diff --git a/manifests/params.pp b/manifests/params.pp
index 98eab3a..47c244e 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -22,6 +22,10 @@
# @param [Integer] ng_u_uid The user ID for the Nagios user. Default is 1004.
# @param [Boolean] ng_include_nrpe Whether to include the NRPE client on the
# Nagios clients. Default is true.
+# @param [Boolean] ng_use_https Whether to configure the Nagios web interface
+# to use HTTPS. Default is false. We recommend using a reverse proxy
+# with SSL termination in front of the Nagios web interface, so this is
+# disabled by default.
###############################################################################
class confdroid_nagios::params (
@@ -40,6 +44,9 @@ class confdroid_nagios::params (
String $ng_u_home = '/home/nagios',
Integer $ng_u_uid = 1004,
+# httpd
+ Boolean $ng_use_https = false,
+
) {
# Default facts
$fqdn = $facts['networking']['fqdn']
@@ -66,6 +73,77 @@ class confdroid_nagios::params (
$ng_cmd_dir = "${ng_spool_dir}/cmd"
$ng_checkresults_dir = "${ng_spool_dir}/checkresults"
+# files
+ $ng_nagios_cfg_file = "${ng_main_dir}/nagios.cfg"
+ $ng_nagios_cfg_erb = 'confdroid_nagios/nagios/nagios_cfg.erb'
+
+## old
+ $ng_main_config = "${ng_main_dir}/nagios.cfg"
+ $ng_cgi_cfg_file = "${ng_main_dir}/cgi.cfg"
+ $ng_cgi_cfg_erb = 'confdroid_nagios/nagios/cgi_cfg.erb'
+ $ng_htpasswd_file = "${ng_main_dir}/passwd"
+ $ng_htpasswd_head = 'confdroid_nagios/nagios/htpasswd_head.erb'
+ $ng_htpasswd_rule = 'confdroid_nagios/nagios/htpasswd_rule.erb'
+ $ng_taccgi_erb = 'confdroid_nagios/selinux/taccgi.erb'
+ $ng_statcgi_erb = 'confdroid_nagios/selinux/statuscgi.erb'
+ $ng_statdat_erb = 'confdroid_nagios/selinux/statusdat.erb'
+ $ng_checknrpe_erb = 'confdroid_nagios/selinux/checknrpe.erb'
+ $ng_checknagios_erb = 'confdroid_nagios/selinux/checknagios.erb'
+ $ng_nagios_conf = '/etc/httpd/conf.d/nagios.conf'
+ $ng_nagios_conf_erb = 'confdroid_nagios/httpd/nagios_conf.erb'
+ $ng_welcome_conf = '/etc/httpd/conf.d/welcome.conf'
+ $ng_welcome_conf_erb = 'confdroid_nagios/httpd/welcome_conf.erb'
+ $ng_forward_conf = '/etc/httpd/conf.d/nagios_forward.conf'
+ $ng_forward_conf_erb = 'confdroid_nagios/httpd/forward_conf.erb'
+ $ng_get_cert_erb = 'confdroid_nagios/certbot/get_cert.erb'
+ $ng_unless_get_cert = 'confdroid_nagios/certbot/unless_get_cert.erb'
+ $ng_unless_renew_erb = 'confdroid_nagios/certbot/unless_renew_cert.erb'
+ $ng_index_html_file = '/var/www/html/index.html'
+ $ng_index_html_erb = 'confdroid_nagios/httpd/index_html.erb'
+ $ng_ssl_vhost_file = '/etc/httpd/conf.d/nagios_ssl.conf'
+ $ng_ssl_vhost_erb = 'confdroid_nagios/httpd/nagios_ssl_vhost.erb'
+ $ng_resource_erb = 'confdroid_nagios/nagios/resource_cfg.erb'
+ $ng_grep_erb = 'confdroid_nagios/selinux/grep.erb'
+
+# certbot
+ $ng_certbot_main_dir = '/etc/letsencrypt'
+ $ng_certbot_archive = "${ng_certbot_main_dir}/archive"
+ $ng_certbot_check = "${ng_certbot_archive}/${ng_webserver_name}/cert1.pem"
+ $ng_certbot_live = "${ng_certbot_main_dir}/live"
+
+# nagios
+ $ng_target_templates = "${ng_conf_d_dir}/nagios_templates.cfg"
+ $ng_templates_head_erb = 'confdroid_nagios/nagios/templates_cfg_head.erb'
+ $ng_templates_rule_erb = 'confdroid_nagios/nagios/templates_cfg_rule.erb'
+ $ng_tgt_timeperiods_base = "${ng_conf_d_dir}/nagios_timeperiods.cfg"
+ $ng_tgt_timep_add = "${ng_conf_d_dir}/nagios_timeperiods_add.cfg"
+ $ng_tgt_timep_head_erb = 'confdroid_nagios/nagios/timeperiods_cfg_head.erb'
+ $ng_tgt_timep_rule_erb = 'confdroid_nagios/nagios/timeperiods_cfg_rule.erb'
+ $ng_target_localhost = "${ng_conf_d_dir}/nagios_localhost.cfg"
+ $ng_target_host = "${ng_conf_d_dir}/nagios_host.cfg"
+ $ng_target_hostgroup_base = "${ng_conf_d_dir}/nagios_hostgroups_base.cfg"
+ $ng_tgt_hostgroup_add = "${ng_conf_d_dir}/nagios_hostgroups_add.cfg"
+ $ng_tgt_hostgrp_head_erb = 'confdroid_nagios/nagios/hostgroups_cfg_head.erb'
+ $ng_tgt_hostgrp_rule_erb = 'confdroid_nagios/nagios/hostgroups_cfg_rule.erb'
+ $ng_target_hostdep = "${ng_conf_d_dir}/nagios_hostdependency.cfg"
+ $ng_target_hostesc = "${ng_conf_d_dir}/nagios_hostescalation.cfg"
+ $ng_target_hostext = "${ng_conf_d_dir}/nagios_hostextinfo.cfg"
+ $ng_target_service = "${ng_conf_d_dir}/nagios_service.cfg"
+ $ng_target_svcgrp_base = "${ng_conf_d_dir}/nagios_servicegroups_base.cfg"
+ $ng_tgt_servicegroup_add = "${ng_conf_d_dir}/nagios_servicegroups_add.cfg"
+ $ng_tgt_svcgrp_head_erb = 'confdroid_nagios/nagios/svcgroups_cfg_head.erb'
+ $ng_tgt_svcgrp_rule_erb = 'confdroid_nagios/nagios/svcgroups_cfg_rule.erb'
+ $ng_target_base_contact = "${ng_conf_d_dir}/nagios_contact_base.cfg"
+ $ng_target_add_contact = "${ng_conf_d_dir}/nagios_contact_add.cfg"
