From e3cf3f8fb2c168840f7e6cd8b5104eb97be24cb4 Mon Sep 17 00:00:00 2001 From: KemoNine Date: Wed, 5 Aug 2020 00:55:55 +0000 Subject: [PATCH] Initial implementation of wireguard monit checks --- inventory.example | 4 +++- roles/monit/defaults/main.yml | 1 + roles/monit/templates/wireguard | 5 +++++ 3 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 roles/monit/templates/wireguard diff --git a/inventory.example b/inventory.example index bf4d92f..3fdb88d 100644 --- a/inventory.example +++ b/inventory.example @@ -8,6 +8,9 @@ all: frames: hosts: frame1: + vars: + monit_wireguard: true + monit_wireguard_ip: 192.168.254.1 wg: hosts: frame1: @@ -34,7 +37,6 @@ wg: - iptables -D -A INPUT -i wg0 -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT - iptables -D -A INPUT -i wg0 -s 192.168.254.0/24 -d 0.0.0.0/0 -j DROP vars: - monit_wireguard: true wireguard_port: 51821 wireguard_endpoint: 10.5.5.246 wireguard_persistent_keepalive: 30 diff --git a/roles/monit/defaults/main.yml b/roles/monit/defaults/main.yml index 122714b..493743d 100644 --- a/roles/monit/defaults/main.yml +++ b/roles/monit/defaults/main.yml @@ -12,6 +12,7 @@ monit_filesystems: # Monitor WireGuard? monit_wireguard: false +monit_wireguard_ip: 192.168.254.1 # Username / password for monit web service monit_web_user: "admin" diff --git a/roles/monit/templates/wireguard b/roles/monit/templates/wireguard new file mode 100644 index 0000000..2d0509b --- /dev/null +++ b/roles/monit/templates/wireguard @@ -0,0 +1,5 @@ +check host wireguard address {{ monit_wireguard_ip }} + start program = "/usr/bin/systemctl start wg-quick@wg0" + stop program = "/usr/bin/systemctl stop wg-quick@wg0" + if does not exist then alert + if does not exist for 3 cycles then restart