Updates

ansible.cfg

@@ -0,0 +1,15 @@
+[defaults]
+inventory      = ../inventory.yml
+gathering      = smart
+roles_path     = roles
+forks          = 4
+
+
+# if set to a persistent type (not 'memory', for example 'redis') fact values
+# from previous runs in Ansible will be stored.  This may be useful when
+# wanting to use, for example, IP information from one group of servers
+# without having to talk to them in the same playbook run to get their
+# current IP information.
+fact_caching = jsonfile
+fact_caching_connection = $HOME/.ansible/facts
+fact_caching_timeout = 600

get_facts.yml

@@ -0,0 +1,12 @@
+- name: Get Facts data from API get_facts.yml
+  uri:
+    url: "{{ netbox_uri }}{{ url }}{{ device }}"
+    method: GET
+    validate_certs: false
+    headers: 
+      Content-Type: application/json
+      Authorization: "{{ netbox_api_token }}"
+    status_code: 200, 201
+  register: results
+
+- set_fact: tags="{{ results.json.results | map(attribute='tags') | flatten }}"

group_vars/all.yml

@@ -0,0 +1,13 @@
+---
+# LibreNMS Settings
+librenms_uri: https://librenms.2000cn.com.au/api/v0
+librenms_api_token: 07b06c1d2f1be50513287e8a8bb29cb7
+
+# Netbox Settings
+netbox_uri: https://netbox.2000cn.com.au/api/
+netbox_api_token: Token cbf5a5c36da54db3c413d0a6d1ff1da7ef0909d7
+
+
+# Zabbix Settings
+zabbiix_uri: https://zabbix.2000cn.com.au/zabbix/api_jsonrpc.php
+zabbix_api_token: ec05e15fd06f1f9e1bc6e26526ea71c69bea4e210424514b026ebd939ef9e280

handlers/apache.yml

@@ -0,0 +1,5 @@
+- name: systemd reload on change
+  ansible.builtin.systemd:
+    state: restarted
+    daemon_reload: yes
+    name: apache

install_snmpd.yml

@@ -0,0 +1,51 @@
+---
+- name: Installing SNMPD
+  hosts: zabbix
+  gather_facts: true
+  vars_files:
+    - vars/external_vars.yml
+
+  tasks:
+    - name: Debug
+      debug:
+        msg: "{{ item }}"
+      loop: "{{ query('inventory_hostnames', 'all') }}"
+
+    - name: Debug
+      debug:
+        msg: "{{ ansible_distribution }}"
+
+
+#- name: Include vars/external_vars
+#  ansible.builtin.include_tasks:
+#    file: get_facts.yml
+#  tags:
+#    - ansible.facts['tag'] = "snmpd"
+#    - ansible.facts['status']['value'] = 'active'
+
+#- hosts:
+#  - snmpd
+#  roles:
+#    - snmpd
+#  tags:
+#    - ansible.facts['tag'] = "snmpd"
+
+#  tasks:
+
+#    
+
+#    - name: Debug
+#      debug: 
+#        msg:  "{{ results }}"
+
+#    - name: Install snmpd
+#      ansible.builtin.apt:
+#        name: snmpd
+#        state: present
+
+#    - set_fact: tags="{{ results.json.results | map(attribute='tags') | flatten }}"
+
+#    - ansible.builtin.include_tasks: tasks/file_managment/distro.yml
+#    - ansible.builtin.include_tasks: tasks/file_managment/osupdate.yml
+#    - ansible.builtin.include_tasks: tasks/file_managment/snmpd.conf.yml
+#    - ansible.builtin.include_tasks: tasks/restart/snmpd.yml

install_zabbix.yml

@@ -0,0 +1,25 @@
+---
+- name: Installing zabbix_agent
+  hosts: all
+#    - all
+  gather_facts: False
+  vars_files:
+   - vars/external_vars.yml
+
+#  tasks:
+#    - name: Debug
+#      debug:
+#        msg: "{{ hostvars['scratchy.2000cn.com.au'] }}"
+      #loop: "{{ query('hostvars', 'all') }}"
+
+#- name: Register vars
+#  ansible.builtin.include_vars: vars/external_vars.yml
+#- hosts:
+#  - zabbix
+#  roles:
+#    - zabbix_agent
+
+- hosts: 
+  - linux
+  roles: 
+  - linux

librenms.api.yml

@@ -0,0 +1,16 @@
+- name: Get inventory from LibreNMS
+  uri:
+    url: "{{ librenms_uri }}{{ librenms_url }}{{ device }}"
+    method: GET
+    validate_certs: false
+    headers:
+      X-Auth-Token: "{{ api_token }}"
+    body_format: json
+    status_code: 200, 201, 404
+  register: results
+
+- name: Debug api results
+  debug:
+    msg: "{{ results['json']['status'] }}"
+
+        

librenms.yml

@@ -0,0 +1,18 @@
+---
+- name: LibreNMS Actions
+  hosts:
+    - "{{ device }}"
+  gather_facts: no
+  vars:
+    librenms_url: "{{ librenms_url }}"
+  vars_files:
+    - vars/external_vars.yml
+
+  tasks:
+    - ansible.builtin.include_tasks: get_facts.yml
+
+#    - name: Debug
+#      debug: 
+#        msg:  "{{ results['json']['results'][0] }}"
+
+    - ansible.builtin.include_tasks: tasks/actions/check_in_librenms.yml

manage_snmpd.conf.yml

@@ -0,0 +1,20 @@
+---
+- name: Updating /etc/snmp/snmpd.conf
+  hosts:
+    - "{{ device }}"
+  gather_facts: no
+  vars_files:
+    - vars/external_vars.yml
+
+  tasks:
+
+    - ansible.builtin.include_tasks: get_facts.yml
+
+#    - name: Debug
+#      debug: 
+#        msg:  "{{ results }}"
+
+    - ansible.builtin.include_tasks: tasks/file_managment/distro.yml
+    - ansible.builtin.include_tasks: tasks/file_managment/osupdate.yml
+    - ansible.builtin.include_tasks: tasks/file_managment/snmpd.conf.yml
+    - ansible.builtin.include_tasks: tasks/restart/snmpd.yml

manage_snmpd.yml

@@ -0,0 +1,22 @@
+---
+- name: Update snmpd systemd file
+  hosts: linux
+  gather_facts: false
+
+  tasks:
+    - name: Manage file /lib/systemd/system/snmpd.service
+      template:
+        src: files/snmpd.service.j2
+        dest: /lib/systemd/system/snmpd.service
+        owner: root
+        group: root
+        mode: 0644
+      register: systemd
+
+    - name: systemd reload on change
+      ansible.builtin.systemd:
+        state: restarted
+        daemon_reload: yes
+        name: snmpd
+      when: systemd.changed
+    

manage_ssl_certificate.yml

@@ -0,0 +1,17 @@
+---
+- name: Updating /etc/ssl files
+  hosts:
+    - "{{ device }}"
+  gather_facts: no
+  vars_files:
+    - vars/external_vars.yml
+
+  tasks:
+
+    - ansible.builtin.include_tasks: get_facts.yml
+
+#    - name: Debug
+#      debug: 
+#        msg:  "{{ results }}"
+
+    - ansible.builtin.include_tasks: tasks/file_managment/ssl_certificate.yml