+ $ng_contacts_head_erb = 'confdroid_nagios/nagios/contacts_cfg_head.erb'
+ $ng_contacts_rule_erb = 'confdroid_nagios/nagios/contacts_cfg_rule.erb'
+ $ng_tgt_contactgroup_base = "${ng_conf_d_dir}/nagios_contactgroup_base.cfg"
+ $ng_tgt_contactgroup_add = "${ng_conf_d_dir}/nagios_contactgroup_add.cfg"
+ $ng_cntctgrps_head_erb = 'confdroid_nagios/nagios/contactgroups_cfg_head.erb'
+ $ng_cntctgrps_rule_erb = 'confdroid_nagios/nagios/contactgroups_cfg_rule.erb'
+ $ng_target_command = "${ng_conf_d_dir}/nagios_commands_base.cfg"
+ $ng_nagios_service_cmd = 'check_nagios!/var/log/nagios/status.dat!5!/usr/sbin/nagios'
+
# includes must be last
include confdroid_nagios::main::config
}
diff --git a/manifests/server/files.pp b/manifests/server/files.pp
index c58ef94..56024c5 100644
--- a/manifests/server/files.pp
+++ b/manifests/server/files.pp
@@ -1,13 +1,19 @@
## confdroid_nagios::server::files.pp
# Module name: confdroid_nagios
# Author: 12ww1160 (12ww1160@confdroid.com)
-# @summary Class manages server file configuration for the confdroid_nagios module.
+# @summary Class manages configuration files for the confdroid_nagios module.
###############################################################################
class confdroid_nagios::server::files (
) inherits confdroid_nagios::params {
require confdroid_nagios::main::dirs
-# if $ng_nagios_server == $fqdn {
-# #config here
-# }
+ if $ng_nagios_server == $fqdn {
+ file { $ng_nagios_cfg_file:
+ ensure => file,
+ owner => $ng_user,
+ group => $ng_user,
+ mode => '0644',
+ content => template($ng_nagios_cfg_erb),
+ }
+ }
}
diff --git a/manifests/server/nagios.pp b/manifests/server/nagios.pp
new file mode 100644
index 0000000..29f3e21
--- /dev/null
+++ b/manifests/server/nagios.pp
@@ -0,0 +1,10 @@
+## confdroid_nagios::server::nagios.pp
+# Module name: confdroid_nagios
+# Author: 12ww1160 (12ww1160@confdroid.com)
+# @summary Class manages nagios resources for the confdroid_nagios module.
+###############################################################################
+class confdroid_nagios::server::nagios (
+
+) inherits confdroid_nagios::params {
+ # config here
+}
diff --git a/templates/certbot/get_cert.erb b/templates/certbot/get_cert.erb
new file mode 100644
index 0000000..1936aa4
--- /dev/null
+++ b/templates/certbot/get_cert.erb
@@ -0,0 +1 @@
+certbot certonly -t -n --agree-tos --webroot -w <%= @ng_certbot_webroot %>/ -d <%= @ng_webserver_name %> --email <%= @ng_mail_user %>
diff --git a/templates/certbot/unless_get_cert.erb b/templates/certbot/unless_get_cert.erb
new file mode 100644
index 0000000..bc8ce29
--- /dev/null
+++ b/templates/certbot/unless_get_cert.erb
@@ -0,0 +1,4 @@
+#!/bin/bash
+<% if @ng_enable_certbot == true %>
+test -d /etc/letsencrypt/archive/<%= @ng_nagios_server %>
+<% end %>
diff --git a/templates/certbot/unless_renew_cert.erb b/templates/certbot/unless_renew_cert.erb
new file mode 100644
index 0000000..6ebb22d
--- /dev/null
+++ b/templates/certbot/unless_renew_cert.erb
@@ -0,0 +1,7 @@
+#!/bin/bash
+<% if @ng_enable_certbot == true %>
+case `find /etc/letsencrypt/renewal -type f -name "<%= @ng_nagios_server %>.conf" -mtime +80` in
+ '') echo 'No filename found' exit 0 ;;
+ *) echo 'Found filename' exit 1 ;;
+esac
+<% end %>
diff --git a/templates/httpd/forward_conf.erb b/templates/httpd/forward_conf.erb
new file mode 100644
index 0000000..db5ffc6
--- /dev/null
+++ b/templates/httpd/forward_conf.erb
@@ -0,0 +1,96 @@
+>
+ ServerAdmin root@localhost
+ DocumentRoot /var/www/html
+ ServerName www.<%= @ng_webserver_name %>/nagios
+ ServerAlias <%= @ng_webserver_name %>
+<% if @ng_use_https == true -%>
+ Redirect permanent / https://<%= @ng_webserver_name %>/
+<% end -%>
+<% if @ng_use_https != true -%>
+
+ScriptAlias /nagios/cgi-bin/ "/usr/lib64/nagios/cgi-bin/"
+
+
+<% if @ng_use_https == true -%>
+ SSLRequireSSL
+<% else -%>
+# SSLRequireSSL
+<% end -%>
+ Options ExecCGI
+ AllowOverride None
+ = 2.3>
+
+ Require all granted
+<% unless @ng_required_hosts.empty? -%>
+ Require host <%= @ng_required_hosts %>
+<% end -%>
+<% unless @ng_required_ips.empty? -%>
+ Require ip <%= @ng_required_ips %>
+<% end -%>
+ AuthName "Nagios Access"
+ AuthType Basic
+ AuthUserFile /etc/nagios/passwd
+ Require valid-user
+
+
+
+ Order allow,deny
+<% unless @ng_required_hosts.empty? -%>
+ Allow from <%= @ng_required_hosts %>
+<% end -%>
+<% unless @ng_required_ips.empty? -%>
+ Allow from <%= @ng_required_ips %>
+<% end -%>
+ AuthName "Nagios Access"
+ AuthType Basic
+ AuthUserFile /etc/nagios/passwd
+ Require valid-user
+
+
+
+Alias /nagios "/usr/share/nagios/html"
+
+
+<% if @ng_use_https == true -%>
+ SSLRequireSSL
+<% else -%>
