#  Ansible managed - DO NOT EDIT MANUALLY !
allowed_hosts={{ nrpe_allowed_hosts }}
dont_blame_nrpe=1

# base
command[check_load]=/usr/lib/nagios/plugins/check_load -w {{ nrpe_load_warning }} -c {{ nrpe_load_critical }}
command[check_memory]=/usr/lib/nagios/plugins/check_memory -w {{ nrpe_memory_warning }} -c {{ nrpe_memory_critical }} -W {{ nrpe_swap_warning }} -C {{ nrpe_swap_critical }}
command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w {{ nrpe_check_zombie_procs_warning }} -c {{ nrpe_check_zombie_procs_critical }} -s Z
command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w {{ nrpe_check_total_procs_warning }} -c {{ nrpe_check_total_procs_critical }}
command[check_dns]=/usr/lib/nagios/plugins/check_dns -H google.com
{% if nrpe_ssl_host is defined %}
command[check_ssl]=/usr/lib/nagios/plugins/check_http --sni '{{ nrpe_ssl_host }}' -C 14,3
{% endif %}
command[check_bandwidth]=/usr/lib/nagios/plugins/check_eth -i {{ ansible_default_ipv4.interface }} -w {{ nrpe_bandwidth_warning }} -c {{ nrpe_bandwidth_critical }}
command[check_systemd_fail2ban]=/usr/lib/nagios/plugins/check_systemd_service fail2ban
{% if nrpe_proc_age_process is defined or nrpe_proc_age_warning is defined or nrpe_proc_age_critical is defined %}
{% for process in nrpe_proc_age_process | default([]) %}
command[check_proc_age_{{ process }}]=/usr/lib/nagios/plugins/check_proc_age -p {{ process }} -w {{ nrpe_proc_age_warning }} -c {{ nrpe_proc_age_critical }}
{% endfor %}
{% endif %}
command[check_systemd_failed]=/usr/lib/nagios/plugins/check_systemd_failed
command[check_needrestart]=/usr/lib/nagios/plugins/check_needrestart

# disk
#   -w <%>: Warning threshold for block usage.
#   -c <%>: Critical threshold for block usage.
#   -W <%>: Warning threshold for inode usage.
#   -C <%>: Critical threshold for inode usage.
#   -e <mount>: Exclude a mount point by exact match (e.g., -e /tmp).
#   -E <regex>: Exclude mount points matching a regex pattern (e.g., -E '/run/user/.*').
#   -x <type>:  Exclude a filesystem type (e.g., -x tmpfs).
command[check_disk_usage]=/usr/lib/nagios/plugins/check_disk_usage -w {{ nrpe_disk_usage_warning }} -c {{ nrpe_disk_usage_critical }} -W {{ nrpe_disk_inode_warning }} -C {{ nrpe_disk_inode_critical }} -e /run -e /dev -e /dev/shm -e /sys -e /proc -e /sys/kernel/debug/tracing -x tmpfs -x overlay -x fuse -x proc -x devtmpfs
command[check_rw_root]=/usr/lib/nagios/plugins/check_rofs /

{% if nrpe_mysql is defined %}
# mysql
command[check_mysql]=/usr/lib/nagios/plugins/check_mysql -u {{ nrpe_mysql_user }} -p{{ nrpe_mysql_password }} -H {{ nrpe_mysql_host }} -d mysql
command[check_mysql_longqueries]=/usr/lib/nagios/plugins/check_mysql_longqueries -u {{ nrpe_mysql_user }} -p {{ nrpe_mysql_password }} -H {{ nrpe_mysql_host }} -w {{ nrpe_mysql_longqueries_warning }} -c {{ nrpe_mysql_longqueries_critical }}
{% endif %}

{% if nrpe_postgresql is defined %}
# postgresql
command[check_pgsql_port]=/usr/lib/nagios/plugins/check_tcp -p {{ nrpe_postgresql_port }} -H {{ nrpe_postgresql_host }}
command[check_systemd_postgresql]=/usr/lib/nagios/plugins/check_systemd_service postgresql
command[check_pgsql_connection]=/usr/lib/nagios/plugins/check_postgresql -H {{ nrpe_postgresql_host }}  -p {{ nrpe_postgresql_port }} --dbuser={{ nrpe_postgresql_user }} --dbpass={{ nrpe_postgresql_password }} --action=connection
command[check_pgsql_backends]=/usr/lib/nagios/plugins/check_postgresql -H {{ nrpe_postgresql_host }}  -p {{ nrpe_postgresql_port }} --dbuser={{ nrpe_postgresql_user }} --dbpass={{ nrpe_postgresql_password }} --action=backends -w {{ nrpe_postgresql_backend_warning }} -c {{ nrpe_postgresql_backend_critical }}
{% endif %}