roles/linux/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: apt_update
+  ansible.builtin.apt:
+    update_cache: yes
+  changed_when: false

roles/linux/tasks/apt_source.yml

@@ -0,0 +1,50 @@
+######################################################
+# Manage APT Sources
+######################################################
+
+
+- name: Manage /etc/apt/sources.list
+  ansible.builtin.template:
+    src: sources.list.j2
+    dest: /etc/apt/sources.list
+    owner: root
+    group: root
+    mode: 0755
+  when: ansible_facts['distribution'] == "Debian"
+  notify: apt_update
+
+
+- name: Manage /etc/apt/apt.conf.d/no-bookworm-firmware.conf
+  ansible.builtin.copy:
+    src: no-bookworm-firmware.conf
+    dest: /etc/apt/apt.conf.d/no-bookworm-firmware.conf
+    owner: root
+    group: root
+    mode: 0644
+  when: 
+    - ansible_facts['distribution'] == "Debian"
+    - ansible_facts['distribution_major_version'] == "12"
+  notify: apt_update
+
+
+- name: Remove /etc/apt/sources.list.d/security_debian_org_debian_security.list
+  ansible.builtin.file:
+    path: /etc/apt/sources.list.d/security_debian_org_debian_security.list
+    state: absent
+
+
+- name: Update all packages to their latest version
+  ansible.builtin.apt:
+    name: "*"
+    state: latest
+  changed_when: false
+
+- name: Autoremove no longer needed packages
+  ansible.builtin.apt:
+    autoremove: yes
+  changed_when: false
+
+- name: Autoclean cache
+  ansible.builtin.apt:
+    autoclean: yes
+  changed_when: false

roles/linux/tasks/files/2000cn.com.au.key

@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCp2asaNj7ajHKE
+sv1LKbSeus0XDdWpWn00m0jOq4IAv92a0jBw2eylTLhK6sZzE/75doyD4De64/ft
+t+MydX3+Qw+kX81NM34+ReYrnOv18dEqU+9vMhP1Oe5o2HZDcNSHAWMvNKITwKWP
+51xW8vV60bew45dSn4aMITUtImrnyxKsM2LuE3Gzx26udyoVktorwyLZMlFJvGgV
+qAea5e8lcAmiQtbnGwbZDO/5jhrxD4ZaQVbykQHXFdgdQ5ZnJJDwABftZkEw9SBE
+w3Fb+1jq+q8XDQmn7lbvSO4/Ty7RCtYGH3LFByrapFU5cSTFJdXtOPWzt2K/t5sr
+Zh0ueu7P/AgPxd/xGlLaJlgF5gWeMOm5rTCKrQXEAFu2Z6+GrBCDefxQLPLIRGtl
+iu/oW86OsPoQJgmEGGXaE0JlcbeUXBuEKb62NsOjfvvb3z/GJz0qnB10jbz61wAw
+iMnkNpFLHiRWPyUIIUwfB0Rjv2cY/Eyg4xxQTfPCGdYFxc/UcQL0UlFv8ZA5MpoZ
+mP/GwEHfsjV2Dq9WElQNvMc8ztLLZGDudnDkkm9PlB0dHlvSDa9oPEccf3WaekTS
+bYdiLcUw0O/5/sBPpe2wAX6xU6OqgxH2nm+tL5Z21t+ct61juiuhGPyibciMo8KV
+t+2QCmDw9naqaGS52VEx9DTpMQXXnQIDAQABAoICAQCjrUnwiYPKcfvNmvryWq9f
+Ix6Ob9uNRtFPR7FC0A4IkNyJ3LGnnqoopSUXtOUmcoeMeMxyLTknVZZPM5yyvHx8
+8Lz7JwMduViXxB5Juv+8U5rAUoByxGxtLbVsveRBm1KDAzhEflEN/eDOKyNV+u3K
+vJxqzve9PFOZaErpQriIxK4q2Z4lVQGGQNKNN/KLNage8f38Fjw1dWVMMU+a2qe5
+iR0Pi5+yt93CfnAnKeUWlmJfSYXzXP/L+JX5pW8j2B3/2ec09AwwlJfTDBCKlk2a
+q5bc/MhoVwrZrotA4Rp5ghq7bcTYz85hQmmKYFkRzyM3ZmOIG1oC7HmQuee3KepF
+WzOZYMg29+4ks5V1xW1j0+G1GYOKxHNI/yx4qV/mT+aKCNcRIDfa3yI77i+ARmbE
+MoS/8+6gCVOtdbDJx6WcvPI7xfQ3uMf+0w4xX1RXRGqAHTPYfN8GHva1jtoNzg36
+PBbHc1GwCT3jnPzXKS3vn7LDPZ0wgmuImMO8MeKlrsbrCyVsKiRPe8QfB/Tyf0UT
+0PAIRwQvyHmdjY7Oi2gma0vgmpUHLuiQJvbplRhpEa7J8ZYFWNkGlfVouMdAVaVV
+5CX53THwnTnESDdHdIFERBzJxwi0XkCuV5xybMz3QKLM3Bh33q3/cR2TtOX4B7+k
+e+wxAYJkt7G/ckrm142sdQKCAQEA1/dzh6vPsXkUA/StRk4CsI2j78+ugdgNgZyR
+bfWLNuGg82rJBStF4Y7RNoIY+wYUErjE4S9QRoE7T+xLaPzs6PFkj2DsJUCw6D1c
+7e1QGl6gQPsPvsnlMl3yOkwsZmTNDu/JhjLBjZttQ/J42ZmvS+gwdlxkLIJVj9HI
+J2pd+jrAnOlm81T8tL2hlh/dSvb9AIF6deyBDZWGUemhX9xFCX2wYgwIalmcvASQ
+RnzPEtziCUClbMkK7F9eVyHyM0SAt/LuJ7ihKw+5BEUJ/o01cKWgbkJ1eBHzhs28
+WplzoHMYnld1H/zh2YqB5256FabQAW18WE/TQ8UV21K2sCI3AwKCAQEAyVXMKHhm
+oHsQopNugE5LxIBRxHYYZE8DyB0LfNK43xPv9R2Z+5qqNT84tuphhicAJN1R9m00
+E1FozRR6NMTeDn3QREo4Yorhx1iC+14udkk7IZQe3bbl3k3KTgW/Vgi3AtV441+/
+ZXnxr/2wW04vk0ELSK8NF2TrNuXW53MSeV+1AOKUcattVACKuNItQacEgjA1yvt2
+8iIH1QzYsYPQo1S5qE3o8AWFUSExsRVCXDeC1E6LiimFWPtPs8xtxAZUie+uhvpU
+fbxDBFx2aUy5Au85qg9Ye0xgnQwI/8W7rpYLNJtwyD+19wr0UAeRa1BocE4AOQhg
+5AFdhl8swf6k3wKCAQAaJ7TNLIilxLUg2YQWrKH0weKly3Al94WDOfP+7irjBaZZ
+dIhN4PTAoWxC/rSJyi2qKshlQTamo0YMouBrIZ6Lg5ibKLDQvinupmfXxNLbrrQX
+ypAYmhjw5aHNX6ZM7E5NTcsJPqJkRPuRrA7ow40QU1lzLDNRlKNKHKzx4RbqlCz5
+k+bM93D3brPgG5HQX2M6qXOsTm0+uOogh3vswR93S8qNxUlLn/i0aJUUhE8LyMZz
+OmoOZ7az88TYJptPjC9Ol9Qx6VFThr7wfm/8bRuYveZVFCVn2jy1CbuS+VyghO/p
+VUwxCI5Nq1GaNq4Aa0hrs9fIVjqOzZKdEkJfyHUDAoIBAQCWmk5IK6AhBU1xPzVW
+VrsIdzAy9F/UkOJ0S32vVnUhsWk6gnUPpycRA4SqFvLyhbPu33sTCab9mFT7qwiq
+9mRglK44lwhMdjTjiAsaet3ob2kC+iiIkuqp+qiM6nGwqn4zaXmvI40pHCm1CuBj
+vD2MOgh1yzPQvxXPj+fMY+B62COuUM7XpHL4dhtOmzFtPcD6nZNvjeDwyJHxRVXG
+m6JyusrR4c2P1aFfCaSBITTthDyiEUsCA4MTB5IcHZwyGMYeFCMKJrETCMNcvMl6
+hQCT+Fy7IBWAzaYrc7g7ky6MLwKczHV15Wp5LEGKp86YZqJo93/lKaZIh9jszb7O
+MmwjAoIBACK5dJ5YxPLZS7qXH13U8okYJ9ccZsIwPctQgQTI2RKGjb2rzyizx7dQ
+UvHEFjEKF82lyzPNvXRmn8BVLi2pmdFgutjU6a7w44p60XNfox+lCdPuaSwer1Xs
+cdifm7YCuZaK1SV5UiJ0s6fRS5jP4lvEgNtIV3uPePMMprB739KZPghy6PQnY/ph
+VkbA7sg9uVEgwK+e6an5YbgwjEhkwo8DUTbhZxu0UwDtfNC2eHaejkcLxt803Grh
+cnZIyHuweV8n77T2VfxF39QbchA//m5T/ztIGspl/eYhXHWBXH7RZmRTyRucdYu6
+qzWOG1XkTmTA2bhUzyEwcMbHHuJPiUo=
+-----END PRIVATE KEY-----