+# SSLRequireSSL
+<% end -%>
+ Options None
+ AllowOverride None
+ = 2.3>
+
+ Require all granted
+<% unless @ng_required_hosts.empty? -%>
+ Require host <%= @ng_required_hosts %>
+<% end -%>
+<% unless @ng_required_ips.empty? -%>
+ Require ip <%= @ng_required_ips %>
+<% end -%>
+ AuthName "Nagios Access"
+ AuthType Basic
+ AuthUserFile /etc/nagios/passwd
+ Require valid-user
+
+
+
+ Order allow,deny
+<% unless @ng_required_hosts.empty? -%>
+ Allow from <%= @ng_required_hosts %>
+<% end -%>
+<% unless @ng_required_ips.empty? -%>
+ Allow from <%= @ng_required_ips %>
+<% end -%>
+ AuthName "Nagios Access"
+ AuthType Basic
+ AuthUserFile /etc/nagios/passwd
+ Require valid-user
+
+
+<% end -%>
+
+ AllowOverride All
+
+ ErrorLog /var/log/httpd/<%= @ng_webserver_name %>-error_log
+ CustomLog /var/log/httpd/<%= @ng_webserver_name %>-access_log common
+
diff --git a/templates/httpd/index_html.erb b/templates/httpd/index_html.erb
new file mode 100644
index 0000000..e69de29
diff --git a/templates/httpd/nagios_ssl_vhost.erb b/templates/httpd/nagios_ssl_vhost.erb
new file mode 100644
index 0000000..9adab84
--- /dev/null
+++ b/templates/httpd/nagios_ssl_vhost.erb
@@ -0,0 +1,126 @@
+###############################################################################
+##### virtual_host file created by puppet, changes will be overwritten ######
+###############################################################################
+
+>
+
+ ServerAdmin root@localhost
+ DocumentRoot /var/www/html
+ ServerName <%= @ng_webserver_name %>
+ ServerAlias <%= @ng_webserver_name %>
+ ErrorLog /var/log/httpd/nagios_ssl_error_log
+# ErrorLog syslog:local1
+ TransferLog /var/log/httpd/nagios_ssl_transfer_log
+ LogLevel warn
+
+ SSLEngine on
+ SSLProtocol all -SSLv2 -SSLv3
+ SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
+
+<% if @ng_enable_certbot == true -%>
+ SSLCertificateFile <%= @ng_certbot_live %>/<%= @ng_webserver_name %>/cert.pem
+ SSLCertificateKeyFile <%= @ng_certbot_live %>/<%= @ng_webserver_name %>/privkey.pem
+ SSLCACertificateFile <%= @ng_certbot_live %>/<%= @ng_webserver_name %>/fullchain.pem
+<% elsif @ng_enable_certbot != true -%>
+ SSLCertificateFile /etc/pki/tls/certs/localhost.crt
+ SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
+ #SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
+<% end -%>
+
+ SSLOptions +StdEnvVars
+
+
+ SSLOptions +StdEnvVars
+
+
+ScriptAlias /nagios/cgi-bin/ "/usr/lib64/nagios/cgi-bin/"
+
+
+<% if @ng_use_https == true -%>
+ SSLRequireSSL
+<% else -%>
+# SSLRequireSSL
+<% end -%>
+ Options ExecCGI
+ AllowOverride None
+ = 2.3>
+
+ Require all granted
+<% unless @ng_required_hosts.empty? -%>
+ Require host <%= @ng_required_hosts %>
+<% end -%>
+<% unless @source_range.empty? -%>
+ Require ip <%= @source_range %>
+<% end -%>
+ AuthName "Nagios Access"
+ AuthType Basic
+ AuthUserFile /etc/nagios/passwd
+ Require valid-user
+
+
+
+ Order allow,deny
+<% unless @ng_required_hosts.empty? -%>
+ Allow from <%= @ng_required_hosts %>
+<% end -%>
+<% unless @source_range.empty? -%>
+ Allow from <%= @source_range %>
+<% end -%>
+ AuthName "Nagios Access"
+ AuthType Basic
+ AuthUserFile /etc/nagios/passwd
+ Require valid-user
+
+
+
+Alias /nagios "/usr/share/nagios/html"
+
+
+<% if @ng_use_https == true -%>
+ SSLRequireSSL
+<% else -%>
+# SSLRequireSSL
+<% end -%>
+ Options None
+ AllowOverride None
+ = 2.3>
+
+ Require all granted
+<% unless @ng_required_hosts.empty? -%>
+ Require host <%= @ng_required_hosts %>
+<% end -%>
+<% unless @source_range.empty? -%>
+ Require ip <%= @source_range %>
+<% end -%>
+ AuthName "Nagios Access"
+ AuthType Basic
+ AuthUserFile /etc/nagios/passwd
+ Require valid-user
+
+
+
+ Order allow,deny
+<% unless @ng_required_hosts.empty? -%>
+ Allow from <%= @ng_required_hosts %>
+<% end -%>
+<% unless @source_range.empty? -%>
+ Allow from <%= @source_range %>
+<% end -%>
+ AuthName "Nagios Access"
+ AuthType Basic
+ AuthUserFile /etc/nagios/passwd
+ Require valid-user
+
+
+
+RedirectMatch ^/$ https://<%= @ng_webserver_name %>/nagios
+
+ SetEnvIf User-Agent ".*MSIE.*" \
+ nokeepalive ssl-unclean-shutdown \
+ downgrade-1.0 force-response-1.0
+
+
+ CustomLog logs/ssl_request_log \
+ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+
diff --git a/templates/nagios/cgi_cfg.erb b/templates/nagios/cgi_cfg.erb
new file mode 100644
index 0000000..99865ea
--- /dev/null
+++ b/templates/nagios/cgi_cfg.erb
@@ -0,0 +1,90 @@
+###############################################################################
+########## parameterized cgi.cfg created by Puppet ##########
+########## manual changes will be overwritten !!! ##########
