml
new file mode 100644
index 0000000..e7bf150
--- /dev/null
+++ b/ANSIBLE/roles/httpd_with_php/handlers/main.yml
@@ -0,0 +1,16 @@
+---
+- name: Reload Apache
+  service:
+    name: apache2
+    state: reloaded
+
+- name: Restart Apache
+  service:
+    name: apache2
+    state: restarted
+
+- name: Restart PHP-FPM
+  service:
+    name: php{{ php_version }}-fpm
+    state: restarted
+
diff --git a/ANSIBLE/roles/httpd_with_php/tasks/main.yml b/ANSIBLE/roles/httpd_with_php/tasks/main.yml
new file mode 100644
index 0000000..c09f86b
--- /dev/null
+++ b/ANSIBLE/roles/httpd_with_php/tasks/main.yml
@@ -0,0 +1,59 @@
+---
+- name: Install Apache2
+  apt:
+    name: apache2
+    state: present
+    update_cache: yes
+
+- name: Install Certbot and Apache plugin
+  apt:
+    name:
+      - certbot
+      - python3-certbot-apache
+    state: present
+
+- name: Ensure site root exists
+  file:
+    path: "{{ site_root }}"
+    state: directory
+    owner: www-data
+    group: www-data
+    mode: '0755'
+
+- name: Create index.html
+  template:
+    src: index.html.j2
+    dest: "{{ site_root }}/index.html"
+    owner: www-data
+    group: www-data
+    mode: '0644'
+
+- name: Create Apache virtual host config
+  template:
+    src: vhost.conf.j2
+    dest: /etc/apache2/sites-available/{{ site_name }}.conf
+  notify: Reload Apache
+
+- name: Enable site
+  command: a2ensite {{ site_name }}
+  notify: Reload Apache
+
+- name: Enable SSL module
+  command: a2enmod ssl
+  notify: Reload Apache
+
+- name: Ensure Apache is running and enabled
+  service:
+    name: apache2
+    state: started
+    enabled: yes
+
+- name: Obtain Let's Encrypt certificate using certbot
+  command: >
+    certbot --apache -n --agree-tos --redirect
+    -d {{ site_name }}
+    --email your-email@example.com
+  args:
+    creates: /etc/letsencrypt/live/{{ site_name }}/fullchain.pem
+
+- import_tasks: php.yml
diff --git a/ANSIBLE/roles/httpd_with_php/tasks/php.yml b/ANSIBLE/roles/httpd_with_php/tasks/php.yml
new file mode 100644
index 0000000..7c87178
--- /dev/null
+++ b/ANSIBLE/roles/httpd_with_php/tasks/php.yml
@@ -0,0 +1,42 @@
+---
+- name: Install PHP, PHP-FPM, and common extensions
+  apt:
+    name:
+      - php
+      - php-fpm
+      - php-cli
+      - php-mysql
+      - php-curl
+      - php-gd
+      - php-mbstring
+      - php-xml
+      - php-zip
+    state: present
+    update_cache: yes
+
+- name: Enable Apache modules for PHP-FPM
+  command: a2enmod {{ item }}
+  loop:
+    - proxy_fcgi
+    - setenvif
+    - php{{ php_version }}  # or php8.1 depending on your distro
+  notify: Reload Apache
+  ignore_errors: yes  # in case some modules aren't available
+
+- name: Ensure PHP-FPM service is running
+  service:
+    name: php{{ php_version }}-fpm
+    state: started
+    enabled: yes
+  when: php_version is defined
+
+- name: Deploy custom PHP-FPM pool config
+  template:
+    src: www.conf.j2
+    dest: /etc/php/{{ php_version }}/fpm/pool.d/www.conf
+    owner: root
+    group: root
+    mode: '0644'
+  notify: Restart PHP-FPM
+
+
diff --git a/ANSIBLE/roles/httpd_with_php/templates/index.html.j2 b/ANSIBLE/roles/httpd_with_php/templates/index.html.j2
