site.yml

@@ -92,7 +92,8 @@
         servicename: homeassistant, 
         basedir: /srv/homeassistant,
         domain: "ha.warpzone.lan",
-        influxdb_port: 38086
+        homematic_callback_port: 8060,
+        influxdb_port: 38086       
       }
     - { 
         role: intern/docker_mqtt, tags: mqtt, 
@@ -118,12 +119,6 @@
         omada_port_https: 8043,
         omada_portal_https: 8843
       }
-    - {
-        role: intern/docker_graylog, tags: graylog,
-        servicename: graylog,
-        basedir: /srv/graylog,
-        domain: "graylog.warpzone.lan"
-      }
     - { 
         role: intern/docker_tasmoadmin, tags: tasmoadmin, 
         servicename: tasmoadmin,
@@ -146,6 +141,7 @@
     - { role: common/kvm-guest, tags: kvm-guest }
     - { role: common/openvpn, tags: openvpn }
     - { role: common/prometheus-node, tags: prometheus-node }
+    - { role: common/wireguard, tags: wireguard }
     - { 
         role: common/docker_dockerstats, tags: dockerstats, 
         servicename: dockerstats, 
@@ -189,9 +185,7 @@
         basedir: /srv/icinga, 
         domain: icinga.warpzone.ms,
         api_port: 5665,
-        mysql_port: 33306, 
-        matrix_notification_domain: "matrix.warpzone.ms",
-        matrix_notification_room: "!iYefxbySFEfFQfUGEK:matrix.warpzone.ms"
+        mysql_port: 33306
       }
     - { 
         role: webserver/docker_hackmd, tags: hackmd,
@@ -270,7 +264,6 @@
         servicename: traefik,
         basedir: /srv/traefik,
         domain: "warpzone.ms",
-        domain_default: "www.warpzone.ms" 
       }      
     - { 
         role: verwaltung/docker_gitea, tags: gitea,

verwaltung/docker_gitea/tasks/main.yml

 ---
 # Get secrets 
-- include: ../functions/get_secret.yml
+- include_tasks: ../functions/get_secret.yml
   with_items:
     - { path: /srv/gitea/mysql_root_pw, length: 24 }
     - { path: /srv/gitea/mysql_user_pw, length: 12 }

verwaltung/docker_jameica/templates/docker-compose.yml

@@ -36,7 +36,7 @@ services:
 
 
   nginx:
-    image: nginx:1.19
+    image: nginx:1.25
     restart: always
     depends_on:
       - vnc

verwaltung/docker_mysql/tasks/main.yml

 ---
 # Get secrets
-- include: ../functions/get_secret.yml
+- include_tasks: ../functions/get_secret.yml
   with_items:
     - { path: /srv/mysql/mysql_root_pw, length: 24 }
     - { path: /srv/mysql/mysql_user_pw, length: 12 }

verwaltung/docker_nextcloud/tasks/main.yml

 ---
 
-- include: ../functions/get_secret.yml
+- include_tasks: ../functions/get_secret.yml
   with_items:
     - { path: /srv/nextcloud/nextcloud_admin_pass,  length: 24 }
     - { path: /srv/nextcloud/mysql_admin_pass,  length: 24 }

verwaltung/docker_nextcloud/templates/docker-compose.yml

@@ -42,6 +42,9 @@ services:
       MYSQL_HOST: mysql
       NEXTCLOUD_ADMIN_USER: "admin"
       NEXTCLOUD_ADMIN_PASSWORD: "{{nextcloud_admin_pass}}"
+      OVERWRITEPROTOCOL: https
+      OVERWRITECLIURL: https://{{ domain }}
+      OVERWRITEHOST: {{ domain }}
     labels:
       - traefik.enable=true
       - traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)

verwaltung/jameica/tasks/main.yml

@@ -12,7 +12,7 @@
       - openjdk-11-jre
 
 # Get secrets 
-- include: ../functions/get_secret.yml
+- include_tasks: ../functions/get_secret.yml
   with_items:
     - { path: /srv/mysql/mysql_user_pw, length: 12 }
    

webserver/docker_dokuwiki/templates/Dockerfile

-FROM php:7.4.33-apache-bullseye
+FROM php:8.2.8-apache-bookworm
 
 # php-gd modul für dw2pdf plugin
 RUN apt-get update && apt-get install -y \

webserver/docker_dokuwiki/templates/sendmail_plenum.py

@@ -30,7 +30,7 @@ def do_work():
 
