From dfe3c3a509d6835e4b58e6b7de6d5728215127ee Mon Sep 17 00:00:00 2001
From: anima <p.schreiner@4nima.de>
Date: Wed, 29 Jan 2025 21:48:27 +0100
Subject: [PATCH] inital version

---
 Dockerfile | 48 ++++++++++++++++++++++++++++++++++++++++++++++
 init.sh    | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 104 insertions(+)
 create mode 100644 Dockerfile
 create mode 100644 init.sh

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..410f406
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,48 @@
+FROM debian:bookworm-slim
+LABEL maintainer="docker@ao-it.net"
+
+## prepare requirements
+RUN ["bash", "-exo", "pipefail", "-c", "\
+    export DEBIAN_FRONTEND=noninteractive ; \
+    apt update ; \ 
+    apt install -y wget gnupg ; \
+    wget -O - https://packages.icinga.com/icinga.key | \
+    gpg --dearmor -o /usr/share/keyrings/icinga-archive-keyring.gpg ; \
+    source /etc/os-release ; \
+    echo \"deb [signed-by=/usr/share/keyrings/icinga-archive-keyring.gpg] https://packages.icinga.com/debian icinga-${VERSION_CODENAME} main\" > /etc/apt/sources.list.d/${VERSION_CODENAME}-icinga.list ; \
+    echo \"deb-src [signed-by=/usr/share/keyrings/icinga-archive-keyring.gpg] https://packages.icinga.com/debian icinga-${VERSION_CODENAME} main\" >> /etc/apt/sources.list.d/${VERSION_CODENAME}-icinga.list ; \
+    apt clean all ; \
+    rm -vrf /var/lib/apt/lists/* "]
+
+## install icinga2 
+RUN ["bash", "-exo", "pipefail", "-c", "\
+    export DEBIAN_FRONTEND=noninteractive ; \
+    apt update ; \
+    apt install -y icinga2 monitoring-plugins ; \
+    mkdir -p /run/icinga2 ; \
+    chown nagios: /run/icinga2 ; \
+    apt clean all ; \
+    rm -vrf /var/lib/apt/lists/* "]
+
+## create persistend data store
+RUN ["bash", "-exo", "pipefail", "-c", "\
+    mkdir -p /data ; \
+    mkdir -p /data-init/etc/ ; \
+    mkdir -p /data-init/var/ ; \
+    mkdir -p /data-init/plugins ; \
+    mv /etc/icinga2 /data-init/etc/ ; \
+    mv /var/lib/icinga2 /data-init/var/ ; \
+    mv /usr/lib/nagios/plugins /data-init/ ; \
+    ln -vs /data/etc/icinga2 /etc/icinga2 ; \
+    ln -vs /data/var/icinga2 /var/lib/icinga2 ; \
+    ln -vs /data/plugins /usr/lib/nagios/plugins ; \
+"]
+
+EXPOSE 5665
+
+COPY init.sh /root/init.sh
+
+VOLUME ["/data"]
+WORKDIR /
+USER root
+CMD ["bash", "/root/init.sh"]
\ No newline at end of file
diff --git a/init.sh b/init.sh
new file mode 100644
index 0000000..1e97508
--- /dev/null
+++ b/init.sh
@@ -0,0 +1,56 @@
+#!/bin/bash
+
+ICINGA2_FILE_API_CONF=/etc/icinga2/features-enabled/api.conf
+ICINGA2_FILE_API_USER_CONF=/etc/icinga2/conf.d/api-users.conf
+ICINGA2_FILE_ICINGADB_CONF=/etc/icinga2/features-enabled/icingadb.conf
+
+## init icinga config files if need
+if [ -z "$(ls -A /data)" ]; then
+	echo init icinga2 config
+	cp -ax /data-init/* /data
+	rm -rf /data-init
+fi
+
+## init api user
+if [ ! -f "$ICINGA2_FILE_API_CONF" ]; then
+    echo run api setup because no config exists
+    /usr/sbin/icinga2 api setup
+
+    ## only on inital setup replace one time the api root user password if a env var is set
+    if [ ! -z "$ICINGA2_API_USER_ROOT_PASS" ]; then
+        echo set inital api root user password
+        sed -i "s|password = \".*\"|password = \"$ICINGA2_API_USER_ROOT_PASS\"|g" $ICINGA2_FILE_API_USER_CONF
+    fi
+
+    ## only on inital setup create a icingaweb api user if env var is set
+    ## permission source: https://icinga.com/docs/icinga-web/latest/modules/monitoring/doc/05-Command-Transports/
+    if [ ! -z "$ICINGA2_API_USER_ICINGAWEB_PASS" ]; then
+        echo set inital icingadb api user
+        echo 'object ApiUser "icingaweb2" {' >> $ICINGA2_FILE_API_USER_CONF
+        echo "  password = \"$ICINGA2_API_USER_ICINGAWEB_PASS\"" >> $ICINGA2_FILE_API_USER_CONF
+        echo '  permissions = [ "status/query", "actions/*", "objects/modify/*", "objects/query/*" ]' >> $ICINGA2_FILE_API_USER_CONF
+        echo '}' >> $ICINGA2_FILE_API_USER_CONF
+    fi
+fi
+
+## enable icingadb feature if not active
+if [ ! -f "$ICINGA2_FILE_ICINGADB_CONF" ]; then
+    echo enable icingadb
+    /usr/sbin/icinga2 feature enable icingadb
+fi
+
+## replace redis conf is env vars set (anytime)
+if [ ! -z "$ICINGA2_ICINGADB_REDIS_HOST" ]; then
+    echo set new redis host
+    sed -i "s|\(//\)*host = \".*\"|host = \"$ICINGA2_ICINGADB_REDIS_HOST\"|g" $ICINGA2_FILE_ICINGADB_CONF
+fi
+if [ ! -z "$ICINGA2_ICINGADB_REDIS_PORT" ]; then
+    echo set new redis port
+    sed -i "s|\(//\)*port = .*|port = $ICINGA2_ICINGADB_REDIS_PORT|g" $ICINGA2_FILE_ICINGADB_CONF
+fi
+if [ ! -z "$ICINGA2_ICINGADB_REDIS_PASS" ]; then
+    echo set new redis password
+    sed -i "s|\(//\)*password = \".*\"|password = \"$ICINGA2_ICINGADB_REDIS_PASS\"|g" $ICINGA2_FILE_ICINGADB_CONF
+fi
+
+/usr/sbin/icinga2 daemon
\ No newline at end of file