roles/linux/tasks/files/2000cn.com.au.pem

@@ -0,0 +1,41 @@
+-----BEGIN CERTIFICATE-----
+MIIHNjCCBh6gAwIBAgIRAPjfNerdpjC6vh3Z31fVTw0wDQYJKoZIhvcNAQELBQAw
+gY8xCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
+BgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDE3MDUGA1UE
+AxMuU2VjdGlnbyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD
+QTAeFw0yMzA4MDkwMDAwMDBaFw0yNDA5MDgyMzU5NTlaMBoxGDAWBgNVBAMMDyou
+MjAwMGNuLmNvbS5hdTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKnZ
+qxo2PtqMcoSy/UsptJ66zRcN1alafTSbSM6rggC/3ZrSMHDZ7KVMuErqxnMT/vl2
+jIPgN7rj9+234zJ1ff5DD6RfzU0zfj5F5iuc6/Xx0SpT728yE/U57mjYdkNw1IcB
+Yy80ohPApY/nXFby9XrRt7Djl1KfhowhNS0iaufLEqwzYu4TcbPHbq53KhWS2ivD
+ItkyUUm8aBWoB5rl7yVwCaJC1ucbBtkM7/mOGvEPhlpBVvKRAdcV2B1DlmckkPAA
+F+1mQTD1IETDcVv7WOr6rxcNCafuVu9I7j9PLtEK1gYfcsUHKtqkVTlxJMUl1e04
+9bO3Yr+3mytmHS567s/8CA/F3/EaUtomWAXmBZ4w6bmtMIqtBcQAW7Znr4asEIN5
+/FAs8shEa2WK7+hbzo6w+hAmCYQYZdoTQmVxt5RcG4QpvrY2w6N++9vfP8YnPSqc
+HXSNvPrXADCIyeQ2kUseJFY/JQghTB8HRGO/Zxj8TKDjHFBN88IZ1gXFz9RxAvRS
+UW/xkDkymhmY/8bAQd+yNXYOr1YSVA28xzzO0stkYO52cOSSb0+UHR0eW9INr2g8
+Rxx/dZp6RNJth2ItxTDQ7/n+wE+l7bABfrFTo6qDEfaeb60vlnbW35y3rWO6K6EY
+/KJtyIyjwpW37ZAKYPD2dqpoZLnZUTH0NOkxBdedAgMBAAGjggL/MIIC+zAfBgNV
+HSMEGDAWgBSNjF7EVK2K4Xfpm/mbBeG4AY1h4TAdBgNVHQ4EFgQU85h6GEZjE7YC
+ohVM6iNKzK+jm0cwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0l
+BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMEkGA1UdIARCMEAwNAYLKwYBBAGyMQEC
+AgcwJTAjBggrBgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EM
+AQIBMIGEBggrBgEFBQcBAQR4MHYwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQuc2Vj
+dGlnby5jb20vU2VjdGlnb1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJD
+QS5jcnQwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLnNlY3RpZ28uY29tMCkGA1Ud
+EQQiMCCCDyouMjAwMGNuLmNvbS5hdYINMjAwMGNuLmNvbS5hdTCCAX0GCisGAQQB
+1nkCBAIEggFtBIIBaQFnAHYAdv+IPwq2+5VRwmHM9Ye6NLSkzbsp3GhCCp/mZ0xa
+OnQAAAGJ2c73cgAABAMARzBFAiAyERlz0hcreWXtwpbwqwbgKHxdpNSajYSLwW0C
+wFso2AIhALEsupPmdvuWQpxWMlcZLi6EQDExVJi87loafQ2L8zvcAHUA2ra/az+1
+tiKfm8K7XGvocJFxbLtRhIU0vaQ9MEjX+6sAAAGJ2c73xQAABAMARjBEAiAzXHLS
+GjDtJv6lVNa9guVMsHh6wTzBFtOg6kuhyUWcSgIgJ3mPjmGKjnU92pkaME/a026J
+tpmPoz+p9rZsybBx5b0AdgDuzdBk1dsazsVct520zROiModGfLzs3sNRSFlGcR+1
+mwAAAYnZzvehAAAEAwBHMEUCIGG3EWwRgas6H87fiUIueLvp11iQs/0cyxppEf57
+uMfsAiEA3l2DBKQn8DgSnUBy+PEB2648sC1HYDOvyscMha0Gz0cwDQYJKoZIhvcN
+AQELBQADggEBALt+QI3eT/tnCnLCLoNLffpMGgtEPSUi/r3oq6YRYv+LEWL5nTFB
+sP8dF/b+kU+bRoHQ3lyJXDdHKe4sk/Z5FlHlre1dagJDitd69qvhWxEqxwL7MFV4
+c3Z6PqYInWnUAgkqwxHT7CKI/IdG2fpOk8n4iqIMwowH1trz6mIsWOE6O6EEDqw/
+h6Fd8dUhKY1D0s1EAqwEvilsyo1km6bFjciB0POQPyGft5bBcLJOa0yOxSFM8C9o
+1x6ioCPqJIiMPMcvCRiyOXmbuUlng0g6kImSVEIflDcfb0A/ZdLTsuwVmQ3jYcSf
+Ai+wqBd0Iq0PaTRREOLvnj24X36uTeW+xpk=
+-----END CERTIFICATE-----