+###############################################################################
+
+main_config_file=<%= @ng_main_config %>
+physical_html_path=<%= @ng_share_html %>
+
+url_html_path=/nagios
+
+show_context_help=<%= @ng_context_help %>
+use_pending_states=<%= @ng_pending_state %>
+use_authentication=<%= @ng_use_auth %>
+use_ssl_authentication=<%= @ng_use_ssl_auth %>
+
+<% if @ng_enable_def_user == true -%>
+default_user_name=<%= @ng_def_user_name %>
+<% else -%>
+#default_user_name=guest
+<% end -%>
+
+authorized_for_system_information=<%= @ng_nagios_admin %>,<%= @ng_sysinfo_auth %>
+authorized_for_configuration_information=<%= @ng_nagios_admin %>,<%= @ng_confinfo_auth %>
+authorized_for_system_commands=<%= @ng_nagios_admin %>,<%= @ng_command_auth %>
+authorized_for_all_services=<%= @ng_nagios_admin %>,<%= @ng_serviceview_auth %>
+authorized_for_all_hosts=<%= @ng_nagios_admin %>,<%= @ng_hostview_auth %>
+authorized_for_all_service_commands=<%= @ng_nagios_admin %>,<%= @ng_svc_cmd_auth %>
+authorized_for_all_host_commands=<%= @ng_nagios_admin %>,<%= @ng_host_cmd_auth %>
+authorized_for_read_only=<%= @ng_readonly_auth %>
+
+statusmap_background_image=<%= @ng_statusmap_img %>
+
+<% if @ng_use_colormap == true -%>
+color_transparency_index_r=<%= @ng_colormap_red %>
+color_transparency_index_g=<%= @ng_colormap_green %>
+color_transparency_index_b=<%= @ng_colormap_blue %>
+<% else -%>
+#color_transparency_index_r=255
+#color_transparency_index_g=255
+#color_transparency_index_b=255
+<% end -%>
+
+default_statusmap_layout=<%= @ng_statusmap_layout%>
+default_statuswrl_layout=<%= @ng_wrl_layout %>
+
+<% if @ng_incl_own_wrl == true -%>
+statuswrl_include=<%= @ng_statuswrl_include %>
+<% else -%>
+#statuswrl_include=myworld.wrl
+<% end -%>
+
+ping_syntax=<%= @ng_ping_syntax %>
+refresh_rate=<%= @ng_refresh_rate %>
+result_limit=1<%= @ng_result_limit %>
+escape_html_tags=<%= @ng_escape_html %>
+
+<% if @ng_use_sound == true -%>
+host_unreachable_sound=<%= @ng_host_unreachable %>
+host_down_sound=<%= @ng_host_down %>
+service_critical_sound=<%= @ng_svc_critical %>
+service_warning_sound=<%= @ng_svc_warn %>
+service_unknown_sound=<%= @ng_svc_unknown %>
+normal_sound=<%= @ng_normal_sound %>
+<% else -%>
+#host_unreachable_sound=hostdown.wav
+#host_down_sound=hostdown.wav
+#service_critical_sound=critical.wav
+#service_warning_sound=warning.wav
+#service_unknown_sound=warning.wav
+#normal_sound=noproblem.wav
+<% end -%>
+
+action_url_target=<%= @ng_action_url_target %>
+notes_url_target=<%= @ng_notes_url_target %>
+
+lock_author_names=<%= @ng_lock_author_names %>
+
+<% if @ng_enable_splunk -%>
+enable_splunk_integration=1
+splunk_url=<%= @ng_splunk_url %>
+<% else -%>
+enable_splunk_integration=0
+#splunk_url=http://127.0.0.1:8000/
+<% end -%>
+
+navbar_search_for_addresses=<%= @ng_navbar_addresses %>
+navbar_search_for_aliases=<%= @ng_navbar_aliases %>
+
+ack_no_sticky=<%= @ng_ack_no_sticky %>
+ack_no_send=<%= @ng_ack_no_send %>
diff --git a/templates/nagios/contactgroups_cfg_head.erb b/templates/nagios/contactgroups_cfg_head.erb
new file mode 100644
index 0000000..a6e304f
--- /dev/null
+++ b/templates/nagios/contactgroups_cfg_head.erb
@@ -0,0 +1,6 @@
+###############################################################################
+########## nagios_add_contactgroups.cfg created by Puppet ##########
+########## manual changes are overwritten! ##########
+###############################################################################
+
+# rules are created below by external puppet rules.
diff --git a/templates/nagios/contactgroups_cfg_rule.erb b/templates/nagios/contactgroups_cfg_rule.erb
new file mode 100644
index 0000000..a3c7d4c
--- /dev/null
+++ b/templates/nagios/contactgroups_cfg_rule.erb
@@ -0,0 +1,6 @@
+
+define contactgroup {
+ contactgroup_name <%= @ng_contactgroup_name %>
+ alias <%= @ng_contactgroup_alias %>
+ register <%= @ng_contactgroup_register %>
+ }
diff --git a/templates/nagios/contacts_cfg_head.erb b/templates/nagios/contacts_cfg_head.erb
new file mode 100644
index 0000000..c357ffc
--- /dev/null
+++ b/templates/nagios/contacts_cfg_head.erb
@@ -0,0 +1,8 @@
+###############################################################################
+########## nagios_add_contact.cfg created by Puppet ##########
+########## manual changes are overwritten! ##########
+###############################################################################
+########## Full reference file available at ##########
+########## https://confdroid.com/2017/07/nagios-contacts-cfg/ ##########
+###############################################################################
+# rules are created below by external puppet rules.