         # There are no topics - just exit
         if (len(topics) == 0):
-            exit()
+            return True
 
         # calculate date of next tuesday
         d = datetime.date.today()

webserver/docker_gitlab/templates/conf/gitlab.rb

@@ -1426,17 +1426,27 @@ nginx['proxy_set_headers'] = {
 ################################################################################
 
 # logging['svlogd_size'] = 200 * 1024 * 1024 # rotate after 200 MB of log data
+logging['svlogd_size'] = 200 * 1024 * 1024
 # logging['svlogd_num'] = 30 # keep 30 rotated log files
+logging['svlogd_num'] = 30
 # logging['svlogd_timeout'] = 24 * 60 * 60 # rotate after 24 hours
+logging['svlogd_timeout'] = 24 * 60 * 60
 # logging['svlogd_filter'] = "gzip" # compress logs with gzip
+logging['svlogd_filter'] = "gzip"
 # logging['svlogd_udp'] = nil # transmit log messages via UDP
 # logging['svlogd_prefix'] = nil # custom prefix for log messages
 # logging['logrotate_frequency'] = "daily" # rotate logs daily
+logging['logrotate_frequency'] = "daily"
 # logging['logrotate_maxsize'] = nil # rotate logs when they grow bigger than size bytes even before the specified time interval (daily, weekly, monthly, or yearly)
+logging['logrotate_maxsize'] = "200M"
 # logging['logrotate_size'] = nil # do not rotate by size by default
+logging['logrotate_size'] = "50M"
 # logging['logrotate_rotate'] = 30 # keep 30 rotated logs
+logging['logrotate_rotate'] = 30
 # logging['logrotate_compress'] = "compress" # see 'man logrotate'
+logging['logrotate_compress'] = "compress"
 # logging['logrotate_method'] = "copytruncate" # see 'man logrotate'
+logging['logrotate_method'] = "copytruncate"
 # logging['logrotate_postrotate'] = nil # no postrotate command by default
 # logging['logrotate_dateformat'] = nil # use date extensions for rotated files rather than numbers e.g. a value of "-%Y-%m-%d" would give rotated files like production.log-2016-03-09.gz
 
@@ -1458,7 +1468,7 @@ nginx['proxy_set_headers'] = {
 ##! Docs: https://docs.gitlab.com/omnibus/settings/logs.html#logrotate
 ##! You can disable built in logrotate feature.
 ################################################################################
-# logrotate['enable'] = true
+logrotate['enable'] = true
 # logrotate['log_directory'] = "/var/log/gitlab/logrotate"
 
 ################################################################################

webserver/docker_gitlab/templates/docker-compose.yml

@@ -5,7 +5,7 @@ services:
 
   app:
 
-    image: gitlab/gitlab-ce:15.10.2-ce.0
+    image: gitlab/gitlab-ce:15.11.5-ce.0
     restart: always
     ports:
       - "444:22"

webserver/docker_icinga/tasks/main.yml

 ---
 
-- include: ../functions/get_secret.yml
+- include_tasks: ../functions/get_secret.yml
   with_items:
     - { path: /srv/ldap/secret/ldap_readonly_pass, length: -1 }
     - { path: "{{ basedir }}/icinga_admin_pass",  length: 12 }

webserver/docker_icinga/templates/Dockerfile

@@ -13,9 +13,10 @@ RUN apt-get update \
     libnet-dns-perl \
     libnet-ip-perl \
     perl \
-    python3-requests \
     python3 \
-    python3-paho-mqtt \
+    python3-pip \
+    python3-requests \
+    virtualenv \
  && apt-get autoremove -y \
  && apt-get clean \
  && rm -rf /tmp/* /var/lib/apt/lists/* /var/cache/debconf/*-old
@@ -49,8 +50,16 @@ RUN cd /opt/ \
  && cd /opt/check_metric_value/ \
  && git checkout b94d3c3e78497a05e3b4520d33421f37e4d77985
 
