From 4d19b05594578b33d7406f80294a97ecefe32c99 Mon Sep 17 00:00:00 2001
From: jaydee <jaydee@inmail.sk>
Date: Wed, 12 Jun 2024 22:28:53 +0200
Subject: [PATCH] bitwarden

---
 playbooks/00_install_zabbix_server.yml      | 115 ++++++++++++++++++++
 playbooks/00_install_zabbix_server_cert.yml |  16 +++
 playbooks/setup_fog_nfs.yml                 |  48 ++++++++
 3 files changed, 179 insertions(+)
 create mode 100644 playbooks/00_install_zabbix_server.yml
 create mode 100644 playbooks/00_install_zabbix_server_cert.yml
 create mode 100644 playbooks/setup_fog_nfs.yml

diff --git a/playbooks/00_install_zabbix_server.yml b/playbooks/00_install_zabbix_server.yml
new file mode 100644
index 0000000..d943da7
--- /dev/null
+++ b/playbooks/00_install_zabbix_server.yml
@@ -0,0 +1,115 @@
+- hosts: datacenter
+  name: Install zabbix agent
+  become: true
+  vars:
+    ZABBIX_SERVER_IP: "192.168.77.216"
+    ZABBIX_DB_PASSWORD: "zabbix"
+  tasks:
+    - name: Print all available facts
+      ansible.builtin.debug:
+        var: ansible_facts.architecture
+    # - name: Upload zabbix package
+    #   ansible.builtin.copy:
+    #     src: packages/zabbix-release_6.4-1+ubuntu22.04_all.deb
+    #     dest: /tmp/
+
+    - name: Install a .deb package from the internet
+      ansible.builtin.apt:
+        #deb: https://repo.zabbix.com/zabbix/6.4/debian/pool/main/z/zabbix-release/zabbix-release_6.4-1+debian12_all.deb
+        deb: https://repo.zabbix.com/zabbix/7.0/debian/pool/main/z/zabbix-release/zabbix-release_7.0-1+debian12_all.deb
+      when:
+        - ansible_facts.architecture != "armv7l"  and ansible_distribution == "Debian"  and ansible_distribution_major_version  == "12"
+    
+
+
+    # - name: Install a .deb package localy
+    #   ansible.builtin.apt:
+    #     deb: /tmp/zabbix-release_6.4-1+ubuntu22.04_all.deb
+    - name: Install zabbix packages
+      ansible.builtin.apt:
+        name: 
+          - zabbix-agent2
+          - zabbix-agent2-plugin-*
+          - zabbix-server-pgsql
+          - zabbix-frontend-php
+          - php8.2-pgsql
+          - zabbix-nginx-conf
+          - zabbix-sql-scripts
+          - postgresql
+          - postgresql-client
+        update_cache: yes
+
+    - name: Apt exclude linux-dtb-current-meson64
+      ansible.builtin.shell: echo "CREATE USER zabbix password 'zabbix';" |  su -c /usr/bin/psql postgres
+    - name: Apt exclude linux-dtb-current-meson64
+      ansible.builtin.shell: sudo -u postgres createdb -O zabbix zabbix 
+    - name: Apt exclude linux-dtb-current-meson64
+      ansible.builtin.shell: zcat /usr/share/zabbix-sql-scripts/postgresql/server.sql.gz | sudo -u zabbix psql zabbix 
+
+    - name: Reconfigure zabbix agent Server
+      ansible.builtin.lineinfile:
+        path: /etc/zabbix/zabbix_server.conf 
+        regexp: "^DBPassword=.*"
+        insertafter: '^# DBPassword='
+        line: "DBPassword={{ ZABBIX_DB_PASSWORD }}"
+    - name: Reconfigure zabbix agent Server
+      ansible.builtin.lineinfile:
+        path: /etc/nginx/conf.d/zabbix.conf 
+        regexp: "^#        listen.*"
+        line: "        listen          8080;"
+    - name: Reconfigure zabbix agent Server
+      ansible.builtin.lineinfile:
+        path: /etc/nginx/conf.d/zabbix.conf 
+        regexp: "^#        server_name.*"
+        line: "        server_name     zabbix.sectorq.eu;"     
+
+
+    - name: Reconfigure zabbix agent Server
+      ansible.builtin.lineinfile:
+        path: /etc/zabbix/zabbix_agent2.conf
+        regexp: "^Server=.*"
+        insertafter: '^# Server='
+        line: "Server=192.168.77.0/24"
+
+    - name: Reconfigure zabbix agent ServerActive
+      ansible.builtin.lineinfile:
+        path: /etc/zabbix/zabbix_agent2.conf
+        regexp: "^ServerActive=.*"
+        line: "ServerActive={{ ZABBIX_SERVER_IP }}"
+    - name: Reconfigure zabbix agent ListenPort
+      ansible.builtin.lineinfile:
+        path: /etc/zabbix/zabbix_agent2.conf