new file mode 100644
index 0000000..939a6ee
--- /dev/null
+++ b/ANSIBLE/roles/httpd_with_php/templates/index.html.j2
@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>Welcome to {{ site_name }}</title>
+</head>
+<body>
+    <h1>Welcome to {{ site_name }}</h1>
+    <p>This site is served from: {{ site_root }}</p>
+</body>
+</html>
+
diff --git a/ANSIBLE/roles/httpd_with_php/templates/vhost.conf.j2 b/ANSIBLE/roles/httpd_with_php/templates/vhost.conf.j2
new file mode 100644
index 0000000..a8f6ff5
--- /dev/null
+++ b/ANSIBLE/roles/httpd_with_php/templates/vhost.conf.j2
@@ -0,0 +1,14 @@
+<VirtualHost *:80>
+    ServerName {{ site_name }}
+    DocumentRoot {{ site_root }}
+
+    <Directory {{ site_root }}>
+        Options Indexes FollowSymLinks
+        AllowOverride All
+        Require all granted
+    </Directory>
+
+    ErrorLog ${APACHE_LOG_DIR}/{{ site_name }}_error.log
+    CustomLog ${APACHE_LOG_DIR}/{{ site_name }}_access.log combined
+</VirtualHost>
+
diff --git a/ANSIBLE/roles/httpd_with_php/templates/www.conf.j2 b/ANSIBLE/roles/httpd_with_php/templates/www.conf.j2
new file mode 100644
index 0000000..89bfb0f
--- /dev/null
+++ b/ANSIBLE/roles/httpd_with_php/templates/www.conf.j2
@@ -0,0 +1,31 @@
+[www]
+
+user = www-data
+group = www-data
+
+listen = /run/php/php{{ php_version }}-fpm.sock
+
+listen.owner = www-data
+listen.group = www-data
+listen.mode = 0660
+
+pm = dynamic
+pm.max_children = 10
+pm.start_servers = 2
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+
+chdir = /
+
+; Logging
+catch_workers_output = yes
+; Uncomment for more detailed error logging
+; php_admin_value[error_log] = /var/log/php{{ php_version }}-fpm.log
+; php_admin_flag[log_errors] = on
+
+; Additional PHP configuration values
+php_admin_value[upload_max_filesize] = 20M
+php_admin_value[post_max_size] = 25M
+php_admin_value[memory_limit] = 128M
+php_admin_value[max_execution_time] = 60
+
diff --git a/ANSIBLE/roles/icinga2/README.md b/ANSIBLE/roles/icinga2/README.md
new file mode 100644
index 0000000..225dd44
--- /dev/null
+++ b/ANSIBLE/roles/icinga2/README.md
@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).
diff --git a/ANSIBLE/roles/icinga2/defaults/main.yml b/ANSIBLE/roles/icinga2/defaults/main.yml
new file mode 100644
index 0000000..590e2a8
--- /dev/null
+++ b/ANSIBLE/roles/icinga2/defaults/main.yml
@@ -0,0 +1,6 @@
+---
+# defaults file for roles/icinga2
+icinga2_install_web: true
+icinga2_repo_url: "https://packages.icinga.com/ubuntu"
+icinga2_release: "noble"  # or other version, etc.
+
diff --git a/ANSIBLE/roles/icinga2/handlers/main.yml b/ANSIBLE/roles/icinga2/handlers/main.yml
new file mode 100644
index 0000000..a31cc3c
--- /dev/null
+++ b/ANSIBLE/roles/icinga2/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: Restart Icinga2
+  service:
+    name: icinga2
+    state: restarted
diff --git a/ANSIBLE/roles/icinga2/meta/main.yml b/ANSIBLE/roles/icinga2/meta/main.yml
new file mode 100644
index 0000000..c572acc
--- /dev/null
+++ b/ANSIBLE/roles/icinga2/meta/main.yml
@@ -0,0 +1,52 @@
+galaxy_info:
+  author: your name
+  description: your role description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.
