transfer from github

2024-12-28 20:10:53 +01:00 · 2024-12-28 20:10:53 +01:00 · 7a9c910c23
commit 7a9c910c23
parent 68d2ae4a66
47 changed files with 706 additions and 0 deletions
--- a/ansible/debian-graylog-example/README.md
+++ b/ansible/debian-graylog-example/README.md
@ -0,0 +1,9 @@
+# debian-graylog-example
+
+## English
+
+🇺🇸 [Ansible Role to onboard Debian Linux in Graylog Open](https://www.thierolf.org/posts/ansible-role-to-onboard-debian-linux-in-graylog-open/)
+
+## Deutsch
+
+🇩🇪 [Ansible Role für das Onboarding von Debian Linux in Graylog Open](https://www.thierolf.org/posts/ansible-role-fuer-das-onboarding-von-debian-linux-in-graylog-open/)
--- a/ansible/debian-graylog-example/inventory/group_vars/debian_linux.yaml
+++ b/ansible/debian-graylog-example/inventory/group_vars/debian_linux.yaml
@ -0,0 +1,8 @@
+---
+# Group_vars for Debian Linux
+# ===========================
+ansible_ssh_common_args: "-o StrictHostKeyChecking=no"
+ansible_user: "[ANSIBLE_USERNAME]"
+ansible_password: "[ANSIBLE_PASSWORD]"
+ansible_become_password: "[ANSIBLE_PASSWORD]"
+ansible_become: true
--- a/ansible/debian-graylog-example/inventory/host_vars/debian-test.example.com.yaml
+++ b/ansible/debian-graylog-example/inventory/host_vars/debian-test.example.com.yaml
@ -0,0 +1,11 @@
+---
+# Ansible-specific
+# ================
+ansible_host: n.n.n.n
+hostname: debian-test
+domainname: example.com
+fqdn: "{{ hostname }}.{{ domainname }}"
+
+# Graylog-Node-ID
+# ===============
+graylog_node_id: nnnnnnnn-nnnn-nnnn-nnnn-nnnnnnnnnnnn
--- a/ansible/debian-graylog-example/inventory/inventory.yaml
+++ b/ansible/debian-graylog-example/inventory/inventory.yaml
@ -0,0 +1,9 @@
+---
+#
+# Inventory
+#
+all:
+  children:
+    debian_linux:
+      hosts:
+        debian-test.example.com:
--- a/ansible/debian-graylog-example/playbooks/deploy_debian_test,yaml
+++ b/ansible/debian-graylog-example/playbooks/deploy_debian_test,yaml
@ -0,0 +1,7 @@
+---
+# Playbook
+# ========
+- hosts: debian_linux
+  gather_facts: true
+  roles:
+    - server/debian/graylog
--- a/ansible/debian-graylog-example/roles/files/graylog-sidecar-repository_1-5_all.deb
+++ b/ansible/debian-graylog-example/roles/files/graylog-sidecar-repository_1-5_all.deb
@ -0,0 +1,2 @@
+!! DUMMY FILE !!
+See: https://github.com/Graylog2/collector-sidecar/releases
--- a/ansible/debian-graylog-example/roles/handlers/main.yaml
+++ b/ansible/debian-graylog-example/roles/handlers/main.yaml
@ -0,0 +1,7 @@
+# Handlers
+# ========
+- name: "Restart: graylog-sidecar"
+  ansible.builtin.systemd_service:
+    name: graylog-sidecar
+    enabled: true
+    state: restarted
--- a/ansible/debian-graylog-example/roles/tasks/main.yaml
+++ b/ansible/debian-graylog-example/roles/tasks/main.yaml
@ -0,0 +1,10 @@
+---
+# Tasks
+# =====
+- name: "Block"
+  ansible.builtin.include_tasks: "{{ tasks }}"
+  loop:
+    - task_01_install_graylog.yaml
+    - task_02_configure_graylog.yaml
+  loop_control:
+    loop_var: tasks
--- a/ansible/debian-graylog-example/roles/tasks/task_01_install_graylog.yaml
+++ b/ansible/debian-graylog-example/roles/tasks/task_01_install_graylog.yaml
@ -0,0 +1,41 @@
+---
+# task_01_install_graylog
+# =======================
+- name: "Block"
+  notify: "Restart: graylog-sidecar"
+  when: ansible_os_family == "Debian"
+  block:
+
+    - name: "Assert vars: graylog-sidecar"
+      ansible.builtin.assert:
+        that:
+          - graylog_server_url is defined
+          - graylog_server_api_token is defined
+          - graylog_update_interval is defined
+          - graylog_tls_skip_verify is defined
+          - graylog_node_id is defined
+          - graylog_log_rotate_max_file_size is defined
+          - graylog_log_rotate_keep_files is defined
+          - graylog_collector_validation_timeout is defined
+
+    - name: "Create /tmp directory"
+      ansible.builtin.file:
+        path: /tmp
+        state: directory
+
+    - name: "Copy: graylog-sidecar-repository_1-5_all.deb"
+      ansible.builtin.copy:
+        src: graylog-sidecar-repository_1-5_all.deb
+        dest: /tmp/graylog-sidecar-repository_1-5_all.deb
+
+    - name: "Make package available: graylog-sidecar"
+      ansible.builtin.apt:
+        deb: /tmp/graylog-sidecar-repository_1-5_all.deb
+
+    - name: "Apt Update"
+      ansible.builtin.apt:
+        update_cache: yes
+
+    - name: "Install: graylog-sidecar"
+      ansible.builtin.apt:
