From 5490ae91cd85a65001d3c9df685b935c11e1378d Mon Sep 17 00:00:00 2001
From: Jonas Gunz <himself@jonasgunz.de>
Date: Fri, 21 Jan 2022 14:52:16 +0100
Subject: WIP: Icinga2 improvements

---
 roles/icinga2/tasks/icinga.yml | 41 ++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 40 insertions(+), 1 deletion(-)

(limited to 'roles/icinga2/tasks/icinga.yml')

diff --git a/roles/icinga2/tasks/icinga.yml b/roles/icinga2/tasks/icinga.yml
index ec6fe1e..7acbb47 100644
--- a/roles/icinga2/tasks/icinga.yml
+++ b/roles/icinga2/tasks/icinga.yml
@@ -47,10 +47,49 @@
     - ido-mysql.conf
     - api_users.conf
 
+- name: Install config from git
+  git:
+    dest: '/etc/icinga2/conf.git.d'
+    repo: '{{ icinga.config.git_url }}'
+    version: '{{ icinga.config.git_version }}'
+  become: yes
+  become_user: nagios
+  when: icinga.config.manage | default(false)
+  notify: Restart icinga
+
+- name: Create API certs folder
+  file:
+    state: directory
+    path: /var/lib/icinga2/certs
+    owner: nagios
+    group: nagios
+  become: yes
+
+- name: Install API TLS Key/Certificate
+  copy:
+    remote_src: yes
+    src: '{{ icinga.api_cert[item] }}'
+    dest: '/var/lib/icinga2/certs/{{ ansible_facts.fqdn }}.{{ item }}'
+    owner: nagios
+    group: nagios
+  become: yes
+  loop:
+    - key
+    - crt
+
+- name: Install API TLS CA
+  copy:
+    remote_src: yes
+    src: '{{ icinga.api_cert.ca }}'
+    dest: '/var/lib/icinga2/certs/ca.crt'
+    owner: nagios
+    group: nagios
+  become: yes
+
 - name: Enable features
   file:
     state: link
-    path: '/etc/icinga2/features-available/api.con'
+    path: '/etc/icinga2/features-enabled/api.conf'
     src: '../features-available/api.conf'
     owner: nagios
     group: nagios
-- 
cgit v1.2.3