-# icinga2-matrix_notification - commit from 15.04.2012
+# icinga2-matrix-bot - commit from 10.06.2018
+# create a symlink to emulate virtualenv 
+# patch matrix-service-notification.sh
 RUN cd /opt/ \
- && git clone https://github.com/linuxmail/icinga2-matrix_notification \
- && cd /opt/icinga2-matrix_notification/ \
- && git checkout 99d2174a3b00e9a88648fe58bcd975368f69837d
+ && git clone https://github.com/symptog/icinga2-matrix-bot.git \
+ && cd /opt/icinga2-matrix-bot/ \
+ && git checkout 86d03ed8884950eb2b883a9a94ecf93460b8e0bb \
+ && pip install -r requirements.txt \
+ && mkdir /opt/icinga2-matrix-bot/.venv \
+ && mkdir /opt/icinga2-matrix-bot/.venv/bin \
+ && ln -s /usr/bin/python3 /opt/icinga2-matrix-bot/.venv/bin/python \
+ && sed -i 's/matrix-host-state/matrix-service-state/' icinga2/matrix-service-notification.sh
+ 
\ No newline at end of file

webserver/docker_icinga/templates/etc/icinga/conf.d/commands2.conf

@@ -80,131 +80,49 @@ object CheckCommand "check_metric_value" {
  */
 
 object NotificationCommand "matrix-host-notification" {
-    import "plugin-notification-command"
-    command = [ "/opt/icinga2-matrix_notification/scripts/matrix-host-notification.sh" ]
-    arguments += {
-        "-4" = "$notification_address$"
-        "-6" = "$notification_address6$"
-        "-b" = "$notification_author$"
-        "-c" = "$notification_comment$"
-        "-d" = {
-            required = true
-            value = "$notification_date$"
-        }
-        "-i" = "$notification_icingaweb2url$"
-        "-l" = {
-            required = true
-            value = "$notification_hostname$"
-        }
-        "-m" = {
-            required = true
-            value = "$notification_matrix_room_id$"
-        }
-        "-n" = {
-            required = true
-            value = "$notification_hostdisplayname$"
-        }
-        "-o" = {
-            required = true
-            value = "$notification_hostoutput$"
-        }
-        "-s" = {
-            required = true
-            value = "$notification_hoststate$"
-        }
-        "-t" = {
-            required = true
-            value = "$notification_type$"
-        }
-        "-x" = {
-            required = true
-            value = "$notification_matrix_server$"
-        }
-        "-y" = {
-            required = true
-            value = "$notification_matrix_token$"
-        }
-    }
-    vars.notification_address = "$address$"
-    vars.notification_address6 = "$address6$"
-    vars.notification_author = "$notification.author$"
-    vars.notification_comment = "$notification.comment$"
-    vars.notification_date = "$icinga.long_date_time$"
-    vars.notification_hostdisplayname = "$host.display_name$"
-    vars.notification_hostname = "$host.name$"
-    vars.notification_hostoutput = "$host.output$"
-    vars.notification_hoststate = "$host.state$"
-    vars.notification_type = "$notification.type$"
+  import "plugin-notification-command"
+
+  command = [ "/opt/icinga2-matrix-bot/icinga2/matrix-host-notification.sh" ]
+
+  env = {
+    "NOTIFICATIONTYPE" = "$notification.type$"
+    "HOSTALIAS" = "$host.display_name$",
+    "HOSTADDRESS" = "$address$",
+    "HOSTNAME" = "$host.name$",
+    "HOSTSTATE" = "$host.state$",
+    "LONGDATETIME" = "$icinga.long_date_time$",
+    "HOSTOUTPUT" = "$host.output$",
+    "NOTIFICATIONAUTHORNAME" = "$notification.author$",
+    "NOTIFICATIONCOMMENT" = "$notification.comment$",
+    "HOSTDISPLAYNAME" = "$host.display_name$",
+    "ICINGA_WEBURL" = "$notification_icingaweb2url$",
+    "MATRIX_SERVER" = "$user.vars.matrix.server$",
+    "MATRIX_TOKEN" = "$user.vars.matrix.token$",
+    "MATRIX_CHANNEL" = "$user.vars.matrix.channel$",
+  }
 }
 
