{% for host in groups['all'] %}

  {% if hostvars[host].ext_ip4 is defined and hostvars[host].ext_ip6 is defined and hostvars[host].webserver_domains is defined %}
  {% for domain in hostvars[host].webserver_domains %}

apply Service "http_ok - {{domain}}" {
  import "generic-service"

  check_command = "http"
  enable_perfdata = false

  vars.http_address = "{{domain}}"
  vars.http_vhost = "{{domain}}"
  vars.http_port = 80

  assign where host.name == "{{host}}"
}

apply Service "http_301 - {{domain}}" {
  import "generic-service"

  check_command = "http"
  enable_perfdata = false

  vars.http_address = "{{domain}}"
  vars.http_vhost = "{{domain}}"
  vars.http_port = 80
  vars.http_expect = "301 Moved Permanently"

  assign where host.name == "{{host}}"
}

apply Service "https_ok - {{domain}}" {
  import "generic-service"

  check_command = "http"
  enable_perfdata = false

  vars.http_address = "{{domain}}"
  vars.http_vhost = "{{domain}}"
  vars.http_port = 443
  vars.http_ssl = true
  vars.http_sni = true

  assign where host.name == "{{host}}"
}

apply Service "https_cert - {{domain}}" {
  import "generic-service"

  check_command = "http"
  enable_perfdata = false

  vars.http_address = "{{domain}}"
  vars.http_vhost = "{{domain}}"
  vars.http_port = 443
  vars.http_ssl = true
  vars.http_sni = true
  vars.http_certificate = "10,5"

  groups = [ "certificate" ]

  assign where host.name == "{{host}}"
}

apply Service "dig(4) - {{domain}}" {
  import "generic-service"

  check_command = "dig"
  enable_perfdata = false

  vars.dig_lookup = "{{domain}}"
  vars.dig_record_type = "A"
  vars.dig_expected_address = "{{ hostvars[host].ext_ip4 }}"
  vars.dig_arguments = "+tcp"

  assign where host.address && host.vars.is_dnsserver == "True"
}

apply Service "dig(6) - {{domain}}" {
  import "generic-service"

  check_command = "dig"
  enable_perfdata = false

  vars.dig_lookup = "{{domain}}"
  vars.dig_record_type = "AAAA"
  vars.dig_expected_address = "{{ hostvars[host].ext_ip6 }}"
  vars.dig_arguments = "+tcp"

  assign where host.address && host.vars.is_dnsserver == "True"
}

  {% endfor %}
  {% endif %}

{% endfor %}


{% for domain in global_domains %}

apply Service "CAA record - {{ global_domains[domain].domain }}" {
  import "generic-service"

  check_command = "dig"
  enable_perfdata = false

  vars.dig_lookup = "{{ global_domains[domain].domain }}"
  vars.dig_record_type = "CAA"
  vars.dig_expected_address = "letsencrypt.org"
  vars.dig_arguments = "+tcp"

  assign where host.address && host.vars.is_dnsserver == "True"
}

{% endfor %}


{% for maildomain in mail_domains %}

apply Service "mx record - {{ mail_domains[maildomain].maildomain }}" {
  import "generic-service"

  check_command = "dig"
  enable_perfdata = false

  vars.dig_lookup = "{{ mail_domains[maildomain].maildomain }}"
  vars.dig_record_type = "MX"
  vars.dig_expected_address = "{{ mail_domains[maildomain].mxserver }}"
  vars.dig_arguments = "+tcp"

  groups = [ "mail" ]

  assign where host.address && host.vars.is_dnsserver == "True"
}

apply Service "spf record - {{ mail_domains[maildomain].maildomain }}" {
  import "generic-service"

  check_command = "dig"
  enable_perfdata = false

  vars.dig_lookup = "{{ mail_domains[maildomain].maildomain }}"
  vars.dig_record_type = "TXT"
  vars.dig_expected_address = "{{ mail_domains[maildomain].spf }}"
  vars.dig_arguments = "+tcp"

  groups = [ "mail" ]

  assign where host.address && host.vars.is_dnsserver == "True"
}

  {% if mail_domains[maildomain].dmarc is defined %}

apply Service "DMARC record - {{ mail_domains[maildomain].maildomain }}" {
  import "generic-service"

  check_command = "dig"
  enable_perfdata = false

  vars.dig_lookup = "_dmarc.{{ mail_domains[maildomain].maildomain }}"
  vars.dig_record_type = "TXT"
  vars.dig_expected_address = "{{ mail_domains[maildomain].dmarc }}"
  vars.dig_arguments = "+tcp"

  groups = [ "mail" ]

  assign where host.address && host.vars.is_dnsserver == "True"
}
  {% endif %}

  {% if mail_domains[maildomain].dkim is defined %}
  {% for entry in mail_domains[maildomain].dkim %}

apply Service "DKIM {{entry.selector}} record - {{ mail_domains[maildomain].maildomain }}" {
  import "generic-service"

  check_command = "dig"
  enable_perfdata = false

  vars.dig_lookup = "{{entry.selector}}._domainkey.{{ mail_domains[maildomain].maildomain }}"
  vars.dig_record_type = "TXT"
  vars.dig_expected_address = "{{ entry.value | replace("\"","\\\"") }}"
  vars.dig_arguments = "+tcp"

  groups = [ "mail" ]

  assign where host.address && host.vars.is_dnsserver == "True"
}

  {% endfor %}
  {% endif %}

{% endfor %}