+        regexp: "^ListenPort=.*"
+        line: "ListenPort=10050"
+    # - name: Reconfigure zabbix agent ListenIP
+    #   ansible.builtin.lineinfile:
+    #     path: /etc/zabbix/zabbix_agent2.conf
+    #     regexp: "^ListenIP=.*"
+    #     line: "ListenIP=0.0.0.0"
+    - name: Reconfigure zabbix-agent2 hostname
+      ansible.builtin.lineinfile:
+        path: /etc/zabbix/zabbix_agent2.conf
+        regexp: "^Hostname=.*"
+        line: "Hostname={{ansible_hostname}}"
+    - name: Reconfigure zabbix-agent2 hostname
+      ansible.builtin.lineinfile:
+        path: /etc/zabbix/zabbix_agent2.conf
+        regexp: "^UserParameter=.*"
+        insertafter: '^# UserParameter='
+        line: "UserParameter=system.temperature,vcgencmd measure_temp"
+    - name: Reconfigure zabbix-agent2 hostname
+      ansible.builtin.lineinfile:
+        path: /etc/zabbix/zabbix_agent2.conf
+        regexp: "^HostMetadata=.*"
+        insertafter: '^# HostMetadata='
+        line: "HostMetadata=linux;jaydee"
+
+    - name: Restart zabbix-server service
+      ansible.builtin.service:
+        name: "{{ item }}"
+        state: restarted
+        enabled: true
+      loop:
+        - zabbix-server.service
+        - zabbix-agent2.service
+        - nginx.service   
\ No newline at end of file
diff --git a/playbooks/00_install_zabbix_server_cert.yml b/playbooks/00_install_zabbix_server_cert.yml
new file mode 100644
index 0000000..0568616
--- /dev/null
+++ b/playbooks/00_install_zabbix_server_cert.yml
@@ -0,0 +1,16 @@
+- hosts: datacenter
+  name: Install zabbix agent
+  become: true
+  tasks:
+    - name: Creating a file with content
+      copy:
+        dest: "/usr/share/zabbix/conf/certs/idp.crt"
+        content: "{{ ZABBIX_IDP_CERT }}"
+    - name: Creating a file with content
+      copy:
+        dest: "/usr/share/zabbix/conf/certs/sp.key"
+        content: "{{ ZABBIX_AUTH_KEY }}"
+    - name: Creating a file with content
+      copy:
+        dest: "/usr/share/zabbix/conf/certs/sp.crt"
+        content: "{{ ZABBIX_AUTH_CERT }}"
\ No newline at end of file
diff --git a/playbooks/setup_fog_nfs.yml b/playbooks/setup_fog_nfs.yml
new file mode 100644
index 0000000..78f30ac
--- /dev/null
+++ b/playbooks/setup_fog_nfs.yml
@@ -0,0 +1,48 @@
+- hosts: datacenter
+  name: Setup nfs
+  gather_facts: false
+  tasks:
+    - name: Install nfs
+      ansible.builtin.apt:
+        name: nfs-kernel-server
+        state: present
+      when: inventory_hostname in groups['fog']
+
+
+    - name: Reconfigure common-session
+      ansible.builtin.lineinfile:
+        path: /etc/exports
+        regexp: "/images .*"
+        line: "/images *(rw,sync,no_wdelay,no_subtree_check,insecure_locks,no_root_squash,insecure,fsid=0)"
+      become: true
+      when: inventory_hostname in groups['fog']
+    - name: Restart autofs service
+      ansible.builtin.service:
+        name: nfs-kernel-server.service
+        state: restarted
+      become: true
+      when: inventory_hostname in groups['fog']
+    - name: Creating a file with content wol  service
+      ansible.builtin.copy:
+        dest: "/etc/auto.fog"
+        content: |
+          fog-images -fstype=nfs  192.168.77.108:/images
+      become: true
+      when: inventory_hostname in groups['morefine']
+
+    - name: Restart autofs service
+      ansible.builtin.service:
+        name: autofs.service
+        state: restarted
+      become: true
+      when: inventory_hostname in groups['morefine']
+
+    # - name: Creating script to fetch ldap info
+    #   ansible.builtin.copy:
+    #     dest: "/usr/local/bin/fetchSSHKeysFromLDAP"
+    #     content: |
+    #       #!/bin/bash
+    #       ldapsearch  -b "dc=sectorq,dc=eu" -H ldap://192.168.77.106:389 -x '(&(objectClass=ldapPublicKey)(cn='"$1"'))' 'sshPublicKey' |     sed -n '/^ /{H;d};/sshPublicKey:/x;$g;s/\n *//g;s/sshPublicKey: //gp'
+    #     owner: admin
+    #     mode: '0744'
+    #   when: inventory_hostname in groups['nas']