-
 object NotificationCommand "matrix-service-notification" {
-    import "plugin-notification-command"
-    command = [ "/opt/icinga2-matrix_notification/scripts/matrix-service-notification.sh" ]
-    arguments += {
-        "-4" = {
-            required = true
-            value = "$notification_address$"
-        }
-        "-6" = "$notification_address6$"
-        "-b" = "$notification_author$"
-        "-c" = "$notification_comment$"
-        "-d" = {
-            required = true
-            value = "$notification_date$"
-        }
-        "-e" = {
-            required = true
-            value = "$notification_servicename$"
-        }
-        "-i" = "$notification_icingaweb2url$"
-        "-l" = {
-            required = true
-            value = "$notification_hostname$"
-        }
-        "-m" = {
-            required = true
-            value = "$notification_matrix_room_id$"
-        }
-        "-n" = {
-            required = true
-            value = "$notification_hostdisplayname$"
-        }
-        "-o" = {
-            required = true
-            value = "$notification_serviceoutput$"
-        }
-        "-s" = {
-            required = true
-            value = "$notification_servicestate$"
-        }
-        "-t" = {
-            required = true
-            value = "$notification_type$"
-        }
-        "-u" = {
-            required = true
-            value = "$notification_servicedisplayname$"
-        }
-        "-x" = {
-            required = true
-            value = "$notification_matrix_server$"
-        }
-        "-y" = {
-            required = true
-            value = "$notification_matrix_token$"
-        }
-    }
-    vars.notification_address = "$address$"
-    vars.notification_address6 = "$address6$"
-    vars.notification_author = "$notification.author$"
-    vars.notification_comment = "$notification.comment$"
-    vars.notification_date = "$icinga.long_date_time$"
-    vars.notification_hostdisplayname = "$host.display_name$"
-    vars.notification_hostname = "$host.name$"
-    vars.notification_servicedisplayname = "$service.display_name$"
-    vars.notification_serviceoutput = "$service.output$"
-    vars.notification_servicestate = "$service.state$"
-    vars.notification_type = "$notification.type$"
-    vars.notification_servicename = "$service.name$"
+  import "plugin-notification-command"
+
+  command = [ "/opt/icinga2-matrix-bot/icinga2/matrix-service-notification.sh" ]
+
+  env = {
+    "NOTIFICATIONTYPE" = "$notification.type$"
+    "SERVICEDESC" = "$service.name$"
+    "HOSTALIAS" = "$host.display_name$",
+    "HOSTNAME" = "$host.name$",
+    "HOSTADDRESS" = "$address$",
+    "SERVICESTATE" = "$service.state$",
+    "LONGDATETIME" = "$icinga.long_date_time$",
+    "SERVICEOUTPUT" = "$service.output$",
+    "NOTIFICATIONAUTHORNAME" = "$notification.author$",
+    "NOTIFICATIONCOMMENT" = "$notification.comment$",
+    "HOSTDISPLAYNAME" = "$host.display_name$",
+    "SERVICEDISPLAYNAME" = "$service.display_name$",
+    "ICINGA_WEBURL" = "$notification_icingaweb2url$",
+    "MATRIX_SERVER" = "$user.vars.matrix.server$",
+    "MATRIX_TOKEN" = "$user.vars.matrix.token$",
+    "MATRIX_CHANNEL" = "$user.vars.matrix.channel$",
+  }
 }

webserver/docker_icinga/templates/etc/icinga/conf.d/hosts_manual.conf

 
-object Host "warpfire" {
+object Host "wz-router" {
   import "generic-host"
 
   address = "192.168.0.1"
@@ -7,11 +7,77 @@ object Host "warpfire" {
   groups = [ "network" ]
 }
 
-object Host "switch-sw01-hp" {
+object Host "wz-sw-core" {
   import "generic-host"
 