diff --git a/ANSIBLE/roles/icinga2/tasks/icinga2-ido.yml b/ANSIBLE/roles/icinga2/tasks/icinga2-ido.yml
new file mode 100644
index 0000000..a65e052
--- /dev/null
+++ b/ANSIBLE/roles/icinga2/tasks/icinga2-ido.yml
@@ -0,0 +1,35 @@
+---
+- name: Create IDO database
+  community.mysql.mysql_db:
+    name: "{{ icinga_db_name }}"
+    state: present
+    login_user: root
+    login_password: "{{ mariadb_root_password }}"
+
+- name: Create IDO DB user
+  community.mysql.mysql_user:
+    name: "{{ icinga_db_user }}"
+    password: "{{ icinga_db_password }}"
+    priv: "{{ icinga_db_name }}.*:ALL"
+    host: localhost
+    state: present
+    login_user: root
+    login_password: "{{ mariadb_root_password }}"
+    column_case_sensitive: true
+
+- name: Check if IDO schema has already been imported
+  stat:
+    path: /var/lib/icinga2/ido_schema_imported.flag
+  register: ido_schema_marker
+
+- name: Import IDO schema
+  shell: |
+    mysql -u root -p'{{ mariadb_root_password }}' {{ icinga_db_name }} < /usr/share/icinga2-ido-mysql/schema/mysql.sql
+  when: not ido_schema_marker.stat.exists
+
+- name: Mark IDO schema as imported
+  file:
+    path: /var/lib/icinga2/ido_schema_imported.flag
+    state: touch
+  when: not ido_schema_marker.stat.exists
+
diff --git a/ANSIBLE/roles/icinga2/tasks/main.yml b/ANSIBLE/roles/icinga2/tasks/main.yml
new file mode 100644
index 0000000..bca6060
--- /dev/null
+++ b/ANSIBLE/roles/icinga2/tasks/main.yml
@@ -0,0 +1,87 @@
+---
+- name: Ensure keyrings directory exists
+  file:
+    path: /etc/apt/keyrings
+    state: directory
+    mode: '0755'
+
+- name: Download Icinga GPG key to keyrings
+  get_url:
+    url: https://packages.icinga.com/icinga.key
+    dest: /etc/apt/keyrings/icinga.asc
+    mode: '0644'
+
+- name: Add Icinga APT repository (Ubuntu 24.04 "noble")
+  apt_repository:
+    repo: "deb [signed-by=/etc/apt/keyrings/icinga.asc] https://packages.icinga.com/ubuntu icinga-noble main"
+    state: present
+    filename: icinga
+
+- name: Add Icinga 2 GPG key
+  apt_key:
+    url: https://packages.icinga.com/icinga.key
+    state: present
+
+- name: Install Icinga 2
+  apt:
+    name: icinga2
+    state: present
+    update_cache: yes
+
+# Include IDO DB setup tasks
+- name: Setup Icinga2 IDO DB
+  include_tasks: icinga2-ido.yml
+
+- name: Start and enable icinga2 service
+  service:
+    name: icinga2
+    state: started
+    enabled: yes
+
+- name: Install Icinga Web 2 and Apache (optional)
+  when: icinga2_install_web
+  apt:
+    name:
+      - icingaweb2
+      - icingacli
+      - apache2
+      - php
+      - php-cli
+      - php-mysql
+      - php-xml
+      - php-gd
+      - php-imagick
+      - php-curl
+    state: present
+
+- name: Enable Apache for Icinga Web
+  when: icinga2_install_web
+  service:
+    name: apache2
+    state: started
+    enabled: yes
+
+- name: Configure Icinga Web 2 database (optional)
+  when: icinga2_install_web
+  debug:
+    msg: "You can add DB config, MySQL setup, etc. here."
