Zabbix/checks fsicos2 fsicos3

.gitignore

@@ -42,3 +42,4 @@ devops/roles/icos.postgresql/postgis_restore_log.txt
 devops/roles/icos.postgresql/rdflog_restore_log.txt
 devops/roles/icos.restheart/restheart_restore_log.txt
 
+**/.DS_Store

devops/get_onlyoffice_container_id.yml

@@ -0,0 +1,62 @@
+---
+#
+# Overview:     Get onlyoffice container id  
+# Ver:          251103
+# Updated:      
+#
+# get_onlyoffice_container_id_and_load_fonts.yml
+
+- hosts: fsicos2
+  become: true
+  gather_facts: false
+
+  vars:
+    container_name: "onlyoffice"
+    host_fonts_dir: "/docker/nextcloud/onlyoffice-fonts/aptos_fonts"
+    container_fonts_dir: "/usr/share/fonts/truetype/custom"
+
+  tasks:
+    - name: Detect ONLYOFFICE container ID (short)
+      check_mode: no
+      shell: >
+        docker ps -q --filter "name={{ container_name }}" | head -n1
+      args:
+        executable: /bin/bash
+      register: container_id
+      changed_when: false
+
+    - name: Fail if container not found
+      assert:
+        that: container_id.stdout | trim | length > 0
+        fail_msg: "ONLYOFFICE container not found (name={{ container_name }})."
+
+    - name: Ensure fonts directory exists inside the container
+      check_mode: no
+      shell: >
+        docker exec -u 0 {{ container_id.stdout | trim }}
+        bash -lc 'mkdir -p {{ container_fonts_dir }}'
+      args:
+        executable: /bin/bash
+      changed_when: false
+
+    - name: Copy fonts into the container
+      check_mode: no
+      shell: >
+        docker cp {{ host_fonts_dir }}/.
+        {{ container_id.stdout | trim }}:{{ container_fonts_dir }}/
+      args:
+        executable: /bin/bash
+      changed_when: false
+
+    - name: Refresh font caches and ONLYOFFICE metadata
+      check_mode: no
+      shell: >
+        docker exec -u 0 {{ container_id.stdout | trim }}
+        bash -lc 'fc-cache -f -v && /usr/bin/documentserver-generate-allfonts.sh'
+      args:
+        executable: /bin/bash
+      changed_when: false
+
+    - name: Print container ID
+      debug:
+        msg: "{{ container_id.stdout | trim }}"

devops/roles/icos.nextcloud/README.md

@@ -43,7 +43,10 @@
   - [ ] Calendar functionality
   - [ ] General mounting points
   - [ ] External storage
+<<<<<<< HEAD
   - [ ] OnlyOffice connectivity/document editing
+=======
+>>>>>>> robert-devel
 - [ ] Check system warnings in admin panel
 - [ ] Review error logs
 
@@ -125,7 +128,11 @@ apt-get install -y docker-compose-plugin
 docker compose exec -u www-data app php occ maintenance:mode --on || true
 
 # Make a backup
+<<<<<<< HEAD
 /docker/nextcloud/bbclient/bin/bbclient-coldbackup
+=======
+docker-compose exec -u 33 db pg_dump -U nextcloud nextcloud > backup_29.0.11_$(date +%Y%m%d).sql
+>>>>>>> robert-devel
 
 # Continue with
 docker compose stop app

devops/roles/icos.zabbix_agent/defaults/main.yml

@@ -0,0 +1,7 @@
+---
+# Zabbix variables
+zabbix_scripts_dir: /etc/zabbix/scripts
+zabbix_agent_conf_file: /etc/zabbix/zabbix_agent2.conf
+zabbix_agent_service: zabbix-agent2
+zabbix_server_host: icos-zbx1,127.0.0.1
+

devops/roles/icos.zabbix_agent/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+- name: restart zabbix-agent2
+  systemd:
+    name: "{{ zabbix_agent_service }}"
+    state: restarted
+    daemon_reload: yes

devops/roles/icos.zabbix_agent/tasks/main.yml

@@ -0,0 +1,74 @@
+---
+- name: Install Zabbix repository package on fsicos2 and fsicos3
+  when: ansible_hostname in ['fsicos2', 'fsicos3']
+  block:
+    - name: Copy Zabbix release package to /root/
+      copy:
+        src: files/zabbix-release_7.0-2+ubuntu22.04_all.deb
+        dest: /root/zabbix-release_7.0-2+ubuntu22.04_all.deb
+        owner: root
+        group: root
+        mode: '0644'
+      check_mode: no  
+
+    - name: Install Zabbix repository package
+      apt:
+        deb: /root/zabbix-release_7.0-2+ubuntu22.04_all.deb
+        state: present
+
+    - name: Update apt cache after adding Zabbix repository
+      apt:
+        update_cache: yes
+
+
+- name: Install Zabbix agent2
+  apt:
+    name: zabbix-agent2
+    state: present
+    update_cache: yes
+
+- name: Configure Zabbix agent2 - Set Server parameter
+  lineinfile:
+    path: "{{ zabbix_agent_conf_file }}"
+    regexp: '^Server=.*$'
+    line: 'Server={{ zabbix_server_host }}'
+  register: server_changed
+
+
+
+
+- name: Configure Zabbix agent2 - Set ServerActive parameter
+  lineinfile:
+    path: "{{ zabbix_agent_conf_file }}"
+    regexp: '^ServerActive=.*$'
+    line: 'ServerActive={{ zabbix_server_host }}'
+  register: serveractive_changed
+
+- name: Configure Zabbix agent2 - Set Hostname parameter
+  lineinfile:
+    path: "{{ zabbix_agent_conf_file }}"
+    regexp: '^Hostname=Zabbix server$'
+    line: "Hostname={{ ansible_hostname }}"
+  register: hostname_changed
+
+- name: Create Zabbix scripts directory
+  file:
+    path: "{{ zabbix_scripts_dir }}"
+    state: directory
+    owner: root
+    group: root
+    mode: '0755'
+
+- name: Trigger restart if configuration changed
+  debug:
+    msg: "Zabbix agent2 configuration has been modified"
+  when: server_changed.changed or serveractive_changed.changed or hostname_changed.changed
+  notify: restart zabbix-agent2
+  changed_when: true
+
+- name: Ensure Zabbix agent2 service is started and enabled
+  systemd:
+    name: "{{ zabbix_agent_service }}"
+    state: started
+    enabled: yes
+    daemon_reload: yes