-  address = "192.168.0.100"
+  address = "192.168.0.2"
 
   groups = [ "network" ]
 }
 
+object Host "wz-sw-access" {
+  import "generic-host"
+
+  address = "192.168.0.3"
+  
+  # Keine Notifications, da der Switch aus ist wenn die Zone geschlossen ist 
+  vars.enable_nofitications = false
+
+  groups = [ "network" ]
+}
+
+object Host "wz-sw-dach" {
+  import "generic-host"
+
+  address = "192.168.0.4"
+
+  groups = [ "network" ]
+}
+
+object Host "wz-ap-dach" {
+  import "generic-host"
+
+  address = "192.168.0.13"
+
+  groups = [ "network" ]
+}
+
+object Host "wz-ap-eingang" {
+  import "generic-host"
+
+  address = "192.168.0.14"
+
+  groups = [ "network" ]
+}
+
+object Host "wz-ap-lounge" {
+  import "generic-host"
+
+  address = "192.168.0.10"
+
+  groups = [ "network" ]
+}
+
+object Host "wz-ap-vortrag" {
+  import "generic-host"
+
+  address = "192.168.0.12"
+
+  groups = [ "network" ]
+}
+
+object Host "wz-ap-werkstatt" {
+  import "generic-host"
+
+  address = "192.168.0.11"
+
+  groups = [ "network" ]
+}
+
+object Host "eq3max-cube" {
+  import "generic-host"
+
+  address = "{{ eq3max.cube_host }}"
+
+  groups = [ "network" ]
+}

webserver/docker_icinga/templates/etc/icinga/conf.d/notifications.conf

 
-// https://github.com/linuxmail/icinga2-matrix_notification
-/**
- * Example Matrix.org apply rules.
- * The "!<id>:matrix.org" needs to be replaced with the room ID
- * for example "!SDFfskjfdszhdaslasdkjhdasd:matrix.org".
- * Also a Matrix access token is required too.
- */
+apply Notification "matrix" to Host {
+  import "matrix-host-notification"
 
-apply Notification "Matrix host problems" to Host {
-    import "matrix-host-notification"
+  users = [ "matrix" ]
 
-    user_groups = [ "icingaadmins" ]
+  interval = 4h
 
-    vars.notification_matrix_server = "https://{{ matrix_notification_domain }}"
-    vars.notification_matrix_room_id = "{{ matrix_notification_room }}"
-    vars.notification_matrix_token = "{{ matrix_notification_access_token }}"
-
-    # Assign to all hosts
-    assign where host.address 
+  assign where host.address && host.vars.enable_nofitications != false
 }
 
-apply Notification "Matrix service problems" to Service {
-    import "matrix-service-notification"
 
-    user_groups = [ "icingaadmins" ]
+apply Notification "matrix" to Service {
+  import "matrix-service-notification"
+
+  users = [ "matrix" ]
 
-    vars.notification_matrix_server = "https://{{ matrix_notification_domain }}"
-    vars.notification_matrix_room_id = "{{ matrix_notification_room }}"
-    vars.notification_matrix_token = "{{ matrix_notification_access_token }}"
+  interval = 4h
 
-    # Assign to all services
-    assign where service.name
+  assign where service.name && service.vars.enable_nofitications != false
 }
+

webserver/docker_icinga/templates/etc/icinga/conf.d/services_domains.conf

@@ -151,6 +151,8 @@ apply Service "spf record - {{ mail_domains[maildomain].maildomain }}" {
   assign where host.address && host.vars.is_dnsserver == "True"
 }
 
+  {% if mail_domains[maildomain].dmarc is defined %}
+
 apply Service "DMARC record - {{ mail_domains[maildomain].maildomain }}" {
   import "generic-service"
 
@@ -166,7 +168,7 @@ apply Service "DMARC record - {{ mail_domains[maildomain].maildomain }}" {
 
   assign where host.address && host.vars.is_dnsserver == "True"
 }
-
+  {% endif %}
 
   {% if mail_domains[maildomain].dkim is defined %}
   {% for entry in mail_domains[maildomain].dkim %}
@@ -179,7 +181,7 @@ apply Service "DKIM {{entry.selector}} record - {{ mail_domains[maildomain].mail
 
   vars.dig_lookup = "{{entry.selector}}._domainkey.{{ mail_domains[maildomain].maildomain }}"
   vars.dig_record_type = "TXT"
-  vars.dig_expected_address = "{{ entry.value }}"
+  vars.dig_expected_address = "{{ entry.value | replace("\"","\\\"") }}"
   vars.dig_arguments = "+tcp"
 
   groups = [ "mail" ]