+
+- name: Install Icinga2 IDO MySQL module
+  apt:
+    name: icinga2-ido-mysql
+    state: present
+
+- name: Enable the IDO MySQL feature
+  command: icinga2 feature enable ido-mysql
+  notify: Restart Icinga2
+
+- name: Configure IDO DB connection
+  template:
+    src: ido-mysql.conf.j2
+    dest: /etc/icinga2/features-enabled/ido-mysql.conf
+    owner: root
+    group: root
+    mode: '0644'
+  notify: Restart Icinga2
+
+ 
diff --git a/ANSIBLE/roles/icinga2/templates/ido-mysql.conf.j2 b/ANSIBLE/roles/icinga2/templates/ido-mysql.conf.j2
new file mode 100644
index 0000000..3d17907
--- /dev/null
+++ b/ANSIBLE/roles/icinga2/templates/ido-mysql.conf.j2
@@ -0,0 +1,9 @@
+library "db_ido_mysql"
+
+object IdoMysqlConnection "ido-mysql" {
+  user = "icinga"
+  password = "{{ icinga_db_password }}"
+  host = "localhost"
+  database = "icinga"
+}
+
diff --git a/ANSIBLE/roles/icinga2/tests/inventory b/ANSIBLE/roles/icinga2/tests/inventory
new file mode 100644
index 0000000..878877b
--- /dev/null
+++ b/ANSIBLE/roles/icinga2/tests/inventory
@@ -0,0 +1,2 @@
+localhost
+
diff --git a/ANSIBLE/roles/icinga2/tests/test.yml b/ANSIBLE/roles/icinga2/tests/test.yml
new file mode 100644
index 0000000..9943f49
--- /dev/null
+++ b/ANSIBLE/roles/icinga2/tests/test.yml
@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - roles/icinga2
diff --git a/ANSIBLE/roles/icinga2/vars/main.yml b/ANSIBLE/roles/icinga2/vars/main.yml
new file mode 100644
index 0000000..19b0c61
--- /dev/null
+++ b/ANSIBLE/roles/icinga2/vars/main.yml
@@ -0,0 +1,2 @@
+---
+# vars file for roles/icinga2
diff --git a/ANSIBLE/roles/icingaweb2/README.md b/ANSIBLE/roles/icingaweb2/README.md
new file mode 100644
index 0000000..225dd44
--- /dev/null
+++ b/ANSIBLE/roles/icingaweb2/README.md
@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).
diff --git a/ANSIBLE/roles/icingaweb2/defaults/main.yml b/ANSIBLE/roles/icingaweb2/defaults/main.yml
new file mode 100644
index 0000000..f32c7d1
--- /dev/null
+++ b/ANSIBLE/roles/icingaweb2/defaults/main.yml
@@ -0,0 +1,6 @@
+---
+icinga_db_name: icinga
+icinga_db_user: icinga
+
+icingaweb2_db_name: icingaweb2
+icingaweb2_db_user: icingaweb2
diff --git a/ANSIBLE/roles/icingaweb2/handlers/main.yml b/ANSIBLE/roles/icingaweb2/handlers/main.yml
new file mode 100644
index 0000000..4fe8bf2
--- /dev/null
+++ b/ANSIBLE/roles/icingaweb2/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: Restart Apache
+  service:
+    name: apache2
+    state: restarted
diff --git a/ANSIBLE/roles/icingaweb2/meta/main.yml b/ANSIBLE/roles/icingaweb2/meta/main.yml
new file mode 100644
index 0000000..c572acc
--- /dev/null
+++ b/ANSIBLE/roles/icingaweb2/meta/main.yml
@@ -0,0 +1,52 @@
+galaxy_info:
+  author: your name
+  description: your role description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.
