From f9665d8d838b89bd5c195c74f024e15d728f168c Mon Sep 17 00:00:00 2001
From: Tunui Franken <tfranken@protonmail.com>
Date: Sun, 23 Mar 2025 10:23:25 +0100
Subject: [PATCH] Create ApiUser nagstamon

---
 inventory/host_vars/lime2                       |  8 ++++++++
 roles/icinga2_master/defaults/main.yml          |  1 +
 roles/icinga2_master/tasks/main.yml             | 17 +++++++++++++++++
 .../templates/get_service_states.sh.j2          |  2 +-
 4 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/inventory/host_vars/lime2 b/inventory/host_vars/lime2
index 1fd8fa3..1b1e978 100644
--- a/inventory/host_vars/lime2
+++ b/inventory/host_vars/lime2
@@ -184,5 +184,13 @@ forgejo_git_ssh_keys:
           62383836353065333731373063393930373365616166666465333535363836366539366330363461
           36333865623039386231
 
+nagstamon_pwd: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          35666336396136363938373861336466636638643263303366633961666561333035373337646165
+          3934366566376439653063303864326563343265353962340a333863623661646362623962386536
+          37333633343263396234323334633939316163336365343863626466303230333530626535616436
+          3234613535363966340a663266393035373263623834356138313161356338616335343561333731
+          66363134316331653331633162346662383364303064363936396231363662356432
+
 smart_devices:
   - /dev/mmcblk0
diff --git a/roles/icinga2_master/defaults/main.yml b/roles/icinga2_master/defaults/main.yml
index 039a512..62b476a 100644
--- a/roles/icinga2_master/defaults/main.yml
+++ b/roles/icinga2_master/defaults/main.yml
@@ -4,3 +4,4 @@ icinga2_master: lime2-test
 icinga2_agent: mailserver-test
 icinga2_admin_mail: icinga@tunuifranken.info
 icinga2_notification_from_mail: icinga@tunuifranken.info
+nagstamon_pwd: foo
diff --git a/roles/icinga2_master/tasks/main.yml b/roles/icinga2_master/tasks/main.yml
index ec32a98..5862d8a 100644
--- a/roles/icinga2_master/tasks/main.yml
+++ b/roles/icinga2_master/tasks/main.yml
@@ -97,3 +97,20 @@
     owner: root
     group: root
     mode: 0700
+
+- name: Create nagstamon ApiUser
+  become: true
+  ansible.builtin.blockinfile:
+    path: /etc/icinga2/conf.d/api-users.conf
+    block: |
+      object ApiUser "nagstamon" {
+        password = "{{ nagstamon_pwd }}"
+        permissions = [
+          "objects/query/Host",
+          "objects/query/Service",
+          "actions/reschedule-check",
+          "actions/acknowledge-problem",
+          "actions/schedule-downtime",
+        ]
+      }
+  notify: Reload icinga2 service
diff --git a/roles/icinga2_master/templates/get_service_states.sh.j2 b/roles/icinga2_master/templates/get_service_states.sh.j2
index 4f626cd..97a73e1 100644
--- a/roles/icinga2_master/templates/get_service_states.sh.j2
+++ b/roles/icinga2_master/templates/get_service_states.sh.j2
@@ -5,7 +5,7 @@
 # Command to get current state for all services, including OK
 
 get_state() {
-  curl -ksSu root:"$(awk '/password/ {print $3}' /etc/icinga2/conf.d/api-users.conf | tr -d '"')" \
+  curl -ksSu nagstamon:"$(awk '/password/ {print $3}' /etc/icinga2/conf.d/api-users.conf | tail -n1 | tr -d '"')" \
     'https://localhost:5665/v1/objects/services?attrs=__name&attrs=last_check_result' |
     jq -r '.results[].attrs | "\(.__name) \(.last_check_result.output)"' |
     column -t -l 2 |