{% if nrpe_smtp_host is defined or nrpe_mail_service is defined %}
# mail
command[check_smtp]=/usr/lib/nagios/plugins/check_tcp -p 25 -H {{ nrpe_smtp_host }}
{% if nrpe_mail_service == 'postfix' %}
command[check_mailq]=/usr/bin/sudo /usr/lib/nagios/plugins/check_postfix_mailqueue -w {{ nrpe_mailq_warning }} -c {{ nrpe_mailq_critical }}
{% elif nrpe_mail_service == 'exim' %}
command[check_mailq]=/usr/bin/sudo /usr/lib/nagios/plugins/check_exim_mailqueue -w {{ nrpe_mailq_warning }} -c {{ nrpe_mailq_critical }}
{% endif %}
{% endif %}

{% if nrpe_raid_soft is defined or nrpe_raid_3ware is defined or nrpe_raid is defined %}
# raid
{% if nrpe_raid_soft is defined %}
command[check_mdadm]=/usr/lib/nagios/plugins/check_mdadm
{% endif %}
{% if nrpe_raid_3ware is defined %}
command[check_3ware]=/usr/bin/sudo /usr/lib/nagios/plugins/check_3ware
{% endif %}
{% if nrpe_raid is defined %}
command[check_3ware]=/usr/bin/sudo /usr/lib/nagios/plugins/check_raid
{% endif %}
{% endif %}

{% if nrpe_docker_container is defined %}
# docker containers
{% for container in nrpe_docker_container %}
command[check_docker_{{ container }}]=/usr/lib/nagios/plugins/check_docker --containers {{ container }}.* --status running --restarts 2:5 --present
{% endfor %}
{% endif %}

{% if nrpe_service is defined %}
# systemd service
{% for service in nrpe_service %}
command[check_systemd_{{ service }}]=/usr/lib/nagios/plugins/check_systemd_service {{ service }}
{% endfor %}
{% endif %}

{% if nrpe_kubernetes is defined or nrpe_kubernetes_controlplane is defined %}
# kubernetes
## nodes
command[check_systemd_kubelet]=/usr/lib/nagios/plugins/check_systemd_service kubelet
command[check_systemd_etcd]=/usr/lib/nagios/plugins/check_systemd_service etcd
command[check_systemd_containerd]=/usr/lib/nagios/plugins/check_systemd_service containerd
{% if nrpe_kubernetes_controlplane is defined %}
## manager / control plane
command[check_k8s_health]=/usr/lib/nagios/plugins/check_http -I {{ ansible_default_ipv4.address }} -p 6443 -S -u /healthz --continue-after-certificate -r ok -w 1 -c 2
command[check_cilium_health]=/usr/bin/sudo /usr/lib/nagios/plugins/check_cilium_health
command[check_coredns_health]=/usr/bin/sudo /usr/lib/nagios/plugins/check_coredns_health
command[check_etcd_health]=/usr/bin/sudo /usr/lib/nagios/plugins/check_etcd_health --endpoints "https://{{ ansible_default_ipv4.address }}:2379" --cacert /etc/ssl/etcd/ssl/ca.pem --cert /etc/ssl/etcd/ssl/node-{{ nrpe_kubernetes_controlplane_nodename }}.pem --key /etc/ssl/etcd/ssl/node-{{ nrpe_kubernetes_controlplane_nodename }}-key.pem
command[check_k8s_apiserver_access]=/usr/bin/sudo /usr/lib/nagios/plugins/check_k8s_apiserver_access
command[check_k8s_deployments]=/usr/bin/sudo /usr/lib/nagios/plugins/check_k8s_deployments
command[check_k8s_jobs_cronjobs]=/usr/bin/sudo /usr/lib/nagios/plugins/check_k8s_jobs_cronjobs
command[check_k8s_pki_certs]=/usr/bin/sudo /usr/lib/nagios/plugins/check_k8s_pki_certs
command[check_k8s_pv_pvc]=/usr/bin/sudo /usr/lib/nagios/plugins/check_k8s_pv_pvc
command[check_k8s_replicasets]=/usr/bin/sudo /usr/lib/nagios/plugins/check_k8s_replicasets
command[check_k8s_pod_restarts]=/usr/bin/sudo /usr/lib/nagios/plugins/check_k8s_pod_restarts
{% endif %}
{% endif %}