diff --git a/templates/nagios/contacts_cfg_rule.erb b/templates/nagios/contacts_cfg_rule.erb
new file mode 100644
index 0000000..356fa67
--- /dev/null
+++ b/templates/nagios/contacts_cfg_rule.erb
@@ -0,0 +1,8 @@
+
+define contact {
+ contact_name <%= @ng_contact_name %>
+ use <%= @ng_contact_use %>
+ alias <%= @ng_contact_alias %>
+ email <%= @ng_contact_email %>
+ contactgroups <%= @ng_contact_groups %>
+ }
diff --git a/templates/nagios/hostgroups_cfg_head.erb b/templates/nagios/hostgroups_cfg_head.erb
new file mode 100644
index 0000000..acfbb87
--- /dev/null
+++ b/templates/nagios/hostgroups_cfg_head.erb
@@ -0,0 +1,5 @@
+###############################################################################
+########## nagios_hostgroups_add.cfg created by Puppet ##########
+########## manual changes are overwritten! ##########
+###############################################################################
+# rules are created below by external puppet rules.
diff --git a/templates/nagios/hostgroups_cfg_rule.erb b/templates/nagios/hostgroups_cfg_rule.erb
new file mode 100644
index 0000000..70b27e3
--- /dev/null
+++ b/templates/nagios/hostgroups_cfg_rule.erb
@@ -0,0 +1,6 @@
+
+define hostgroup {
+ hostgroup_name <%= @ng_hostgroup_name %>
+ alias <%= @ng_hostgroup_alias %>
+ register <%= @ng_hostgroup_register %>
+ }
diff --git a/templates/nagios/htpasswd_rule.erb b/templates/nagios/htpasswd_rule.erb
new file mode 100644
index 0000000..a7e7d87
--- /dev/null
+++ b/templates/nagios/htpasswd_rule.erb
@@ -0,0 +1 @@
+<%= @ng_htpasswd_user %>:<%= @ng_htpasswd_password %>
diff --git a/templates/nagios/nagios_cfg.erb b/templates/nagios/nagios_cfg.erb
new file mode 100644
index 0000000..3e671c0
--- /dev/null
+++ b/templates/nagios/nagios_cfg.erb
@@ -0,0 +1,214 @@
+################################################################################
+##### nagios.cfg created by Puppet | manual changes will be overwritten #####
+################################################################################
+
+log_file=<%= @ng_log_file %>
+
+cfg_dir=<%= @ng_conf_d_dir %>
+
+object_cache_file=<%= @ng_object_cache_file %>
+
+precached_object_file=<%= @ng_precached_obj_file %>
+
+resource_file=<%= @ng_resource_file %>
+
+status_file=<%= @ng_status_file %>
+
+status_update_interval=<%= @ng_status_upd_interval %>
+
+nagios_user=<%= @ng_user %>
+nagios_group=<%= @ng_user %>
+
+check_external_commands=<%= @ng_check_ext_commands %>
+command_file=<%= @ng_command_file %>
+
+<% if @ng_enable_query_handler == true -%>
+query_socket=<%= @ng_query_socket %>
+<% end -%>
+
+lock_file=<%= @ng_lock_file %>
+temp_file=<%= @ng_temp_file %>
+temp_path=<%= @ng_temp_path %>
+
+event_broker_options=<%= @ng_event_broker_options %>
+
+<% unless @ng_event_broker_module.empty? -%>
+<% @ng_event_broker_module.each do |broker_module| -%>
+broker_module=<%= broker_module %>
+<% end end -%>
+
+log_rotation_method=<%= @ng_log_rotation_method %>
+log_archive_path=<%= @ng_log_archive_path %>
+use_syslog=<%= @ng_use_syslog %>
+log_notifications=<%= @ng_log_notifications %>
+log_service_retries=<%= @ng_log_service_retries %>
+log_host_retries=<%= @ng_log_host_retries %>
+log_event_handlers=<%= @ng_log_event_handlers %>
+log_initial_states=<%= @ng_log_initial_states %>
+log_current_states=<%= @ng_log_current_states %>
+log_external_commands=<%= @ng_log_external_commands %>
+log_passive_checks=<%= @ng_log_passive_checks %>
+
+<% unless @ng_glob_host_evt_handler.empty? -%>
+<% @ng_glob_host_evt_handler.each do |global_host_event_handler| -%>
+global_host_event_handler=<%= @ng_glob_host_evt_handler %>
+<% end end -%>
+<% unless @ng_glob_svc_evt_handler.empty? -%>
+<% @ng_glob_svc_evt_handler.each do |global_service_event_handler| -%>
+global_service_event_handler=<%= @ng_glob_svc_evt_handler %>
+<% end end -%>
+
+service_inter_check_delay_method=<%= @ng_svc_int_check_delay %>
+max_service_check_spread=<%= @ng_max_svc_check_spread %>
+service_interleave_factor=<%= @ng_svc_interleave_factor %>
+
+host_inter_check_delay_method=<%= @ng_host_int_check_delay %>
+max_host_check_spread=<%= @ng_max_host_check_spread %>
+
+max_concurrent_checks=<%= @ng_max_concurrent_checks %>
+check_result_reaper_frequency=<%= @ng_check_res_reaper_freq %>
+max_check_result_reaper_time=<%= @ng_max_check_res_reap_time %>
+
+check_result_path=<%= @ng_check_result_path %>
+max_check_result_file_age=<%= @ng_max_check_res_file_age %>
+cached_host_check_horizon=<%= @ng_cached_h_check_horizon %>
+cached_service_check_horizon=<%= @ng_cached_s_check_horizon %>
+
+enable_predictive_host_dependency_checks=<%= @ng_pred_host_dep_checks %>
+enable_predictive_service_dependency_checks=<%= @ng_pred_svc_dep_checks %>
+
+soft_state_dependencies=<%= @ng_soft_state_dependencies %>
+
+time_change_threshold=<%= @ng_time_change_threshold %>
+
+auto_reschedule_checks=<%= @ng_auto_reschedule_checks %>
+auto_rescheduling_interval=<%= @ng_auto_reschedule_intval %>
+auto_rescheduling_window=<%= @ng_auto_reschedule_window %>
+
+service_check_timeout=<%= @ng_service_check_timeout %>
+host_check_timeout=<%= @ng_host_check_timeout %>
+event_handler_timeout=<%= @ng_event_handler_timeout %>
+notification_timeout=<%= @ng_notification_timeout %>
+ocsp_timeout=<%= @ng_ocsp_timeout %>
+perfdata_timeout=<%= @ng_perfdata_timeout %>
+
+retain_state_information=<%= @ng_retain_state_inf %>