roles/linux/tasks/files/no-bookworm-firmware.conf

@@ -0,0 +1 @@
+APT::Get::Update::SourceListWarnings::NonFreeFirmware "false";

roles/linux/tasks/hosts_file.yml

@@ -0,0 +1,31 @@
+######################################################
+# Manage Hosts File on Linux
+######################################################
+
+
+- name: Get vm device details
+  ansible.builtin.uri:
+    url: "{{ netbox_uri }}/ipam/ip-addresses/?{% if 'is_virtual' in  group_names %}virtual_machine{% else %}device{% endif %}={{ inventory_hostname|urlencode() }}"
+    method: GET
+    validate_certs: false
+    headers:
+      Content-Type: application/json
+      Authorization: "{{ netbox_api_token }}"
+    status_code: [200, 201]
+    return_content: true
+  register: results
+  check_mode: false
+
+
+- name: Manage Linux file /etc/hosts
+  loop: "{{ results['json']['results'] }}"
+  when: item.dns_name | length > 0
+  loop_control:
+    label: "{{ item.dns_name }}"
+  template:
+    src: hosts.j2
+    dest: /etc/hosts
+    owner: root
+    group: root
+    mode:  0644
+    backup: yes

roles/linux/tasks/main.yml

@@ -0,0 +1,23 @@
+- name: Task apt_source.yml
+  ansible.builtin.import_tasks:
+    file: apt_source.yml
+
+- name: Task sudo.yml
+  ansible.builtin.import_tasks:
+    file: sudo.yml
+
+- name: Task ssl_certificate.yml
+  ansible.builtin.import_tasks:
+    file: ssl_certificate.yml
+
+- name: Add user Task
+  ansible.builtin.import_tasks:
+    file: user.yml
+
+- name: Task hosts_file.yml
+  ansible.builtin.import_tasks:
+    file: hosts_file.yml
+
+- name: Tasl resolv_file.yml
+  ansible.builtin.import_tasks:
+    file: resolv_file.yml

roles/linux/tasks/resolv_file.yml

@@ -0,0 +1,26 @@
+######################################################
+# Manage resolv.conf File on Linux
+######################################################
+
+
+- name: Get device context details
+  ansible.builtin.uri:
+    url: "{{ netbox_uri }}extras/config-contexts/?tags=linux"
+    method: GET
+    validate_certs: false
+    headers:
+      Content-Type: application/json
+      Authorization: "{{ netbox_api_token }}"
+    status_code: [200, 201]
+    return_content: true
+  register: results
+  check_mode: false
+
+
+- name: Manage file /etc/resolv.conf
+  template:
+    src: resolv.conf.j2
+    dest: /etc/resolv.conf
+    owner: root
+    group: root
+    mode:  0644

roles/linux/tasks/ssl_certificate.yml

@@ -0,0 +1,21 @@
+######################################################
+# Manage SSL certificate
+######################################################
+
+
+- name: Manage /etc/ssl/certs/2000cn.com.au.pem
+  ansible.builtin.copy:
+    src: 2000cn.com.au.pem
+    dest: /etc/ssl/certs/2000cn.com.au.pem
+    owner: root
+    group: root
+    mode: 0644
+
+
+- name: Manage /etc/ssl/private/2000cn.com.au.pem
+  ansible.builtin.copy:
+    src: 2000cn.com.au.key
+    dest: /etc/ssl/private/2000cn.com.au.pem
+    owner: root
+    group: root
+    mode: 0640

roles/linux/tasks/sudo.yml

@@ -0,0 +1,4 @@
+- name: Install sudo
+  ansible.builtin.apt:
+    name: sudo
+    state: present

roles/linux/tasks/user.yml

@@ -0,0 +1,20 @@
+- name: Add new user
+  ansible.builtin.user:
+    name: schrisp
+    comment: Shane Chrisp
+    group: schrisp
+    shell: /bin/bash
+    state: present
+    password: "$6$IcUijtVI4vWw2wLk$Lm7E3xdotCAvRzbPZvzRsuczeC6H7cE2bdYq9af66ClteEffhoHPta1BBHdxPLfP0W4XVgAq9lq6fLG4E.nhx1"
+
+- name: Add schrisp to sudoers
+  community.general.sudoers:
+    name: schrisp.service
+    nopassword: false
+    commands: "ALL=(ALL) NOPASSWD: ALL"
+
+- name: Set authorized key
+  ansible.posix.authorized_key:
+    user: schrisp
+    state: present
+    key: "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEArRmvmH3We11T46reV5qv+Xoi5KrImmPWUcxKyTLuGsxnqLXEZ7LPdO4Kw+AH2XySf/xZW/cdWzf2Un/9xW7xl92/Gi5KhCtk0fXkHzXGi2CFMSOvekWUdCebcTxPjY/pzJ17FnMifT/n1FZeSQ7SC3+eI10rlG0jgDK3QBom4e/CMOFHkTtkAms+j0CW04h94XKGPdaaVSO1Cm076e+bl2XgWic+boEs0WGbQnt8ldDpmdjD/YGsoZeIhFYcJjTPL5ydtNsytbC3vo797qi1CeKNjkJwWSioHMNJnAOVNmuOu6zf5P2zURTeyH4Axz2KoW33WBOtq8PDPxE//rm50w== crispy@linux-desktop"

roles/linux/templates/hosts.j2

@@ -0,0 +1,11 @@
+# File managed by Netbox / AWX
+127.0.0.1	localhost.localdomain	localhost
+
+# The following lines are desirable for IPv6 capable hosts
+::1     localhost ip6-localhost ip6-loopback
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters
+
+{% for myip in results['json']['results'] if myip.dns_name != "" %}
+{{ myip.address | ansible.utils.ipaddr('address') }} {{ myip.dns_name }} {{ myip.dns_name | split('.') | first }}
+{% endfor %}

roles/linux/templates/resolv.conf.j2

@@ -0,0 +1,5 @@
+# File managed by Netbox / AWX
+search {{ results['json']['results'][0]['data']['dns_search'] }}
+{% for server in results['json']['results'][0]['data']['dns_servers'] %}
+nameserver {{ server }}
+{% endfor %}

roles/linux/templates/sources.list.j2

@@ -0,0 +1,10 @@
+deb https://debian.2000cn.com.au/ {{ ansible_distribution_release }} main non-free contrib
+{% if ansible_facts['distribution'] == "Debian"  and ansible_facts['distribution_major_version'] == "12" %}
+deb http://security.debian.org/debian-security {{ ansible_distribution_release }}-security main contrib non-free non-free-firmware"
+{% endif %}
+{% if ansible_facts['distribution'] == "Debian"  and ansible_facts['distribution_major_version'] == "11" %}
+deb http://security.debian.org/debian-security {{ ansible_distribution_release }}-security main contrib non-free
+{% endif %}
+{% if ansible_facts['distribution'] == "Debian"  and ansible_facts['distribution_major_version'] == "10" %}
+deb http://security.debian.org/debian-security/ {{ ansible_distribution_release }}/updates main contrib non-free
+{% endif %}