diff --git a/ANSIBLE/roles/icingaweb2/tasks/cleanup.yml b/ANSIBLE/roles/icingaweb2/tasks/cleanup.yml
new file mode 100644
index 0000000..497856a
--- /dev/null
+++ b/ANSIBLE/roles/icingaweb2/tasks/cleanup.yml
@@ -0,0 +1,16 @@
+---
+- name: Stop MariaDB before DB cleanup
+  ansible.builtin.service:
+    name: mariadb
+    state: stopped
+
+- name: Remove icingaweb2 database directory manually (if exists)
+  ansible.builtin.file:
+    path: /var/lib/mysql/icingaweb2
+    state: absent
+
+- name: Start MariaDB after DB cleanup
+  ansible.builtin.service:
+    name: mariadb
+    state: started
+
diff --git a/ANSIBLE/roles/icingaweb2/tasks/config.yml b/ANSIBLE/roles/icingaweb2/tasks/config.yml
new file mode 100644
index 0000000..946fa0b
--- /dev/null
+++ b/ANSIBLE/roles/icingaweb2/tasks/config.yml
@@ -0,0 +1,12 @@
+- name: Copy Icinga Web 2 resources.ini
+  template:
+    src: resources.ini.j2
+    dest: /etc/icingaweb2/resources.ini
+    mode: "0644"
+
+- name: Copy Icinga Web 2 authentication.ini
+  template:
+    src: authentication.ini.j2
+    dest: /etc/icingaweb2/authentication.ini
+    mode: "0644"
+
diff --git a/ANSIBLE/roles/icingaweb2/tasks/main.yml b/ANSIBLE/roles/icingaweb2/tasks/main.yml
new file mode 100644
index 0000000..a6a9dd1
--- /dev/null
+++ b/ANSIBLE/roles/icingaweb2/tasks/main.yml
@@ -0,0 +1,5 @@
+---
+- import_tasks: cleanup.yml
+  when: icingaweb2_db_reset | default(false)
+
+- import_tasks: setup.yml
diff --git a/ANSIBLE/roles/icingaweb2/tasks/setup.yml b/ANSIBLE/roles/icingaweb2/tasks/setup.yml
new file mode 100644
index 0000000..bc8bc7c
--- /dev/null
+++ b/ANSIBLE/roles/icingaweb2/tasks/setup.yml
@@ -0,0 +1,43 @@
+---
+- name: Install Icinga Web 2 and dependencies
+  apt:
+    name:
+      - icingaweb2
+      - icingacli
+      - monitoring-plugins-contrib
+      - apache2
+      - php
+      - php-mysql
+      - php-xml
+      - php-intl
+      - php-cli
+      - php-gd
+      - php-curl
+    state: present
+    update_cache: yes
+
+- name: Create Icinga Web 2 DB 
+  community.mysql.mysql_db:
+    name: "{{ icingaweb2_db_name }}"
+    state: present
+    login_user: root
+    login_password: "{{ mariadb_root_password }}"
+
+- name: Create Icinga Web 2 DB user
+  community.mysql.mysql_user:
+    name: "{{ icingaweb2_db_user }}"
+    password: "{{ icingaweb2_db_password }}"
+    priv: "{{ icingaweb2_db_name }}.*:ALL"
+    host: localhost
+    state: present
+    login_user: root
+    login_password: "{{ mariadb_root_password }}"
+
+# Optional: Setup from CLI (optional – often done in web UI)
+# icingacli setup config directory etc.