+state_retention_file=<%= @ng_state_retention_file %>
+retention_update_interval=<%= @ng_retention_update_intval %>
+use_retained_program_state=<%= @ng_use_ret_program_state %>
+use_retained_scheduling_info=<%= @ng_use_ret_scheduling_info %>
+retained_host_attribute_mask=<%= @ng_ret_host_attr_mask %>
+retained_service_attribute_mask=<%= @ng_ret_service_attr_mask %>
+retained_process_host_attribute_mask=<%= @ng_ret_proc_host_attr_mask %>
+retained_process_service_attribute_mask=<%= @ng_ret_proc_svc_attr_mask %>
+retained_contact_host_attribute_mask=<%= @ng_ret_contact_h_attr_mask %>
+retained_contact_service_attribute_mask=<%= @ng_ret_contact_s_attr_mask %>
+
+interval_length=<%= @ng_interval_length %>
+check_for_updates=<%= @ng_check_for_updates %>
+bare_update_check=<%= @ng_bare_update_check %>
+
+use_aggressive_host_checking=<%= @ng_use_aggr_host_checking %>
+execute_service_checks=<%= @ng_execute_service_checks %>
+accept_passive_service_checks=<%= @ng_accept_pass_svc_checks %>
+execute_host_checks=<%= @ng_execute_host_checks %>
+accept_passive_host_checks=<%= @ng_accept_pass_host_checks %>
+
+enable_notifications=<%= @ng_enable_notifications %>
+enable_event_handlers=<%= @ng_enable_event_handlers %>
+process_performance_data=<%= @ng_process_perf_data %>
+
+<% if @ng_process_perf_data == '1' -%>
+host_perfdata_command=<%= @ng_host_perfdata_command %>
+service_perfdata_command=<%= @ng_svc_perfdata_command %>
+host_perfdata_file=<%= @ng_host_perfdata_file %>
+service_perfdata_file=<%= @ng_service_perfdata_file %>
+host_perfdata_file_template=<%= @ng_host_perfdata_template %>
+service_perfdata_file_template=<%= @ng_svc_perfdata_template %>
+host_perfdata_file_mode=<%= @ng_host_perfdata_file_mode %>
+service_perfdata_file_mode=<%= @ng_svc_perfdata_file_mode %>
+host_perfdata_file_processing_interval=<%= @ng_h_perfdata_proc_intval %>
+service_perfdata_file_processing_interval=<%= @ng_s_perfdata_proc_intval %>
+host_perfdata_file_processing_command=<%= @ng_h_perfdata_proc_cmd %>
+service_perfdata_file_processing_command=<%= @ng_s_perfdata_proc_cmd %>
+host_perfdata_process_empty_results=<%= @ng_h_perfdata_proc_e_res %>
+service_perfdata_process_empty_results=<%= @ng_s_perfdata_proc_e_res %>
+<% end -%>
+
+obsess_over_services=<%= @ng_obsess_over_services %>
+<% if @ng_obsess_over_services == '1' -%>
+ocsp_command=<%= @ng_ocsp_command %>
+<% end -%>
+
+obsess_over_hosts=<%= @ng_obsess_over_hosts %>
+<% if @ng_obsess_over_hosts == '1' -%>
+ochp_command=<%= @ng_ochp_command %>
+<% end -%>
+
+translate_passive_host_checks=<%= @ng_translate_pass_h_checks %>
+
+passive_host_checks_are_soft=<%= @ng_pass_h_checks_are_soft %>
+
+check_for_orphaned_services=<%= @ng_check_orphaned_svc %>
+check_for_orphaned_hosts=<%= @ng_check_orphaned_hosts %>
+
+check_service_freshness=<%= @ng_check_service_freshness %>
+<% if @ng_check_service_freshness == '1' -%>
+service_freshness_check_interval=<%= @ng_svc_fresh_check_intval %>
+<% end -%>
+
+service_check_timeout_state=<%= @ng_svc_check_timeout_state %>
+
+check_host_freshness=<%= @ng_check_host_freshness %>
+<% if @ng_check_host_freshness == '1' -%>
+host_freshness_check_interval=<%= @ng_host_fresh_check_intval %>
+<% end -%>
+
+additional_freshness_latency=<%= @ng_add_freshness_latency %>
+
+enable_flap_detection=<%= @ng_enable_flap_detection %>
+<% if @ng_enable_flap_detection == '1' -%>
+low_service_flap_threshold=<%= @ng_low_svc_flap_threshold %>
+high_service_flap_threshold=<%= @ng_high_svc_flap_threshold %>
+low_host_flap_threshold=<%= @ng_low_h_flap_threshold %>
+high_host_flap_threshold=<%= @ng_high_h_flap_threshold %>
+<% end -%>
+
+date_format=<%= @ng_date_format %>
+
+<% if @ng_use_timezone_offset == true -%>
+use_timezone=<%= @ng_use_timezone %>
+<% end -%>
+
+illegal_object_name_chars=<%= @ng_illegal_obj_name_chars %>
+illegal_macro_output_chars=<%= @ng_ill_macro_output_chars %>
+
+use_regexp_matching=<%= @ng_use_regexp_matching %>
+use_true_regexp_matching=<%= @ng_true_regexp_matching %>
+
+admin_email=<%= @ng_mail_user %>
+admin_pager=<%= @ng_page_user %>
+
+daemon_dumps_core=<%= @ng_daemon_dumps_core %>
+
+use_large_installation_tweaks=<%= @ng_use_large_inst_tweaks %>
+enable_environment_macros=<%= @ng_enable_env_macros %>
+
+free_child_process_memory=<%= @ng_free_child_process_mem %>
+child_processes_fork_twice=<%= @ng_child_proc_fork_twice %>
+
+debug_level=<%= @ng_debug_level %>
+debug_verbosity=<%= @ng_debug_verbosity %>
+debug_file=<%= @ng_debug_file %>
+max_debug_file_size=<%= @ng_max_debug_file_size %>
+
+allow_empty_hostgroup_assignment=<%= @ng_allow_empty_hostgroups %>
+<% unless @ng_check_workers.empty? -%>
+check_workers=<%= @ng_check_workers %>
+<% end -%>
+
+host_down_disable_service_checks=<%= @ng_host_down_svc_checks %>
+
+<% if @ng_enable_load_ctl_options == true -%>
+loadctl_options=<%= @ng_loadctl_options %>
+<% end -%>
diff --git a/templates/nagios/resource_cfg.erb b/templates/nagios/resource_cfg.erb
new file mode 100644
index 0000000..cc1a6f6
--- /dev/null
+++ b/templates/nagios/resource_cfg.erb
@@ -0,0 +1,5 @@
+################################################################################
+##### resource.cfg created by Puppet | manual changes will be overwritten #####
+################################################################################
+
+# $user$ arguments are created below through defines.