roles/snmpd/handlers/main.yml

@@ -0,0 +1,5 @@
+- name: restart_snmpd
+  ansible.builtin.systemd:
+    state: restarted
+    daemon_reload: yes
+    name: snmpd

roles/snmpd/tasks/files/distro.yml

@@ -0,0 +1,7 @@
+- name: Manage /usr/bin/distro
+  ansible.builtin.copy:
+    src: files/distro
+    dest: /usr/bin/distro
+    owner: root
+    group: root
+    mode: 0755

roles/snmpd/tasks/files/osupdate.yml

@@ -0,0 +1,7 @@
+- name: Manage /etc/snmp/osupdate
+  ansible.builtin.copy:
+    src: files/osupdate
+    dest: /etc/snmp/osupdate
+    owner: root
+    group: root
+    mode: 0755

roles/snmpd/tasks/files/snmpd.service.j2

@@ -0,0 +1,13 @@
+[Unit]
+Description=Simple Network Management Protocol (SNMP) Daemon.
+After=network.target
+ConditionPathExists=/etc/snmp/snmpd.conf
+
+[Service]
+Type=simple
+ExecStartPre=/bin/mkdir -p /var/run/agentx
+ExecStart=/usr/sbin/snmpd -LS6d -u Debian-snmp -g Debian-snmp -I -smux,mteTrigger,mteTriggerConf -f -p /run/snmpd.pid
+ExecReload=/bin/kill -HUP $MAINPID
+
+[Install]
+WantedBy=multi-user.target

roles/snmpd/tasks/main.yml

@@ -0,0 +1,40 @@
+- name: Install snmpd
+  ansible.builtin.apt:
+    name: snmpd
+    state: present
+
+- set_fact: tags="{{ results.json.results | map(attribute='tags') | flatten }}"
+
+- name: Manage /usr/bin/distro
+  ansible.builtin.copy:
+    src: distro
+    dest: /usr/bin/distro
+    owner: root
+    group: root
+    mode: 0755
+
+- name: Manage /etc/snmp/osupdate
+  ansible.builtin.copy:
+    src: osupdate
+    dest: /etc/snmp/osupdate
+    owner: root
+    group: root
+    mode: 0755
+
+- name: Manage file /etc/snmp/snmpd.conf
+  template:
+    src: snmpd.conf.j2
+    dest: /etc/snmp/snmpd.conf
+    owner: root
+    group: root
+    mode:  0644
+  notify: restart_snmpd
+
+- name: Manage file /lib/systemd/system/snmpd.service
+  template:
+    src: snmpd.service.j2
+    dest: /lib/systemd/system/snmpd.service
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart_snmpd

roles/snmpd/tasks/templates/snmpd.conf.j2

@@ -0,0 +1,43 @@
+agentAddress udp:161,udp6:[::1]:161
+
+trap2sink 103.51.68.158 2000CNRO
+
+view   systemonly  included   .1.3.6.1.2.1.1
+view   systemonly  included   .1.3.6.1.2.1.25.1
+
+rocommunity public  localhost
+rocommunity 2000CNRO    103.51.68.4
+rocommunity 2000CNRO    103.51.68.9
+rocommunity 2000CNRO    103.51.68.158
+rocommunity 2000CNRO    103.51.68.218
+rocommunity 2000CNRO    103.51.68.219
+rocommunity 2000CNRO    103.51.68.220
+rocommunity 2000CNRO    103.51.68.254
+rocommunity6 2000CNRO   2402:1180:0:1::9
+rocommunity6 2000CNRO   2402:1180:0:1::158
+rocommunity6 2000CNRO   2402:1180:0:1::218
+
+syslocation Unit 8, 19-21 Outram St, West Perth, W.A., Australia [-31.950366,115.838801]
+syscontact Support <support@2000cn.com.au>
+
+sysServices    72
+
+master  agentx
+
+extend distro /usr/bin/distro
+extend osupdate /etc/snmp/osupdate
+
+{% for tag in tags %}
+{% if 'mysql' is in tag['slug'] %}
+extend mysql /etc/snmp/mysql
+{% endif %}
+{% if 'apache' is in tag['slug'] %}
+extend apache /etc/snmp/apache-stats.py
+{% endif %}
+{% endfor %}
+#Hardware Detection (uncomment to enable)
+#extend .1.3.6.1.4.1.2021.7890.2 hardware '/usr/bin/sudo /bin/cat /sys/devices/virtual/dmi/id/product_name'
+#extend .1.3.6.1.4.1.2021.7890.3 manufacturer '/usr/bin/sudo /bin/cat /sys/devices/virtual/dmi/id/sys_vendor'
+#extend .1.3.6.1.4.1.2021.7890.4 serial '/usr/bin/sudo /bin/cat /sys/devices/virtual/dmi/id/product_serial'
+extend .1.3.6.1.4.1.2021.7890.5 latitude '-31.950366'
+extend .1.3.6.1.4.1.2021.7890.6 longitude '115.838801'

roles/snmpd/tasks/templates/snmpd.conf.yml

@@ -0,0 +1,8 @@
+- name: Manage file /etc/snmp/snmpd.conf
+  template:
+    src: files/snmpd.conf.j2
+    dest: /etc/snmp/snmpd.conf
+    owner: root
+    group: root
+    mode:  0644
+  notify: snmpd

