Icingaweb2/ANSIBLE/files/monitor.telos.digital/conf.d/services.conf

/*
 * Service apply rules.
 *
 * The CheckCommand objects `ping4`, `ping6`, etc
 * are provided by the plugin check command templates.
 * Check the documentation for details.
 *
 * Tip: Use `icinga2 object list --type Service` to
 * list all service objects after running
 * configuration validation (`icinga2 daemon -C`).
 */

/*
 * This is an example host based on your
 * local host's FQDN. Specify the NodeName
 * constant in `constants.conf` or use your
 * own description, e.g. "db-host-1".
 */

/*
 * These are generic `ping4` and `ping6`
 * checks applied to all hosts having the
 * `address` resp. `address6` attribute
 * defined.
 */
apply Service "ping4" {
  import "generic-service"

  check_command = "ping4"

  assign where host.vars.ping == true     /* Only if the host has vars.ping = true */
}

apply Service "ping6" {
  import "generic-service"

  check_command = "ping6"

  assign where host.address6
}

/*
 * Apply the `ssh` service to all hosts
 * with the `address` attribute defined and
 * the custom variable `os` set to `Linux`.
 */
apply Service "ssh" {
  import "generic-service"

  check_command = "ssh"

  assign where (host.address || host.address6) && host.vars.os == "Linux"
}



apply Service for (http_vhost => config in host.vars.http_vhosts) {
  import "generic-service"

  check_command = "http"

  vars += config
}

apply Service for (disk => config in host.vars.disks) {
  import "generic-service"

  check_command = "disk"

  vars += config
}

apply Service "icinga" {
  import "generic-service"

  check_command = "icinga"

  assign where host.name == NodeName
}

apply Service "load" {
  import "generic-service"

  check_command = "load"

  /* Used by the ScheduledDowntime apply rule in `downtimes.conf`. */
  vars.backup_downtime = "02:00-03:00"

  assign where host.name == NodeName
}

apply Service "procs" {
  import "generic-service"

  check_command = "procs"

  assign where host.name == NodeName
}

/* COMMENTED OUT AS NO SWAP ON THIS TINY SERVER
*apply Service "swap" {
*  import "generic-service"
*
*  check_command = "swap"
*
*  assign where host.name == NodeName
*}
*/

apply Service "users" {
  import "generic-service"

  check_command = "users"

  assign where host.name == NodeName
}

apply Service "https" {
  import "generic-service"
  check_command = "http"

  vars.http_ssl = true
  vars.http_sni = true
  vars.http_address = host.address
  vars.http_port = 443
  vars.http_certificate = "20,7"
  check_interval = 51m
  retry_interval = 5m
  max_check_attempts = 2

  assign where "https-checked" in host.groups
}

apply Service "ssl-cert-expiry" {
  import "generic-service"
  check_command = "ssl_cert"

  vars.ssl_cert_host = host.address
  vars.ssl_cert_port = 443
  vars.ssl_cert_critical = 3 
  vars.ssl_cert_warn = 7
  check_interval = 53m
  retry_interval = 3m
  max_check_attempts = 3
  assign where "https-checked" in host.groups
}

apply Service "imap-cert-expiry" {
  import "generic-service"
  check_command = "ssl_cert"
  vars.ssl_cert_host = host.address
  vars.ssl_cert_port = 993
  vars.ssl_cert_critical = 3
  vars.ssl_cert_warn = 7
  check_interval = 13m
  retry_interval = 3m
  max_check_attempts = 3
  assign where "mail-server" in host.groups
}

/* Not needed as mailserver using the same imap certificate for SMTP
apply Service "smtp-cert-expiry" {
  import "generic-service"
  check_command = "ssl_cert"
  vars.ssl_cert_host = vars.smtp_host
  vars.ssl_cert_port = 465
  vars.ssl_cert_critical = 3
  vars.ssl_cert_warn = 7
  check_interval = 13m
  retry_interval = 3m
  max_check_attempts = 3
  assign where "mail-server" in host.groups
}
*/

apply Service "mail_cert_check" {
  import "generic-service"
  check_command = "imap_ssl_cert"

  vars.imap_ssl_cert_host = host.name
  vars.imap_ssl_cert_warn_days = 30
  vars.imap_ssl_cert_crit_days = 10

  assign where "mail-server" in host.groups
}