+
+- name: Restart apache2
+  service:
+    name: apache2
+    state: restarted
+
diff --git a/ANSIBLE/roles/icingaweb2/templates/authentication.ini.j2 b/ANSIBLE/roles/icingaweb2/templates/authentication.ini.j2
new file mode 100644
index 0000000..7d8e7b9
--- /dev/null
+++ b/ANSIBLE/roles/icingaweb2/templates/authentication.ini.j2
@@ -0,0 +1,4 @@
+[authentication]
+backend = "db"
+resource = "icinga_ido"
+
diff --git a/ANSIBLE/roles/icingaweb2/templates/resources.ini.j2 b/ANSIBLE/roles/icingaweb2/templates/resources.ini.j2
new file mode 100644
index 0000000..8d82a9d
--- /dev/null
+++ b/ANSIBLE/roles/icingaweb2/templates/resources.ini.j2
@@ -0,0 +1,10 @@
+[icinga_ido]
+type = "db"
+db = "mysql"
+host = "{{ icingaweb2_db_host }}"
+port = "3306"
+dbname = "{{ icingaweb2_db_name }}"
+username = "{{ icingaweb2_db_user }}"
+password = "{{ icingaweb2_db_password }}"
+charset = "utf8"
+
diff --git a/ANSIBLE/roles/icingaweb2/tests/inventory b/ANSIBLE/roles/icingaweb2/tests/inventory
new file mode 100644
index 0000000..878877b
--- /dev/null
+++ b/ANSIBLE/roles/icingaweb2/tests/inventory
@@ -0,0 +1,2 @@
+localhost
+
diff --git a/ANSIBLE/roles/icingaweb2/tests/test.yml b/ANSIBLE/roles/icingaweb2/tests/test.yml
new file mode 100644
index 0000000..a150931
--- /dev/null
+++ b/ANSIBLE/roles/icingaweb2/tests/test.yml
@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - roles/icingaweb2
diff --git a/ANSIBLE/roles/icingaweb2/vars/main.yml b/ANSIBLE/roles/icingaweb2/vars/main.yml
new file mode 100644
index 0000000..1538cee
--- /dev/null
+++ b/ANSIBLE/roles/icingaweb2/vars/main.yml
@@ -0,0 +1,2 @@
+---
+# vars file for roles/icingaweb2
diff --git a/ANSIBLE/roles/mariadb/README.md b/ANSIBLE/roles/mariadb/README.md
new file mode 100644
index 0000000..225dd44
--- /dev/null
+++ b/ANSIBLE/roles/mariadb/README.md
@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).
diff --git a/ANSIBLE/roles/mariadb/defaults/main.yml b/ANSIBLE/roles/mariadb/defaults/main.yml
new file mode 100644
index 0000000..55c9369
--- /dev/null
+++ b/ANSIBLE/roles/mariadb/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+# defaults file for roles/mariadb
diff --git a/ANSIBLE/roles/mariadb/handlers/main.yml b/ANSIBLE/roles/mariadb/handlers/main.yml
new file mode 100644
index 0000000..b9d4719
--- /dev/null
+++ b/ANSIBLE/roles/mariadb/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: Restart MariaDB
+  service:
+    name: mariadb
+    state: restarted
diff --git a/ANSIBLE/roles/mariadb/meta/main.yml b/ANSIBLE/roles/mariadb/meta/main.yml
new file mode 100644
index 0000000..c572acc
--- /dev/null
+++ b/ANSIBLE/roles/mariadb/meta/main.yml
@@ -0,0 +1,52 @@
+galaxy_info:
+  author: your name
+  description: your role description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.
diff --git a/ANSIBLE/roles/mariadb/tasks/main.yml b/ANSIBLE/roles/mariadb/tasks/main.yml
new file mode 100644
index 0000000..708ec33
--- /dev/null
+++ b/ANSIBLE/roles/mariadb/tasks/main.yml
@@ -0,0 +1,45 @@
+---
+- name: Install MariaDB server and client
+  apt:
+    name:
+      - mariadb-server
+      - mariadb-client
+    state: present
+    update_cache: yes
+
+- name: Ensure PyMySQL is installed
+  apt:
+    name: python3-pymysql
+    state: present
+
+- name: Ensure MariaDB is running and enabled
+  service:
+    name: mariadb
+    state: started
+    enabled: true
+
+- name: Try to connect to MariaDB with root password
+  shell: |
+    mysql -u root -p'{{ mariadb_root_password }}' -e "SELECT 1;"