diff --git a/templates/nagios/resource_cfg_rule.erb b/templates/nagios/resource_cfg_rule.erb
new file mode 100644
index 0000000..f7e1363
--- /dev/null
+++ b/templates/nagios/resource_cfg_rule.erb
@@ -0,0 +1,3 @@
+
+# <%= @ng_user_arg_comment %>
+$<%= @ng_user_arg_name %>$=<%= @ng_user_arg_value %>
diff --git a/templates/nagios/svcgroups_cfg_head.erb b/templates/nagios/svcgroups_cfg_head.erb
new file mode 100644
index 0000000..7612129
--- /dev/null
+++ b/templates/nagios/svcgroups_cfg_head.erb
@@ -0,0 +1,5 @@
+###############################################################################
+########## nagios_servicegroups_add.cfg created by Puppet ##########
+########## manual changes are overwritten! ##########
+###############################################################################
+# rules are created below by external puppet rules.
diff --git a/templates/nagios/svcgroups_cfg_rule.erb b/templates/nagios/svcgroups_cfg_rule.erb
new file mode 100644
index 0000000..4d5e62b
--- /dev/null
+++ b/templates/nagios/svcgroups_cfg_rule.erb
@@ -0,0 +1,6 @@
+
+define servicegroup {
+ servicegroup_name <%= @ng_servicegroup_name %>
+ alias <%= @ng_servicegroup_alias %>
+ register <%= @ng_servicegroup_register %>
+ }
diff --git a/templates/nagios/templates_cfg_head.erb b/templates/nagios/templates_cfg_head.erb
new file mode 100644
index 0000000..1f8dfc3
--- /dev/null
+++ b/templates/nagios/templates_cfg_head.erb
@@ -0,0 +1,5 @@
+###############################################################################
+### nagios_templates.cfg created by Puppet | manual changes are overwritten!###
+###############################################################################
+
+# rules are created below by external puppet rules.
diff --git a/templates/nagios/templates_cfg_rule.erb b/templates/nagios/templates_cfg_rule.erb
new file mode 100644
index 0000000..7daa9ef
--- /dev/null
+++ b/templates/nagios/templates_cfg_rule.erb
@@ -0,0 +1,133 @@
+
+<% if @ng_template_object == 'contact' -%>
+define <%= @ng_template_object %>{
+ name <%= @ng_template_object_name %>
+ service_notification_period <%= @ng_svc_notification_period %>
+ host_notification_period <%= @ng_host_notification_period %>
+ service_notification_options <%= @ng_service_notification_options %>
+ host_notification_options <%= @ng_host_notification_options %>
+ service_notification_commands <%= @ng_service_notification_commands %>
+ host_notification_commands <%= @ng_host_notification_commands %>
+ register <%= @ng_object_register %>
+ }
+<% elsif @ng_template_object == 'host' -%>
+<% if @ng_template_object_name == 'generic-host' -%>
+define <%= @ng_template_object %>{
+ name <%= @ng_template_object_name %>
+ notifications_enabled <%= @ng_notifications_enabled %>
+ event_handler_enabled <%= @ng_event_handler_enabled %>
+ flap_detection_enabled <%= @ng_flap_detection_enabled %>
+ process_perf_data <%= @ng_process_perf_data %>
+ retain_status_information <%= @ng_retain_status_information %>
+ retain_nonstatus_information <%= @ng_retain_nonstatus_information %>
+ notification_period <%= @ng_notification_period %>
+ notification_options <%= @ng_host_notification_options %>
+ register <%= @ng_object_register %>
+ }
+<% end -%>
+<% if @ng_template_object_name == 'linux-server' -%>
+define <%= @ng_template_object %>{
+ name <%= @ng_template_object_name %>
+ use <%= @ng_template_object_use %>
+ check_period <%= @ng_check_period %>
+ check_interval <%= @ng_check_interval %>
+ retry_interval <%= @ng_retry_interval %>
+ max_check_attempts <%= @ng_ng_max_check_attempts %>
+ check_command <%= @ng_host_check_command %>
+ notification_period <%= @ng_notification_period %>
+ notification_interval <%= @ng_notification_interval %>
+ notification_options <%= @ng_notification_options %>
+ contact_groups <%= @ng_contact_groups %>
+ hostgroups linux-servers
+ register <%= @ng_object_register %>
+ }
+<% end -%>
+<% if @ng_template_object_name == 'windows-server' -%>
+define <%= @ng_template_object %>{
+ name <%= @ng_template_object_name %>
+ use <%= @ng_template_object_use %>
+ check_period <%= @ng_check_period %>
+ check_interval <%= @ng_check_interval %>
+ retry_interval <%= @ng_retry_interval %>
+ max_check_attempts <%= @ng_max_check_attempts %>
+ check_command <%= @ng_host_check_command %>
+ notification_period <%= @ng_notification_period %>
+ notification_interval <%= @ng_notification_interval %>
+ notification_options <%= @ng_notification_options %>
+ contact_groups <%= @ng_contact_groups %>
+ hostgroups windows-servers
+ register <%= @ng_object_register %>
+ }
+<% end -%>
+<% if @ng_template_object_name == 'generic_printer' -%>
+define <%= @ng_template_object %>{
+ name <%= @ng_template_object_name %>
+ use <%= @ng_template_object_use %>
+ check_period <%= @ng_check_period %>
+ check_interval <%= @ng_check_interval %>
+ retry_interval <%= @ng_retry_interval %>
+ max_check_attempts <%= @ng_max_check_attempts %>
+ check_command <%= @ng_host_check_command %>
+ notification_period <%= @ng_notification_period %>
+ notification_interval <%= @ng_notification_interval %>
