{% for host in groups['all'] %} {% if hostvars[host].ext_ip4 is defined and hostvars[host].ext_ip6 is defined and hostvars[host].webserver_domains is defined %} {% for domain in hostvars[host].webserver_domains %} apply Service "http_ok - {{domain}}" { import "generic-service" check_command = "http" enable_perfdata = false vars.http_address = "{{domain}}" vars.http_vhost = "{{domain}}" vars.http_port = 80 assign where host.name == "{{host}}" } apply Service "http_301 - {{domain}}" { import "generic-service" check_command = "http" enable_perfdata = false vars.http_address = "{{domain}}" vars.http_vhost = "{{domain}}" vars.http_port = 80 vars.http_expect = "301 Moved Permanently" assign where host.name == "{{host}}" } apply Service "https_ok - {{domain}}" { import "generic-service" check_command = "http" enable_perfdata = false vars.http_address = "{{domain}}" vars.http_vhost = "{{domain}}" vars.http_port = 443 vars.http_ssl = true vars.http_sni = true assign where host.name == "{{host}}" } apply Service "https_cert - {{domain}}" { import "generic-service" check_command = "http" enable_perfdata = false vars.http_address = "{{domain}}" vars.http_vhost = "{{domain}}" vars.http_port = 443 vars.http_ssl = true vars.http_sni = true vars.http_certificate = "10,5" groups = [ "certificate" ] assign where host.name == "{{host}}" } apply Service "dig(4) - {{domain}}" { import "generic-service" check_command = "dig" enable_perfdata = false vars.dig_lookup = "{{domain}}" vars.dig_record_type = "A" vars.dig_expected_address = "{{ hostvars[host].ext_ip4 }}" vars.dig_arguments = "+tcp" assign where host.address && host.vars.is_dnsserver == "True" } apply Service "dig(6) - {{domain}}" { import "generic-service" check_command = "dig" enable_perfdata = false vars.dig_lookup = "{{domain}}" vars.dig_record_type = "AAAA" vars.dig_expected_address = "{{ hostvars[host].ext_ip6 }}" vars.dig_arguments = "+tcp" assign where host.address && host.vars.is_dnsserver == "True" } {% endfor %} {% endif %} {% endfor %} {% for domain in global_domains %} apply Service "CAA record - {{ global_domains[domain].domain }}" { import "generic-service" check_command = "dig" enable_perfdata = false vars.dig_lookup = "{{ global_domains[domain].domain }}" vars.dig_record_type = "CAA" vars.dig_expected_address = "letsencrypt.org" vars.dig_arguments = "+tcp" assign where host.address && host.vars.is_dnsserver == "True" } {% endfor %} {% for maildomain in mail_domains %} apply Service "mx record - {{ mail_domains[maildomain].maildomain }}" { import "generic-service" check_command = "dig" enable_perfdata = false vars.dig_lookup = "{{ mail_domains[maildomain].maildomain }}" vars.dig_record_type = "MX" vars.dig_expected_address = "{{ mail_domains[maildomain].mxserver }}" vars.dig_arguments = "+tcp" groups = [ "mail" ] assign where host.address && host.vars.is_dnsserver == "True" } apply Service "spf record - {{ mail_domains[maildomain].maildomain }}" { import "generic-service" check_command = "dig" enable_perfdata = false vars.dig_lookup = "{{ mail_domains[maildomain].maildomain }}" vars.dig_record_type = "TXT" vars.dig_expected_address = "{{ mail_domains[maildomain].spf }}" vars.dig_arguments = "+tcp" groups = [ "mail" ] assign where host.address && host.vars.is_dnsserver == "True" } {% if mail_domains[maildomain].dmarc is defined %} apply Service "DMARC record - {{ mail_domains[maildomain].maildomain }}" { import "generic-service" check_command = "dig" enable_perfdata = false vars.dig_lookup = "_dmarc.{{ mail_domains[maildomain].maildomain }}" vars.dig_record_type = "TXT" vars.dig_expected_address = "{{ mail_domains[maildomain].dmarc }}" vars.dig_arguments = "+tcp" groups = [ "mail" ] assign where host.address && host.vars.is_dnsserver == "True" } {% endif %} {% if mail_domains[maildomain].dkim is defined %} {% for entry in mail_domains[maildomain].dkim %} apply Service "DKIM {{entry.selector}} record - {{ mail_domains[maildomain].maildomain }}" { import "generic-service" check_command = "dig" enable_perfdata = false vars.dig_lookup = "{{entry.selector}}._domainkey.{{ mail_domains[maildomain].maildomain }}" vars.dig_record_type = "TXT" vars.dig_expected_address = "{{ entry.value | replace("\"","\\\"") }}" vars.dig_arguments = "+tcp" groups = [ "mail" ] assign where host.address && host.vars.is_dnsserver == "True" } {% endfor %} {% endif %} {% endfor %}