From 32662c3b8487f984bff16577b3dc99201f56bbb8 Mon Sep 17 00:00:00 2001
From: anima <p.schreiner@4nima.de>
Date: Wed, 29 Jan 2025 21:47:44 +0100
Subject: [PATCH] init

---
 README.md                        | 149 +++++++++++++++++++++++++++++++
 gitea/workflows/docker-build.yml |  37 ++++++++
 2 files changed, 186 insertions(+)
 create mode 100644 README.md
 create mode 100644 gitea/workflows/docker-build.yml

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..0e97abc
--- /dev/null
+++ b/README.md
@@ -0,0 +1,149 @@
+# Docker Icinga2
+
+## exampe compose
+### without icingaweb
+```yml
+services:
+  icinga2:
+    image: https://git.ao-it.net/docker/icinga2:latest
+    depends_on:
+      - redis
+    restart: always
+    ports:
+      - 5665:5665  # only need if you plan to use api from other sources as icingaweb2
+    volumes:
+      - ./files/icinga2:/data
+    environment:
+      # REMOVE VARS HERE IF YOU EDIT THE CONFIG DIRECTLY!! 
+      # The variables are primarily for the initial setup, later editing is recommended directly in the icinga config.
+      # Empty or non-existent vars do not change anything
+      - ICINGA2_API_USER_ROOT_PASS: ${API_ROOT_PASS:-changeME!}     # only on fist init! set api user root password
+      - ICINGA2_API_USER_ICINGAWEB_PASS: ${API_ICINGAWEB_PASS:-icingaweb}    # only on first init! create api user icingaweb and set password
+      - ICINGA2_ICINGADB_REDIS_HOST: ${REDIS_HOST:-redis}    # set redis host (anytime)
+      - ICINGA2_ICINGADB_REDIS_PORT: ${REDIS_PORT:-6379}     # set redis port (anytime)
+      #- ICINGA2_ICINGADB_REDIS_PASS:                         # set redis password (anytime)
+
+  redis:
+    image: redis
+    restart: always
+
+  db_icinga:
+    image: mariadb:latest
+    restart: always
+    volumes:
+      - ./files/dbs/icinga2:/var/lib/mysql
+    environment:
+      MARIADB_ROOT_PASSWORD: example
+      MARIADB_DATABASE: ${ICINGA_DB:-icingadb}
+      MARIADB_USER: ${ICINGA_DB_USER:-icingadb}
+      MARIADB_PASSWORD: ${ICINGA_DB_PASS:-icingadb}
+
+  icingadb:
+    image: icinga/icingadb
+    depends_on:
+      - redis
+      - db_icinga
+    restart: always
+    environment:
+      - ICINGADB_REDIS_HOST=${REDIS_HOST:-redis}
+      - ICINGADB_REDIS_PORT=${REDIS_PORT:-6379} 
+      #- ICINGADB_REDIS_PASSWORD=123456
+      - ICINGADB_DATABASE_HOST=db_icinga
+      - ICINGADB_DATABASE_PORT=3306
+      - ICINGADB_DATABASE_DATABASE=${ICINGA_DB:-icingadb}
+      - ICINGADB_DATABASE_USER=${ICINGA_DB_USER:-icingadb}
+      - ICINGADB_DATABASE_PASSWORD=${ICINGA_DB_PASS:-icingadb}
+```
+
+### with icingaweb2
+See: [https://git.ao-it.net/docker/icingaweb2](https://git.ao-it.net/docker/icingaweb2) (planed!)
+In this state you must do the inital web setup manually because: 
+- https://github.com/Icinga/docker-icingaweb2/issues/113 
+All works fine without the role save to DB. The icingaweb2 default admin have no right ...