roles/zabbix_agent/files/zabbix_agent2.conf.j2

@@ -0,0 +1,511 @@
+# This is a configuration file for Zabbix agent daemon (Unix)
+# To get more information about Zabbix, visit http://www.zabbix.com
+
+############ GENERAL PARAMETERS #################
+
+### Option: PidFile
+#	Name of PID file.
+#
+# Mandatory: no
+# Default:
+# PidFile=/tmp/zabbix_agentd.pid
+
+PidFile=/var/run/zabbix/zabbix_agent2.pid
+
+### Option: LogType
+#	Specifies where log messages are written to:
+#		system  - syslog
+#		file    - file specified with LogFile parameter
+#		console - standard output
+#
+# Mandatory: no
+# Default:
+# LogType=file
+
+### Option: LogFile
+#	Log file name for LogType 'file' parameter.
+#
+# Mandatory: yes, if LogType is set to file, otherwise no
+# Default:
+# LogFile=
+
+LogFile=/var/log/zabbix/zabbix_agent2.log
+
+### Option: LogFileSize
+#	Maximum size of log file in MB.
+#	0 - disable automatic log rotation.
+#
+# Mandatory: no
+# Range: 0-1024
+# Default:
+# LogFileSize=1
+
+LogFileSize=0
+
+### Option: DebugLevel
+#	Specifies debug level:
+#	0 - basic information about starting and stopping of Zabbix processes
+#	1 - critical information
+#	2 - error information
+#	3 - warnings
+#	4 - for debugging (produces lots of information)
+#	5 - extended debugging (produces even more information)
+#
+# Mandatory: no
+# Range: 0-5
+# Default:
+# DebugLevel=3
+
+### Option: SourceIP
+#	Source IP address for outgoing connections.
+#
+# Mandatory: no
+# Default:
+# SourceIP=0.0.0.0
+
+### Option: AllowKey
+#	Allow execution of item keys matching pattern.
+#	Multiple keys matching rules may be defined in combination with DenyKey.
+#	Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments.
+#	Parameters are processed one by one according their appearance order.
+#	If no AllowKey or DenyKey rules defined, all keys are allowed.
+#
+# Mandatory: no
+
+### Option: DenyKey
+#	Deny execution of items keys matching pattern.
+#	Multiple keys matching rules may be defined in combination with AllowKey.
+#	Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments.
+#	Parameters are processed one by one according their appearance order.
+#	If no AllowKey or DenyKey rules defined, all keys are allowed.
+#       Unless another system.run[*] rule is specified DenyKey=system.run[*] is added by default.
+#
+# Mandatory: no
+# Default:
+# DenyKey=system.run[*]
+
+### Option: EnableRemoteCommands - Deprecated, use AllowKey=system.run[*] or DenyKey=system.run[*] instead
+#	Internal alias for AllowKey/DenyKey parameters depending on value:
+#	0 - DenyKey=system.run[*]
+#	1 - AllowKey=system.run[*]
+#
+# Mandatory: no
+
+### Option: LogRemoteCommands
+#	Enable logging of executed shell commands as warnings.
+#	0 - disabled
+#	1 - enabled
+#
+# Mandatory: no
+# Default:
+# LogRemoteCommands=0
+
+##### Passive checks related
+
+### Option: Server
+#	List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of Zabbix servers and Zabbix proxies.
+#	Incoming connections will be accepted only from the hosts listed here.
+#	If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally
+#	and '::/0' will allow any IPv4 or IPv6 address.
+#	'0.0.0.0/0' can be used to allow any IPv4 address.
+#	Example: Server=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com
+#
+# Mandatory: yes, if StartAgents is not explicitly set to 0
+# Default:
+# Server=
+
+Server=127.0.0.1,zabbix.2000cn.com.au
+
+### Option: ListenPort
+#	Agent will listen on this port for connections from the server.
+#
+# Mandatory: no
+# Range: 1024-32767
+# Default:
+ListenPort=10050
+
+### Option: ListenIP
+#	List of comma delimited IP addresses that the agent should listen on.
+#	First IP address is sent to Zabbix server if connecting to it to retrieve list of active checks.
+#
+# Mandatory: no
+# Default:
+#ListenIP=0.0.0.0
+
+### Option: StartAgents
+#	Number of pre-forked instances of zabbix_agentd that process passive checks.
+#	If set to 0, disables passive checks and the agent will not listen on any TCP port.
+#
+# Mandatory: no
+# Range: 0-100
+# Default:
+# StartAgents=3
+
+##### Active checks related
+
+### Option: ServerActive
+#	List of comma delimited IP:port (or DNS name:port) pairs of Zabbix servers and Zabbix proxies for active checks.
+#	If port is not specified, default port is used.
+#	IPv6 addresses must be enclosed in square brackets if port for that host is specified.
+#	If port is not specified, square brackets for IPv6 addresses are optional.
+#	If this parameter is not specified, active checks are disabled.
+#	Example: ServerActive=127.0.0.1:20051,zabbix.domain,[::1]:30051,::1,[12fc::1]
+#
+# Mandatory: no
+# Default:
+# ServerActive=
+
+ServerActive=zabbix.2000cn.com.au
+
+### Option: Hostname
+#	Unique, case sensitive hostname.
+#	Required for active checks and must match hostname as configured on the server.
+#	Value is acquired from HostnameItem if undefined.
+#
+# Mandatory: no
+# Default:
+# Hostname=
+
+### Option: HostnameItem
+#	Item used for generating Hostname if it is undefined. Ignored if Hostname is defined.
+#	Does not support UserParameters or aliases.
+#
+# Mandatory: no
+# Default:
+HostnameItem=system.run[hostname -f]
+
+### Option: HostMetadata
+#	Optional parameter that defines host metadata.
+#	Host metadata is used at host auto-registration process.
+#	An agent will issue an error and not start if the value is over limit of 255 characters.
+#	If not defined, value will be acquired from HostMetadataItem.
+#
+# Mandatory: no
+# Range: 0-255 characters
+# Default:
+# HostMetadata=
+
+### Option: HostMetadataItem
+#	Optional parameter that defines an item used for getting host metadata.
+#	Host metadata is used at host auto-registration process.
+#	During an auto-registration request an agent will log a warning message if
+#	the value returned by specified item is over limit of 255 characters.
+#	This option is only used when HostMetadata is not defined.
+#
+# Mandatory: no
+# Default:
+# HostMetadataItem=
+HostMetadataItem=system.uname
+
+
+### Option: HostInterface
+#	Optional parameter that defines host interface.
+#	Host interface is used at host auto-registration process.
+#	An agent will issue an error and not start if the value is over limit of 255 characters.
+#	If not defined, value will be acquired from HostInterfaceItem.
+#
+# Mandatory: no
+# Range: 0-255 characters
+# Default:
+# HostInterface=
+
+### Option: HostInterfaceItem
+#	Optional parameter that defines an item used for getting host interface.
+#	Host interface is used at host auto-registration process.
+#	During an auto-registration request an agent will log a warning message if
+#	the value returned by specified item is over limit of 255 characters.
+#	This option is only used when HostInterface is not defined.
+#
+# Mandatory: no
+# Default:
+# HostInterfaceItem=
+
+### Option: RefreshActiveChecks
+#	How often list of active checks is refreshed, in seconds.
+#
+# Mandatory: no
+# Range: 60-3600
+# Default:
+# RefreshActiveChecks=120
+
+### Option: BufferSend
+#	Do not keep data longer than N seconds in buffer.
+#
+# Mandatory: no
+# Range: 1-3600
+# Default:
+# BufferSend=5
+
+### Option: BufferSize
+#	Maximum number of values in a memory buffer. The agent will send
+#	all collected data to Zabbix Server or Proxy if the buffer is full.
+#
+# Mandatory: no
+# Range: 2-65535
+# Default:
+# BufferSize=100
+
+### Option: MaxLinesPerSecond
+#	Maximum number of new lines the agent will send per second to Zabbix Server