webserver/docker_icinga/templates/etc/icinga/conf.d/services_homematic.conf

+
+apply Service "homematic-exporter" {
+  import "generic-service"
+
+  check_command = "http"
+  enable_perfdata = false
+
+  vars.http_address = "{{ hostvars['ogg'].int_ip4 }}"
+  vars.http_port = 8010
+  vars.http_uri = "/metrics"
+
+  groups = [ "exporter", "homematic" ]
+
+  assign where host.name == "ogg"
+}
+
+{% for device in homematic.devices_heizung %}
+
+apply Service "{{ device.name }}_homematic_lowbat" {
+  import "generic-service"
+
+  check_command = "check_metric_value"
+  enable_perfdata = true
+
+  vars.metric_url = "http://{{ hostvars['ogg'].int_ip4 }}:8010/metrics"
+  vars.metric_name = "homematic_lowbat"
+  vars.metric_labelname = "device"
+  vars.metric_labelvalue = "{{ device.id }}:0"
+  vars.metric_operator = "gt"
+  vars.metric_warn = "0"
+  vars.metric_crit = "0"
+
+  assign where host.name == "ogg"
+}
+
+{% endfor %}
\ No newline at end of file

webserver/docker_icinga/templates/etc/icinga/conf.d/services_manual.conf

@@ -9,4 +9,49 @@ apply Service "warpfire-admin" {
   vars.http_port = 80
 
   assign where host.name == "warpfire"
-}
\ No newline at end of file
+}
+
+apply Service "wz-uplink-globe" {
+  import "generic-service"
+
+  check_command = "ping4"
+
+  vars.ping_address = "212.124.34.242"
+
+  vars.ping_wrta = "100"
+  vars.ping_crta = "300"
+  vars.ping_wpl = "20"
+  vars.ping_cpl = "50"
+
+  assign where host.name == "wz-router"
+}
+
+apply Service "wz-uplink-webdiscount-1" {
+  import "generic-service"
+
+  check_command = "ping4"
+
+  vars.ping_address = "212.3.64.45"
+
+  vars.ping_wrta = "100"
+  vars.ping_crta = "300"
+  vars.ping_wpl = "20"
+  vars.ping_cpl = "50"
+
+  assign where host.name == "wz-router"
+}
+
+apply Service "wz-uplink-webdiscount-2" {
+  import "generic-service"
+
+  check_command = "ping4"
+
+  vars.ping_address = "212.3.80.222"
+
+  vars.ping_wrta = "100"
+  vars.ping_crta = "300"
+  vars.ping_wpl= "20"
+  vars.ping_cpl = "50"
+
+  assign where host.name == "wz-router"
+}

webserver/docker_icinga/templates/etc/icinga/conf.d/templates.conf

@@ -87,32 +87,24 @@ template Notification "mail-service-notification" {
  */
 
 template Notification "matrix-host-notification" {
-  command = "matrix-host-notification"
+    command = "matrix-host-notification"
 
-  states = [ Up, Down ]
-  types = [ Problem, Acknowledgement, Recovery, Custom,
-            FlappingStart, FlappingEnd,
-            DowntimeStart, DowntimeEnd, DowntimeRemoved ]
-  vars += {
-    // notification_icingaweb2url = "https://{{ domain }}/icingaweb2"
-    notification_logtosyslog = false
-  }
-    // interval = 0s
+    states = [ Up, Down ]
+    types = [ Problem, Acknowledgement, Custom, FlappingStart, FlappingEnd ]
     period = "24x7"
+    vars += {
+        notification_icingaweb2url = "https://{{ domain }}/icingaweb2"
+    }
 }
 
 template Notification "matrix-service-notification" {
-  command = "matrix-service-notification"
-
-  states = [ OK, Warning, Critical, Unknown ]
-  types = [ Problem, Acknowledgement, Recovery, Custom,
-            FlappingStart, FlappingEnd,
-            DowntimeStart, DowntimeEnd, DowntimeRemoved ]
+    command = "matrix-service-notification"
 
-  vars += {
-    // notification_icingaweb2url = "https://{{ domain }}/icingaweb2"
-    notification_logtosyslog = false
-  }
-    // interval = 0s
+    states = [ OK, Critical, Unknown ]
+    types = [ Problem, Acknowledgement, Custom, FlappingStart, FlappingEnd ]
     period = "24x7"
+    vars += {
+        notification_icingaweb2url = "https://{{ domain }}/icingaweb2"
+    }
 }
+