+ notification_options <%= @ng_notification_options %>
+ contact_groups <%= @ng_contact_groups %>
+ statusmap_image printer.png
+ register <%= @ng_object_register %>
+ }
+<% end -%>
+<% if @ng_template_object_name == 'generic_switch' -%>
+define <%= @ng_template_object %>{
+ name <%= @ng_template_object_name %>
+ use <%= @ng_template_object_use %>
+ check_period <%= @ng_check_period %>
+ check_interval <%= @ng_check_interval %>
+ retry_interval <%= @ng_retry_interval %>
+ max_check_attempts <%= @ng_max_check_attempts %>
+ check_command <%= @ng_host_check_command %>
+ notification_period <%= @ng_notification_period %>
+ notification_interval <%= @ng_notification_interval %>
+ notification_options <%= @ng_notification_options %>
+ contact_groups <%= @ng_contact_groups %>
+ statusmap_image switch.png
+ register <%= @ng_object_register %>
+ }
+<% end -%>
+<% elsif @ng_template_object == 'service' -%>
+<% if @ng_template_object_name == 'generic-service' -%>
+define <%= @ng_template_object %>{
+ name <%= @ng_template_object_name %>
+ active_checks_enabled <%= @ng_active_checks_enabled %>
+ passive_checks_enabled <%= @ng_passive_checks_enabled %>
+ parallelize_check <%= @ng_parallelize_check %>
+ obsess_over_service <%= @ng_obsess_over_service %>
+ check_freshness <%= @ng_check_freshness %>
+ notifications_enabled <%= @ng_notifications_enabled %>
+ event_handler_enabled <%= @ng_event_handler_enabled %>
+ flap_detection_enabled <%= @ng_flap_detection_enabled %>
+ process_perf_data <%= @ng_process_perf_data %>
+ retain_status_information <%= @ng_retain_status_information %>
+ retain_nonstatus_information <%= @ng_retain_nonstatus_information %>
+ is_volatile <%= @ng_is_volatile %>
+ check_period <%= @ng_check_period %>
+ max_check_attempts <%= @ng_max_check_attempts %>
+ check_interval <%= @ng_check_interval %>
+ retry_interval <%= @ng_retry_interval %>
+ contact_groups <%= @ng_contact_groups %>
+ notification_options <%= @ng_service_notification_options %>
+ notification_interval <%= @ng_notification_interval %>
+ notification_period <%= @ng_notification_period %>
+ register <%= @ng_object_register %>
+ }
+<% end -%>
+<% if @ng_template_object_name == 'local-service' -%>
+define <%= @ng_template_object %>{
+ name <%= @ng_template_object_name %>
+ use <%= @ng_template_object_use %>
+ max_check_attempts <%= @ng_max_check_attempts %>
+ check_interval <%= @ng_check_interval %>
+ retry_interval <%= @ng_retry_interval %>
+ register <%= @ng_object_register %>
+ }
+<% end -%>
+<% end -%>
diff --git a/templates/nagios/timeperiods_cfg_head.erb b/templates/nagios/timeperiods_cfg_head.erb
new file mode 100644
index 0000000..133d7f3
--- /dev/null
+++ b/templates/nagios/timeperiods_cfg_head.erb
@@ -0,0 +1,5 @@
+###############################################################################
+########## nagios_timeperiods_add.cfg created by Puppet ##########
+########## manual changes are overwritten! ##########
+###############################################################################
+# rules are created below by external puppet rules.
diff --git a/templates/nagios/timeperiods_cfg_rule.erb b/templates/nagios/timeperiods_cfg_rule.erb
new file mode 100644
index 0000000..53e5830
--- /dev/null
+++ b/templates/nagios/timeperiods_cfg_rule.erb
@@ -0,0 +1,12 @@
+
+define timeperiod {
+ timeperiod_name <%= @ng_timep_name %>
+ alias <%= @ng_timep_alias %>
+ monday <%= @ng_timep_monday %>
+ tuesday <%= @ng_timep_tuesday %>
+ wednesday <%= @ng_timep_wednesday %>
+ thursday <%= @ng_timep_thursday %>
+ friday <%= @ng_timep_friday %>
+ saturday <%= @ng_timep_saturday %>
+ sunday <%= @ng_timep_sunday %>
+ }
diff --git a/templates/selinux/checknagios.erb b/templates/selinux/checknagios.erb
new file mode 100644
index 0000000..d974f95
--- /dev/null
+++ b/templates/selinux/checknagios.erb
@@ -0,0 +1 @@
+ausearch -c 'check_nagios' --raw | audit2allow -M my-checknagios
diff --git a/templates/selinux/checknrpe.erb b/templates/selinux/checknrpe.erb
new file mode 100644
index 0000000..9c0670f
--- /dev/null
+++ b/templates/selinux/checknrpe.erb
@@ -0,0 +1 @@
+ausearch -c 'check_nrpe' --raw | audit2allow -M my-checknrpe
diff --git a/templates/selinux/grep.erb b/templates/selinux/grep.erb
new file mode 100644
index 0000000..22117a4
--- /dev/null
+++ b/templates/selinux/grep.erb
@@ -0,0 +1 @@
+ausearch -c 'grep' --raw | audit2allow -M my-grep
diff --git a/templates/selinux/statuscgi.erb b/templates/selinux/statuscgi.erb
new file mode 100644
index 0000000..aad984f
--- /dev/null
+++ b/templates/selinux/statuscgi.erb
@@ -0,0 +1 @@
+ausearch -c 'status.cgi' --raw | audit2allow -M my-statuscgi
diff --git a/templates/selinux/statusdat.erb b/templates/selinux/statusdat.erb
new file mode 100644
index 0000000..7ecd4c0
--- /dev/null
+++ b/templates/selinux/statusdat.erb
@@ -0,0 +1 @@
+ausearch -c 'httpd' --raw | audit2allow -M my-httpd
diff --git a/templates/selinux/taccgi.erb b/templates/selinux/taccgi.erb
new file mode 100644
index 0000000..13657ad
--- /dev/null
+++ b/templates/selinux/taccgi.erb
@@ -0,0 +1 @@
+ausearch -c 'tac.cgi' --raw | audit2allow -M my-taccgi