From 705a375617431e6dce2735245e99ff18f74bdeab Mon Sep 17 00:00:00 2001
From: rene <rene@endor.universe.local>
Date: Mon, 14 Mar 2022 15:56:50 +0100
Subject: [PATCH] configure snmp

---
 os_vars/debian.yml                              |  1 +
 os_vars/ubuntu.yml                              |  1 +
 roles/server/files/sudoers                      |  1 +
 roles/server/tasks/utilities/snmpd.yml          | 10 ++++++++++
 roles/webserver/tasks/configure_nginx_snmpd.yml |  2 +-
 5 files changed, 14 insertions(+), 1 deletion(-)
 create mode 100644 roles/server/files/sudoers

diff --git a/os_vars/debian.yml b/os_vars/debian.yml
index e69de29..28ad247 100644
--- a/os_vars/debian.yml
+++ b/os_vars/debian.yml
@@ -0,0 +1 @@
+snmp-user: Debian-snmp
\ No newline at end of file
diff --git a/os_vars/ubuntu.yml b/os_vars/ubuntu.yml
index e69de29..28ad247 100644
--- a/os_vars/ubuntu.yml
+++ b/os_vars/ubuntu.yml
@@ -0,0 +1 @@
+snmp-user: Debian-snmp
\ No newline at end of file
diff --git a/roles/server/files/sudoers b/roles/server/files/sudoers
new file mode 100644
index 0000000..167d8ee
--- /dev/null
+++ b/roles/server/files/sudoers
@@ -0,0 +1 @@
+Debian-snmp ALL = NOPASSWD: /etc/snmp/bind, /etc/snmp/fail2ban, /etc/snmp/docker-stats.sh, /etc/snmp/mailcow-dockerized-postfix
\ No newline at end of file
diff --git a/roles/server/tasks/utilities/snmpd.yml b/roles/server/tasks/utilities/snmpd.yml
index ebee169..ab0c00a 100644
--- a/roles/server/tasks/utilities/snmpd.yml
+++ b/roles/server/tasks/utilities/snmpd.yml
@@ -5,6 +5,16 @@
     name: "{{ snmpd_package }}"
     state: present
 
+- name: server | snmpd | install sudoers file
+  copy:
+    dest: "/etc/sudoers.d/10-debian-snmp"
+    src: "sudoers"
+    owner: "root"
+    group: "root"
+    mode: "0660"
+    validate: visudo -cf %s
+  when: ansible_distribution in ["Debian", "Ubuntu"]
+
 - name: server | snmpd | insert anchors to snmpd.conf
   blockinfile:
     path: "/etc/snmp/snmpd.conf"
diff --git a/roles/webserver/tasks/configure_nginx_snmpd.yml b/roles/webserver/tasks/configure_nginx_snmpd.yml
index a696e57..139c6a3 100644
--- a/roles/webserver/tasks/configure_nginx_snmpd.yml
+++ b/roles/webserver/tasks/configure_nginx_snmpd.yml
@@ -10,6 +10,6 @@
   lineinfile:
     path: "/etc/snmp/snmpd.conf"
     state: present
-    line: "extend bind /etc/snmp/nginx"
+    line: "extend nginx /etc/snmp/nginx"
     insertafter: "# SECTION: custom settings"
   notify: restart_snmpd
\ No newline at end of file