From 04ff12a14ffa56b3df52c0c0248a9823a8c046a5 Mon Sep 17 00:00:00 2001
From: anima <p.schreiner@4nima.de>
Date: Sun, 2 Feb 2025 20:18:03 +0100
Subject: [PATCH] add option for ticket api user

---
 README.md | 16 +++++++++++++++-
 init.sh   |  8 ++++++++
 2 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 7e70d68..24c30a0 100644
--- a/README.md
+++ b/README.md
@@ -25,4 +25,18 @@ All other var can be use at is, because all is in docker network and not exposed
 
 Hints: 
 * API user setup only runs once at start up!
-* Redis conf runs every time
\ No newline at end of file
+* Redis conf runs every time
+
+## vars 
+
+var | description | note 
+--- | --- | ---
+ICINGA2_API_USER_ROOT_PASS | replace `root` API user randome password with this | only on first setup
+ICINGA2_API_USER_ICINGAWEB_PASS | create API user `icingadb` with this password | only on first setup, if not set user will not create
+ICINGA2_API_USER_SATELLITE_PASS | create API user `pki-ticket` with this password | only on first setup, if not set user will not create
+ICINGA2_ICINGADB_REDIS_HOST | set redis db host | can set by every startup
+ICINGA2_ICINGADB_REDIS_PORT | set redis db port | can set by every startup
+ICINGA2_ICINGADB_REDIS_PASS | set redis db password | usually not required can set by every startup
+ICINGA2_INFLUXDB_HOST | set influx db host | can set by every startup
+ICINGA2_INFLUXDB_PORT | set influx db port | can set by every startup
+ICINGA2_INFLUXDB_DB | set influx db name | can set by every startup
\ No newline at end of file
diff --git a/init.sh b/init.sh
index e6ab954..22c1cd0 100644
--- a/init.sh
+++ b/init.sh
@@ -32,6 +32,14 @@ if [ ! -f "$ICINGA2_FILE_API_CONF" ]; then
         echo '  permissions = [ "status/query", "actions/*", "objects/modify/*", "objects/query/*" ]' >> $ICINGA2_FILE_API_USER_CONF
         echo '}' >> $ICINGA2_FILE_API_USER_CONF
     fi
+    if [ ! -z "$ICINGA2_API_USER_SATELLITE_PASS" ]; then
+        echo set inital icingadb api user
+        echo 'object ApiUser "pki-ticket" {' >> $ICINGA2_FILE_API_USER_CONF
+        echo "  password = \"$ICINGA2_API_USER_SATELLITE_PASS\"" >> $ICINGA2_FILE_API_USER_CONF
+        echo '  permissions = [ "actions/generate-ticket" ]' >> $ICINGA2_FILE_API_USER_CONF
+        echo '}' >> $ICINGA2_FILE_API_USER_CONF
+
+    fi
 fi
 
 ## enable icingadb feature if not active