devops/roles/icos.zabbix_checks_fsicos2/README.md

@@ -0,0 +1,62 @@
+# Ansible Role: icos.zabbix_custom_checks
+
+This Ansible role deploys custom Zabbix monitoring checks on fsicos2.
+
+## Role Structure
+
+```
+icos.zabbix_checks_fsicos2/
+├── defaults/
+│   └── main.yml           
+├── handlers/
+│   └── main.yml           
+├── tasks/
+│   └── main.yml           
+├── files/              
+│   ├── check_*.sh     
+│   ├── check_*.py     
+│   ├── custom_*.conf  
+│   └── zabbix         # Sudoers file 
+└── README.md              
+```
+
+## Variables
+
+The following variables are defined in `defaults/main.yml`:
+
+- `zabbix_scripts_dir`: Directory for Zabbix scripts (default: `/etc/zabbix/scripts`)
+- `zabbix_custom_dir`: Directory for custom configurations (default: `/etc/zabbix/zabbix_agent2.d`)
+- `zabbix_sudoers_dir`: Directory for sudoers files (default: `/etc/sudoers.d`)
+- `zabbix_agent_service`: Zabbix agent service name (default: `zabbix-agent2`)
+
+## Tags
+
+The role uses the following tags for selective deployment:
+
+- `fsicos2-checks`: Deploy only fsicos2 custom checks
+- `zabbix-checks`: Deploy all custom checks scripts
+
+## Usage
+
+### Deploy on fsicos2
+```
+just play server-fsicos2 -t fsicos2-checks -D
+```
+
+## Features
+
+1. **Automatic directory creation**: Creates necessary Zabbix directories if they don't exist
+2. **Proper file permissions**: Sets correct ownership and permissions for all files
+3. **Conditional deployment**: Uses blocks with conditions to deploy files only to appropriate hosts
+4. **Sudoers validation**: Validates sudoers files before deployment
+5. **Service restart**: Automatically restarts Zabbix agent after file changes
+6. **Tag-based deployment**: Allows selective deployment using tags
+
+
+## Notes
+
+- The role checks if the host is named 'fsicos2' or 'fsicos3' or belongs to corresponding groups
+- All check scripts are made executable (mode 0755)
+- Configuration files are deployed with read permissions (mode 0644)
+- The Zabbix agent service is restarted only when files are changed
+

devops/roles/icos.zabbix_checks_fsicos2/defaults/main.yml

@@ -0,0 +1,5 @@
+# Zabbix variables
+zabbix_scripts_dir: /etc/zabbix/scripts
+zabbix_custom_dir: /etc/zabbix/zabbix_agent2.d
+zabbix_sudoers_dir: /etc/sudoers.d
+zabbix_agent_service: zabbix-agent2

devops/roles/icos.zabbix_checks_fsicos2/files/check_borg_backup.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+#
+# Ver: 2025-09-21 by Robert
+#
+export BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=yes
+export BORG_RELOCATED_REPO_ACCESS_IS_OK=yes
+
+REPO_BASE_DIR=$1
+REPO_DIR=$(eval echo "$REPO_BASE_DIR")
+repos=$(ls "$REPO_DIR" 2>/dev/null)
+current_time=$(date +%Y-%m-%d)
+
+# Check each repository
+for repo in $repos; do
+    [[ "$repo" == "." || "$repo" == ".." ]] && continue
+    [[ "$repo" == "prometheus.repo" ]] && continue
+
+    latest_archive=$(borg list --format '{time:%Y-%m-%d} {name}' --last=1 "$REPO_BASE_DIR/$repo" 2>/dev/null)
+    if [[ $? -eq 0 && "$latest_archive" != "" ]]; then
+        backup_date=$(echo "$latest_archive" | cut -c1-10)
+        if [[ "$backup_date" != "$current_time" ]]; then
+            echo "FAILURE1: Outdated backup in repo $repo"
+            exit 0  # Important: exit 0 so Zabbix gets the data
+        fi
+    else
+        echo "FAILURE2: Cannot check repo $repo"
+        exit 0  # Important: exit 0 so Zabbix gets the data
+    fi
+done
+
+echo "SUCCESS: All repositories have backups for today ($current_time)"
+exit 0
+