+> add in services bevor networks
+```yaml
+services: # remove this when you merge it with the example above
+  db_icingaweb:
+    image: mariadb
+    restart: always
+    volumes:
+      - ./files/dbs/icingaweb:/var/lib/mysql
+    environment:
+      MARIADB_ROOT_PASSWORD: example
+      MARIADB_DATABASE: ${ICINGAWEB_DB:-icingaweb}
+      MARIADB_USER: ${ICINGAWEB_DB_USER:-icingaweb}
+      MARIADB_PASSWORD: ${ICINGAWEB_DB_PASS:-icingaweb}
+
+  icingaweb:
+    image: icinga/icingaweb2
+    depends_on:
+      - db_icingaweb
+      - icinga2
+    restart: always
+    ports:
+      - 8080:8080 # only need if no reverse proxy can reach this port docker internaly
+    volumes:
+      - ./files/icingaweb:/data # as docker volume or need: chown 33:33 files/icingaweb
+      - ./files/icingaweb-modules/grafana:/usr/share/icingaweb2/modules/grafana
+```
+
+### target state icingaweb2
+```yaml
+services: # remove this when you merge it with the example above
+  db_icingaweb:
+    image: mariadb
+    restart: always
+    volumes:
+      - ./files/dbs/icingaweb:/var/lib/mysql
+    environment:
+      MARIADB_ROOT_PASSWORD: example
+      MARIADB_DATABASE: ${ICINGAWEB_DB:-icingaweb}
+      MARIADB_USER: ${ICINGAWEB_DB_USER:-icingaweb}
+      MARIADB_PASSWORD: ${ICINGAWEB_DB_PASS:-icingaweb}
+
+  icingaweb:
+    image: icinga/icingaweb2
+    depends_on:
+      - db_icingaweb
+      - icinga2
+    restart: always
+    ports:
+      - 8080:8080 # only need if no reverse proxy can reach this port docker internaly
+    volumes:
+      - ./files/icingaweb:/data # as docker volume or need: chown 33:33 files/icingaweb
+      - ./files/icingaweb-modules/grafana:/usr/share/icingaweb2/modules/grafana
+    environment:
+      - icingaweb.resources.icingaweb_db.type=db
+      - icingaweb.resources.icingaweb_db.db=mysql
+      - icingaweb.resources.icingaweb_db.host=db_icingaweb
+      - icingaweb.resources.icingaweb_db.dbname=${ICINGAWEB_DB:-icingaweb}
+      - icingaweb.resources.icingaweb_db.username=${ICINGAWEB_DB_USER:-icingaweb}
+      - icingaweb.resources.icingaweb_db.password=${ICINGAWEB_DB_PASS:-icingaweb}
+      - icingaweb.resources.icingaweb_db.charset=utf8mb4
+      - icingaweb.authentication.icingaweb2.backend=db
+      - icingaweb.authentication.icingaweb2.resource=icingaweb_db
+      - icingaweb.groups.icingaweb2.backend=db
+      - icingaweb.groups.icingaweb2.resource=icingaweb_db
+      - icingaweb.config.global.config_backend=db
+      - icingaweb.config.global.config_resource=icingaweb_db
+      - icingaweb.roles.Administrators.permissions='*'
+      - icingaweb.roles.Administrators.groups=Administrators
+      - icingaweb.roles.Administrators.users=${ICINGAWEB_USER:-icingaadmin}
+      - icingaweb.passwords.icingaweb2.icingaadmin=${ICINGAWEB_PASS:-changeME!}
+      - icingaweb.config.logging.log=php
+      - icingaweb.enabledModules=icingadb
+      - icingaweb.resources.icingadb.type=db
+      - icingaweb.resources.icingadb.db=mysql
+      - icingaweb.resources.icingadb.host=db_icinga
+      - icingaweb.resources.icingadb.dbname=${ICINGA_DB:-icingadb}
+      - icingaweb.resources.icingadb.username=${ICINGA_DB_USER:-icingadb}
+      - icingaweb.resources.icingadb.password={ICINGA_DB_PASS:-icingadb}
+      - icingaweb.resources.icingadb.charset=utf8mb4
+      - icingaweb.modules.icingadb.config.icingadb.resource=icingadb
+      - icingaweb.modules.icingadb.redis.redis1.host=${REDIS_HOST:-redis}
+      - icingaweb.modules.icingadb.redis.redis1.port=${REDIS_PORT:-6379} 
+      - icingaweb.modules.icingadb.commandtransports.icinga2.transport=api
+      - icingaweb.modules.icingadb.commandtransports.icinga2.host=icinga2
+      - icingaweb.modules.icingadb.commandtransports.icinga2.username=icingaweb
+      - icingaweb.modules.icingadb.commandtransports.icinga2.password=${API_ICINGAWEB_PASS:-icingaweb}
+```
\ No newline at end of file
diff --git a/gitea/workflows/docker-build.yml b/gitea/workflows/docker-build.yml
new file mode 100644
index 0000000..d6cd440
--- /dev/null
+++ b/gitea/workflows/docker-build.yml
@@ -0,0 +1,37 @@
+name: build container icinga2
+on: 
+  push:
+    paths:
+      - 'Dockerfile'
+      - 'init.sh'
+
+defaults:
+  run:
+    working-directory: ./icinga2
+
+env:
+  REGISTRY_HOST: git.ao-it.net
+  CONTAINER_TAG: ${{ gitea.repository }}
+  CONTAINER_VERSION: latest
+
+jobs:
+  deploy:
+    runs-on: test
+    steps:
+      - name: clone repo
+        working-directory: ${{ gitea.workspace }}
+        run: git clone https://$TOKEN@${{ vars.AOIT_GIT_URL }}/${{ gitea.repository }}
+        env:
+          TOKEN: ${{ secrets.SERVICE_USER_TOKEN }}
+      - name: docker build
+        run: docker build -t $REGISTRY_HOST/$CONTAINER_TAG:$CONTAINER_VERSION .
+      - name: upload container ...
+        run: | 
+          docker login $REGISTRY_HOST -u $REGISTRY_USER -p $REGISTRY_PASS
+          docker push $REGISTRY_HOST/$CONTAINER_TAG:$CONTAINER_VERSION
+          docker logout
+        env:
+          REGISTRY_USER: ${ secrets.REGISTRY_USER }
+          REGISTRY_PASS: ${ secrets.TOKEN_SVC_DOCKER }
+      - name: docker cleanup image and layer ... 
+        run: docker builder prune -af