From 70382d628f17a679ca3cc6ca7c073374e46a061c Mon Sep 17 00:00:00 2001
From: Tunui Franken <tfranken@protonmail.com>
Date: Sat, 1 Feb 2025 23:49:12 +0100
Subject: [PATCH] Add check for mailserver-pgsql

---
 roles/icinga2_master/tasks/main.yml           | 21 +++++++++++++++++++
 .../zones.d/global-templates/commands.conf.j2 |  6 ++++++
 roles/mailserver_monitoring/tasks/main.yml    | 10 +++++++++
 .../master/services/mailserver.conf.j2        |  9 ++++++++
 4 files changed, 46 insertions(+)
 create mode 100644 roles/icinga2_master/templates/zones.d/global-templates/commands.conf.j2

diff --git a/roles/icinga2_master/tasks/main.yml b/roles/icinga2_master/tasks/main.yml
index 3f7a437..714750d 100644
--- a/roles/icinga2_master/tasks/main.yml
+++ b/roles/icinga2_master/tasks/main.yml
@@ -55,6 +55,27 @@
     - "{{ role_path }}/templates/zones.d/master/*.conf.j2"
   notify: Reload icinga2 service
 
+- name: Create global-templates zone directory
+  become: true
+  ansible.builtin.file:
+    path: /etc/icinga2/zones.d/global-templates
+    state: directory
+    owner: nagios
+    group: nagios
+    mode: 0750
+
+- name: Copy files under global-templates zone directory
+  become: true
+  ansible.builtin.template:
+    src: "{{ item }}"
+    dest: "/etc/icinga2/zones.d/global-templates/{{ item | basename | replace('.j2', '') }}"
+    owner: nagios
+    group: nagios
+    mode: 0644
+  with_fileglob:
+    - "{{ role_path }}/templates/zones.d/global-templates/*.conf.j2"
+  notify: Reload icinga2 service
+
 - name: Create services directory
   become: true
   ansible.builtin.file:
diff --git a/roles/icinga2_master/templates/zones.d/global-templates/commands.conf.j2 b/roles/icinga2_master/templates/zones.d/global-templates/commands.conf.j2
new file mode 100644
index 0000000..23682be
--- /dev/null
+++ b/roles/icinga2_master/templates/zones.d/global-templates/commands.conf.j2
@@ -0,0 +1,6 @@
+# {{ ansible_managed }}
+
+object CheckCommand "sudo_pgsql" {
+    import "pgsql"
+    command = [ "sudo", "-u", "postgres" ] + command
+}
diff --git a/roles/mailserver_monitoring/tasks/main.yml b/roles/mailserver_monitoring/tasks/main.yml
index c670f7a..a89fe54 100644
--- a/roles/mailserver_monitoring/tasks/main.yml
+++ b/roles/mailserver_monitoring/tasks/main.yml
@@ -10,3 +10,13 @@
     group: nagios
     mode: 0644
   notify: Reload icinga2 service
+
+- name: Copy sudoers file for nagios as postgres
+  become: true
+  ansible.builtin.copy:
+    content: 'nagios ALL=(postgres) NOPASSWD:/usr/lib/nagios/plugins/check_pgsql'
+    dest: /etc/sudoers.d/nagios-pgsql
+    owner: root
+    group: root
+    mode: 0440
+    validate: 'visudo -cf %s'
diff --git a/roles/mailserver_monitoring/templates/zones.d/master/services/mailserver.conf.j2 b/roles/mailserver_monitoring/templates/zones.d/master/services/mailserver.conf.j2
index fedd47f..e3ede46 100644
--- a/roles/mailserver_monitoring/templates/zones.d/master/services/mailserver.conf.j2
+++ b/roles/mailserver_monitoring/templates/zones.d/master/services/mailserver.conf.j2
@@ -26,3 +26,12 @@ apply Service "imaps" {
     check_command = "simap"
     assign where host.name == "{{ inventory_hostname }}"
 }
+
+apply Service "mailserver-pgsql" {
+    import "generic-service"
+    check_command = "sudo_pgsql"
+    command_endpoint = host.name
+    assign where host.name == "{{ inventory_hostname }}"
+    vars.pgsql_hostname = "/run/postgresql"
+    vars.pgsql_database = "mailserver"
+}