+  register: mysql_root_status
+  failed_when: false
+  changed_when: false
+
+- name: Set MariaDB root password if not already set
+  mysql_user:
+    name: root
+    host: "{{ item }}"
+    password: "{{ mariadb_root_password }}"
+    login_unix_socket: /run/mysqld/mysqld.sock
+    check_implicit_admin: true
+    state: present
+  loop:
+    - localhost
+    - 127.0.0.1
+    - ::1
+  when: mysql_root_status.rc != 0
+
+- debug:
+    msg: "MariaDB root password is already set, skipping reset"
+  when: mysql_root_status.rc == 0
+
diff --git a/ANSIBLE/roles/mariadb/tests/inventory b/ANSIBLE/roles/mariadb/tests/inventory
new file mode 100644
index 0000000..878877b
--- /dev/null
+++ b/ANSIBLE/roles/mariadb/tests/inventory
@@ -0,0 +1,2 @@
+localhost
+
diff --git a/ANSIBLE/roles/mariadb/tests/test.yml b/ANSIBLE/roles/mariadb/tests/test.yml
new file mode 100644
index 0000000..ac9281f
--- /dev/null
+++ b/ANSIBLE/roles/mariadb/tests/test.yml
@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - roles/mariadb
diff --git a/ANSIBLE/roles/mariadb/vars/main.yml b/ANSIBLE/roles/mariadb/vars/main.yml
new file mode 100644
index 0000000..7390026
--- /dev/null
+++ b/ANSIBLE/roles/mariadb/vars/main.yml
@@ -0,0 +1,2 @@
+---
+# vars file for roles/mariadb
diff --git a/ANSIBLE/templates/index.html.j2 b/ANSIBLE/templates/index.html.j2
new file mode 100644
index 0000000..939a6ee
--- /dev/null
+++ b/ANSIBLE/templates/index.html.j2
@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>Welcome to {{ site_name }}</title>
+</head>
+<body>
+    <h1>Welcome to {{ site_name }}</h1>
+    <p>This site is served from: {{ site_root }}</p>
+</body>
+</html>
+
diff --git a/ANSIBLE/templates/vhost.conf.j2 b/ANSIBLE/templates/vhost.conf.j2
new file mode 100644
index 0000000..a8f6ff5
--- /dev/null
+++ b/ANSIBLE/templates/vhost.conf.j2
@@ -0,0 +1,14 @@
+<VirtualHost *:80>
+    ServerName {{ site_name }}
+    DocumentRoot {{ site_root }}
+
+    <Directory {{ site_root }}>
+        Options Indexes FollowSymLinks
+        AllowOverride All
+        Require all granted
+    </Directory>
+
+    ErrorLog ${APACHE_LOG_DIR}/{{ site_name }}_error.log
+    CustomLog ${APACHE_LOG_DIR}/{{ site_name }}_access.log combined
+</VirtualHost>
+
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..c5be5e6
--- /dev/null
+++ b/README.md
@@ -0,0 +1,9 @@
+OVERVIEW
+========
+
+This ansible playbook installs an icinga2 monitoring solution onto an Ubuntu 24.04 LTS system.
+
+VARIABLES
+=========
+
+I need to do more documentation!
diff --git a/ansible.sh b/ansible.sh
new file mode 100755
index 0000000..90cbfd2
--- /dev/null
+++ b/ansible.sh
@@ -0,0 +1,41 @@
+#/bin/bash
+
+#Sets up an initial ANSIBLE environment
+
+set -e
+CONTROLLER="./ANSIBLE"
+
+mkdir -p $CONTROLLER
+
+cd $CONTROLLER
+
+cat <<EOT > ansible.cfg
+[defaults]
+inventory = $CONTROLLER/hosts
+remote_user = root
+EOT
+
+
+#Make infrastructure
+touch site.yml
+touch hosts
+touch servers.yml
+touch fooservers.yml
+mkdir -p ./roles/common/tasks
+mkdir -p ./roles/common/handlers
+mkdir -p ./roles/common/files
+mkdir -p ./roles/common/templates
+mkdir -p ./roles/common/vars
+mkdir -p ./roles/common/defaults
+mkdir -p ./roles/common/meta
+
+mkdir -p ./roles/servers/tasks
+mkdir -p ./roles/servers/handlers
+mkdir -p ./roles/servers/files
+mkdir -p ./roles/servers/templates
+mkdir -p ./roles/servers/vars
+mkdir -p ./roles/servers/defaults
+mkdir -p ./roles/servers/meta
+
+mkdir -p ./group_vars
+mkdir -p ./host_vars