+#	or Proxy processing 'log' and 'logrt' active checks.
+#	The provided value will be overridden by the parameter 'maxlines',
+#	provided in 'log' or 'logrt' item keys.
+#
+# Mandatory: no
+# Range: 1-1000
+# Default:
+# MaxLinesPerSecond=20
+
+############ ADVANCED PARAMETERS #################
+
+### Option: Alias
+#	Sets an alias for an item key. It can be used to substitute long and complex item key with a smaller and simpler one.
+#	Multiple Alias parameters may be present. Multiple parameters with the same Alias key are not allowed.
+#	Different Alias keys may reference the same item key.
+#	For example, to retrieve the ID of user 'zabbix':
+#	Alias=zabbix.userid:vfs.file.regexp[/etc/passwd,^zabbix:.:([0-9]+),,,,\1]
+#	Now shorthand key zabbix.userid may be used to retrieve data.
+#	Aliases can be used in HostMetadataItem but not in HostnameItem parameters.
+#
+# Mandatory: no
+# Range:
+# Default:
+
+### Option: Timeout
+#	Spend no more than Timeout seconds on processing
+#
+# Mandatory: no
+# Range: 1-30
+# Default:
+# Timeout=3
+
+### Option: AllowRoot
+#	Allow the agent to run as 'root'. If disabled and the agent is started by 'root', the agent
+#	will try to switch to the user specified by the User configuration option instead.
+#	Has no effect if started under a regular user.
+#	0 - do not allow
+#	1 - allow
+#
+# Mandatory: no
+# Default:
+# AllowRoot=0
+
+### Option: User
+#	Drop privileges to a specific, existing user on the system.
+#	Only has effect if run as 'root' and AllowRoot is disabled.
+#
+# Mandatory: no
+# Default:
+# User=zabbix
+
+### Option: Include
+#	You may include individual files or all files in a directory in the configuration file.
+#	Installing Zabbix will create include directory in /etc/zabbix, unless modified during the compile time.
+#
+# Mandatory: no
+# Default:
+# Include=
+
+# Include=/etc/zabbix/zabbix_agentd.userparams.conf
+# Include=/etc/zabbix/zabbix_agentd.conf.d/
+Include=/etc/zabbix/zabbix_agentd.conf.d/*.conf
+
+####### USER-DEFINED MONITORED PARAMETERS #######
+
+### Option: UnsafeUserParameters
+#	Allow all characters to be passed in arguments to user-defined parameters.
+#	The following characters are not allowed:
+#	\ ' " ` * ? [ ] { } ~ $ ! & ; ( ) < > | # @
+#	Additionally, newline characters are not allowed.
+#	0 - do not allow
+#	1 - allow
+#
+# Mandatory: no
+# Range: 0-1
+# Default:
+# UnsafeUserParameters=0
+
+### Option: UserParameter
+#	User-defined parameter to monitor. There can be several user-defined parameters.
+#	Format: UserParameter=<key>,<shell command>
+#	See 'zabbix_agentd' directory for examples.
+#
+# Mandatory: no
+# Default:
+# UserParameter=
+
+####### LOADABLE MODULES #######
+
+### Option: LoadModulePath
+#	Full path to location of agent modules.
+#	Default depends on compilation options.
+#	To see the default path run command "zabbix_agentd --help".
+#
+# Mandatory: no
+# Default:
+# LoadModulePath=${libdir}/modules
+
+### Option: LoadModule
+#	Module to load at agent startup. Modules are used to extend functionality of the agent.
+#	Formats:
+#		LoadModule=<module.so>
+#		LoadModule=<path/module.so>
+#		LoadModule=</abs_path/module.so>
+#	Either the module must be located in directory specified by LoadModulePath or the path must precede the module name.
+#	If the preceding path is absolute (starts with '/') then LoadModulePath is ignored.
+#	It is allowed to include multiple LoadModule parameters.
+#
+# Mandatory: no
+# Default:
+# LoadModule=
+
+####### TLS-RELATED PARAMETERS #######
+
+### Option: TLSConnect
+#	How the agent should connect to server or proxy. Used for active checks.
+#	Only one value can be specified:
+#		unencrypted - connect without encryption
+#		psk         - connect using TLS and a pre-shared key
+#		cert        - connect using TLS and a certificate
+#
+# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
+# Default:
+# TLSConnect=unencrypted
+TLSConnect=psk
+
+### Option: TLSAccept
+#	What incoming connections to accept.
+#	Multiple values can be specified, separated by comma:
+#		unencrypted - accept connections without encryption
+#		psk         - accept connections secured with TLS and a pre-shared key
+#		cert        - accept connections secured with TLS and a certificate
+#
+# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
+# Default:
+# TLSAccept=unencrypted
+TLSAccept=psk
+
+### Option: TLSCAFile
+#	Full pathname of a file containing the top-level CA(s) certificates for
+#	peer certificate verification.
+#
+# Mandatory: no
+# Default:
+# TLSCAFile=
+
+### Option: TLSCRLFile
+#	Full pathname of a file containing revoked certificates.
+#
+# Mandatory: no
+# Default:
+# TLSCRLFile=
+
+### Option: TLSServerCertIssuer
+#		Allowed server certificate issuer.
+#
+# Mandatory: no
+# Default:
+# TLSServerCertIssuer=
+
+### Option: TLSServerCertSubject
+#		Allowed server certificate subject.
+#
+# Mandatory: no
+# Default:
+# TLSServerCertSubject=
+
+### Option: TLSCertFile
+#	Full pathname of a file containing the agent certificate or certificate chain.
+#
+# Mandatory: no
+# Default:
+# TLSCertFile=
+
+### Option: TLSKeyFile
+#	Full pathname of a file containing the agent private key.
+#
+# Mandatory: no
+# Default:
+# TLSKeyFile=
+
+### Option: TLSPSKIdentity
+#	Unique, case sensitive string used to identify the pre-shared key.
+#
+# Mandatory: no
+# Default:
+# TLSPSKIdentity=
+TLSPSKIdentity=PSK001
+
+### Option: TLSPSKFile
+#	Full pathname of a file containing the pre-shared key.
+#
+# Mandatory: no
+# Default:
+# TLSPSKFile=
+TLSPSKFile=/etc/zabbix/zabbix_agent2.psk
+
+####### For advanced users - TLS ciphersuite selection criteria #######
+
+### Option: TLSCipherCert13
+#	Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+#	Override the default ciphersuite selection criteria for certificate-based encryption.
+#
+# Mandatory: no
+# Default:
+# TLSCipherCert13=
+
+### Option: TLSCipherCert
+#	GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
+#	Override the default ciphersuite selection criteria for certificate-based encryption.
+#	Example for GnuTLS:
+#		NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
+#	Example for OpenSSL:
+#		EECDH+aRSA+AES128:RSA+aRSA+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherCert=
+
+### Option: TLSCipherPSK13
+#	Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+#	Override the default ciphersuite selection criteria for PSK-based encryption.
+#	Example:
+#		TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
+#
+# Mandatory: no
+# Default:
+# TLSCipherPSK13=
+
+### Option: TLSCipherPSK
+#	GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
+#	Override the default ciphersuite selection criteria for PSK-based encryption.
+#	Example for GnuTLS:
+#		NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL
+#	Example for OpenSSL:
+#		kECDHEPSK+AES128:kPSK+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherPSK=
+
+### Option: TLSCipherAll13
+#	Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+#	Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
+#	Example:
+#		TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
+#
+# Mandatory: no
+# Default:
+# TLSCipherAll13=
+
+### Option: TLSCipherAll
+#	GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
+#	Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
+#	Example for GnuTLS:
+#		NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
+#	Example for OpenSSL:
+#		EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherAll=

