Added smol monitoring server deployment.

playbooks/smolmonitor.yaml

@@ -0,0 +1,49 @@
+---
+- name: Configure mini-monitoring server
+  hosts: smolmonitor
+  tasks:
+    - name: Performing APT cache update and package upgrade
+      ansible.builtin.apt:
+        upgrade: yes
+        update_cache: yes
+        cache_valid_time: 86400
+      become: true
+      become_method: sudo
+    - name: Update/install necessary packages
+      ansible.builtin.package:
+        name:
+          - vim
+          - wget
+          - curl
+          - openssl
+        state: latest
+      become: true
+      become_method: sudo
+    - name: Download vim config from aperture (root)
+      ansible.builtin.get_url:
+        dest: /root/.vimrc
+        url: https://aperture.dismyserver.net/.vimrc
+      become: true
+      become_method: sudo
+
+    - name: Verify misc script dir exists
+      ansible.builtin.file:
+        path: /opt/sublight/scripts
+        state: directory
+
+####- certificate monitoring script
+
+    - name: Verify certificate script is deployed
+      ansible.builtin.template:
+        dest: /opt/sublight/scripts/collect-certdata.sh
+        src: /root/ansible/templates/collect-certdata.sh.j2
+        mode: '0744'
+    - name: Ensure cert monitoring script is scheduled
+      ansible.builtin.cron:
+        name: "Poll cert data"
+        minute: "*"
+        job: "/opt/sublight/scripts/collect-certdata.sh"
+        user: root
+        state: present
+      become: true
+      become_method: sudo

templates/collect-certdata.sh.j2

@@ -0,0 +1,32 @@
+#!/bin/bash
+
+# Recommended crontab:
+#   * *   *   *   *    /path/to/collect-certdata.sh
+
+influx_host="{{ influx_host }}"
+influx_path="/api/v2/write"
+influx_org="{{ influx_org }}"
+influx_bucket="{{ influx_bucket }}"
+influx_token="{{ influx_token }}"
+influx_metric="certificate"
+domains=({% for dns in certificate_monitor_domains %}"{{dns}}" {% endfor %})
+
+influx_url="${influx_host}${influx_path}?org=${influx_org}&bucket=${influx_bucket}"
+influx_header_auth="Authorization: Token ${influx_token}"
+influx_header_content="Content-Type: text/plain; charset=utf-8"
+influx_header_accept="Accept: application/json"
+
+for dn in ${domains[@]}; do
+ certificate="$(openssl s_client -connect ${dn}:443 2>/dev/null </dev/null | openssl x509)"
+
+ # Calculation broken down from https://gist.github.com/holly/4205943
+ datestr=`echo "${certificate}" | openssl x509  -enddate -noout | cut -d'=' -f2`
+ daystr=`date -d "$datestr" "+%s"`
+ current_time=$(date "+%s")
+ days=`echo $((($daystr - $current_time) / 60 / 60 / 24))`
+
+ data="${influx_metric},domain=${dn} remaining=${days}i"
+
+ curl --request POST "${influx_url}" --header "${influx_header_auth}" --header "${influx_header_content}" --header "${influx_header_accept}" --data-binary "${data}"
+
+done