roles/zabbix_agent/files/zabbix_agent2.psk

@@ -0,0 +1 @@
+28fed00bed1404d30351471e108d60f0f20e52ee151beeb5a5f39cdcd46b911e

roles/zabbix_agent/handlers/main.yml

@@ -0,0 +1,5 @@
+- name: restart_zabbix
+  ansible.builtin.systemd:
+    state: restarted
+    daemon_reload: yes
+    name: zabbix-agent2

roles/zabbix_agent/tasks/main.yml

@@ -0,0 +1,67 @@
+- name: Download Zabbix2 for debian
+  ansible.builtin.apt:
+    deb: https://repo.zabbix.com/zabbix/6.4/debian/pool/main/z/zabbix-release/zabbix-release_6.4-1+debian{{ ansible_distribution_major_version }}_all.deb
+  when: ansible_facts['distribution'] == "Debian"
+
+- name: Download Zabbix2 for Ubuntu
+  ansible.builtin.apt:
+    deb: https://repo.zabbix.com/zabbix/6.4/ubuntu/pool/main/z/zabbix-release/zabbix-release_6.4-1+ubuntu{{ ansible_distribution_version }}_all.deb
+  when: ansible_facts['distribution'] == "Ubuntu"
+
+- name: Run an apt update
+  ansible.builtin.apt:
+    update_cache: yes
+  changed_when: false
+
+- name: Remove Zabbix-Agent package
+  ansible.builtin.apt:
+    name: zabbix-agent
+    state: absent
+
+- name: Install Zabbix-Agent2 package
+  ansible.builtin.apt:
+    name: zabbix-agent2
+    state: present
+
+- name: Install Zabbix-Agent2-plugin-mongodb package
+  ansible.builtin.apt:
+    name: zabbix-agent2-plugin-mongodb
+    state: present
+
+- name: Install Zabbix-Agent2-plugin-postgresql package
+  ansible.builtin.apt:
+    name: zabbix-agent2-plugin-postgresql
+    state: present
+
+- name: Enable service httpd and ensure it is not masked
+  ansible.builtin.systemd_service:
+    name: zabbix-agent2
+    enabled: true
+    masked: no
+
+- name: Manage file /etc/zabbix/zabbix_agent2.conf
+  copy:
+    src: zabbix_agent2.conf.j2
+    dest: /etc/zabbix/zabbix_agent2.conf
+    owner: zabbix
+    group: zabbix
+    mode: 0644
+  notify: restart_zabbix
+
+- name: Manage file /etc/zabbix/zabbix_agentd.psk
+  copy:
+    src: zabbix_agent2.psk
+    dest: /etc/zabbix/zabbix_agent2.psk
+    owner: zabbix
+    group: zabbix
+    mode: 0644
+  notify: restart_zabbix
+
+- name: Create zabbix_agentd.conf.d directory if it does not exist
+  ansible.builtin.file:
+    path: /etc/zabbix/zabbix_agentd.conf.d/
+    state: directory
+    owner: zabbix
+    group: zabbix
+    mode: 0755
+  notify: restart_zabbix

services.yml

@@ -0,0 +1,16 @@
+---
+- name: Ensure services are running.
+  hosts: linux
+  gather_facts: false
+
+  tasks:
+
+  - name: Start service snmpd, if not started
+    ansible.builtin.service:
+      name: snmpd
+      state: started
+
+  - name: Start service rsyslog, if not started
+    ansible.builtin.service:
+      name: rsyslog
+      state: started

tasks/actions/add_to_librenms.yml

@@ -0,0 +1,14 @@
+- name: Add host to LibreNMS
+  uri:
+    url: "{{ librenms_uri }}{{ librenms_url }}"
+    method: POST
+    validate_certs: false
+    headers:
+      X-Auth-Token: "{{ librenms_api_token }}"
+    body_format: "json"
+    body:
+      hostname: "{{ device }}"
+      ip: "{{ results['json']['results'][0]['address'] | ansible.utils.ipaddr('address') }}"
+      display: "{{ device }}"
+
+#      hostname: "{{ results['json']['results'][0]['primary_ip']['address'] | ansible.utils.ipaddr('address') }}"

tasks/actions/check_in_librenms.yml

@@ -0,0 +1,22 @@
+- name: Check if host is registered in LibreNMS
+  uri:
+    url: "{{ librenms_uri }}{{ librenms_url }}/{{ device }}"
+    method: GET
+    validate_certs: false
+    headers:
+      X-Auth-Token: "{{ librenms_api_token }}"
+    body_format: json
+    status_code: 200, 201, 404
+  register: librenms
+
+#- name: Debug api results
+#  debug:
+#    msg: "{{ librenms.json }}"
+
+#- name: Debug
+#  debug: 
+#    msg:  "{{ results['json']['results'][0]['address'] | ansible.utils.ipaddr('address') }}"
+
+- name: Add if not in LibreNMS
+  ansible.builtin.include_tasks: tasks/actions/add_to_librenms.yml
+  when: "'error' in librenms.json.status"

tasks/file_managment/ssl_certificate.yml

@@ -0,0 +1,15 @@
+- name: Manage /etc/ssl/certs/2000cn.com.au.pem
+  ansible.builtin.copy:
+    src: files/2000cn.com.au.pem
+    dest: /etc/ssl/certs/2000cn.com.au.pem
+    owner: root
+    group: root
+    mode: 0644
+
+- name: Manage /etc/ssl/private/2000cn.com.au.pem
+  ansible.builtin.copy:
+    src: files/2000cn.com.au.key
+    dest: /etc/ssl/private/2000cn.com.au.pem
+    owner: root
+    group: root
+    mode: 0640

tasks/file_managment/zabbix.conf.yml

@@ -0,0 +1,31 @@
+- name: Manage file /etc/zabbix/zabbix_agent2.conf
+  template:
+    src: files/zabbix_agent2.conf.j2
+    dest: /etc/zabbix/zabbix_agent2.conf
+    owner: zabbix
+    group: zabbix
+    mode:  0644
+  notify: zabbix
+
+
+- name: Manage file /etc/zabbix/zabbix_agentd.psk
+  template:
+    src: files/zabbix_agent2.psk
+    dest: /etc/zabbix/zabbix_agent2.psk
+    owner: zabbix
+    group: zabbix
+    mode:  0644
+  notify: zabbix
+
+- name: Create zabbix_agentd.conf.d directory if it does not exist
+  ansible.builtin.file:
+    path: /etc/zabbix/zabbix_agentd.conf.d/
+    state: directory
+    owner: zabbix
+    group: zabbix
+    mode: '0755'
+  notify: zabbix
+
+  handlers:
+    - name: Import handlers
+    - import_tasks: handlers/zabbix.yml

vars/external_vars.yml

@@ -0,0 +1,13 @@
+---
+# LibreNMS Settings
+librenms_uri: https://librenms.2000cn.com.au/api/v0
+librenms_api_token: 07b06c1d2f1be50513287e8a8bb29cb7
+
+# Netbox Settings
+netbox_uri: https://netbox.2000cn.com.au/api/
+netbox_api_token: Token cbf5a5c36da54db3c413d0a6d1ff1da7ef0909d7
+
+
+# Zabbix Settings
+zabbiix_uri: https://zabbix.2000cn.com.au/zabbix/api_jsonrpc.php
+zabbix_api_token: ec05e15fd06f1f9e1bc6e26526ea71c69bea4e210424514b026ebd939ef9e280