+        name: graylog-sidecar
--- a/ansible/debian-graylog-example/roles/tasks/task_02_configure_graylog.yaml
+++ b/ansible/debian-graylog-example/roles/tasks/task_02_configure_graylog.yaml
@ -0,0 +1,31 @@
+---
+# task_02_configure_graylog
+# =========================
+- name: "Block"
+  notify: "Restart: graylog-sidecar"
+  when: ansible_os_family == "Debian"
+  block:
+
+    - name: "Assert vars: graylog-sidecar"
+      ansible.builtin.assert:
+        that:
+          - graylog_server_url is defined
+          - graylog_server_api_token is defined
+          - graylog_update_interval is defined
+          - graylog_tls_skip_verify is defined
+          - graylog_node_id is defined
+          - graylog_log_rotate_max_file_size is defined
+          - graylog_log_rotate_keep_files is defined
+          - graylog_collector_validation_timeout is defined
+
+    - name: "Deploy config: sidecar.yaml.j2"
+      ansible.builtin.template:
+        src: sidecar.yaml.j2
+        dest: /etc/graylog/sidecar/sidecar.yml
+        backup: true
+
+    - name: "Deploy config: node-id.j2"
+      ansible.builtin.template:
+        src: node-id.j2
+        dest: /etc/graylog/sidecar/node-id
+        backup: false
--- a/ansible/debian-graylog-example/roles/templates/node-id.j2
+++ b/ansible/debian-graylog-example/roles/templates/node-id.j2
@ -0,0 +1 @@
+{{ graylog_node_id }}
--- a/ansible/debian-graylog-example/roles/templates/sidecar.yaml.j2
+++ b/ansible/debian-graylog-example/roles/templates/sidecar.yaml.j2
@ -0,0 +1,29 @@
+#
+# !! This configuration file is managed by Ansible !!
+# !! DO NOT change local file. Change Ansible role !!
+#
+server_url: "{{ graylog_server_url }}"
+server_api_token: "{{ graylog_server_api_token }}"
+
+node_id: "file:/etc/graylog/sidecar/node-id"
+
+update_interval: {{ graylog_update_interval }}
+tls_skip_verify: {{ graylog_tls_skip_verify }}
+send_status: true
+
+cache_path: "/var/cache/graylog-sidecar"
+log_path: "/var/log/graylog-sidecar"
+log_rotate_max_file_size: {{ graylog_log_rotate_max_file_size }}
+log_rotate_keep_files: {{ graylog_log_rotate_keep_files }}
+collector_validation_timeout: {{ graylog_collector_validation_timeout }}
+collector_shutdown_timeout: "10s"
+collector_configuration_directory: "/var/lib/graylog-sidecar/generated"
+
+#list_log_files: []
+
+tags:
+  - default
+
+collector_binaries_accesslist:
+  - "/usr/lib/graylog-sidecar/filebeat"
+  - "/usr/lib/graylog-sidecar/auditbeat"
--- a/ansible/debian-graylog-example/roles/vars/main.yaml
+++ b/ansible/debian-graylog-example/roles/vars/main.yaml
@ -0,0 +1,11 @@
+---
+# Vars
+# ====
+graylog_server_url: "https://___URL_OF_GRAYLOG_SERVER___/api"
+graylog_server_api_token: "___GRAYLOG_API_TOKEN___"
+graylog_update_interval: 10
+graylog_tls_skip_verify: true
+graylog_send_status: true
+graylog_log_rotate_max_file_size: "10MiB"
+graylog_log_rotate_keep_files: 10
+graylog_collector_validation_timeout: "1m"
--- a/ansible/windows-graylog-example/README.md
+++ b/ansible/windows-graylog-example/README.md
@ -0,0 +1,9 @@
+# windows-graylog-example
+
+## English
+
+🇺🇸 [Ansible Role to onboard Windows Servers in Graylog Open](https://www.thierolf.org/posts/ansible-role-to-onboard-windows-server-in-graylog-open/)
+
+## Deutsch
+
+🇩🇪 [Ansible Role für das Onboarding von Windows Server in Graylog Open](https://www.thierolf.org/posts/ansible-role-fuer-das-onboarding-von-windows-server-in-graylog-open/)
--- a/ansible/windows-graylog-example/inventory/group_vars/microsoft_windows.yaml
+++ b/ansible/windows-graylog-example/inventory/group_vars/microsoft_windows.yaml
@ -0,0 +1,10 @@
+---
+#
+# group_vars for Microsoft Windows
+#
+ansible_ssh_common_args: "-o StrictHostKeyChecking=no"
+ansible_user: "[ANSIBLE_USERNAME]"
+ansible_password: "[ANSIBLE_PASSWORD]"
+ansible_become_password: "{{ ansible_password }}"
+ansible_connection: ssh
+ansible_shell_type: powershell
--- a/ansible/windows-graylog-example/inventory/host_vars/win-test.example.com.yaml
+++ b/ansible/windows-graylog-example/inventory/host_vars/win-test.example.com.yaml
@ -0,0 +1,11 @@
+---
+# Ansible-specific
+# ================
+ansible_host: n.n.n.n
+hostname: win-test
+domainname: example.com
+fqdn: "{{ hostname }}.{{ domainname }}"
+
+# Graylog-Node-ID
+# ===============
+graylog_node_id: nnnnnnnn-nnnn-nnnn-nnnn-nnnnnnnnnnnn
--- a/ansible/windows-graylog-example/inventory/inventory.yaml
+++ b/ansible/windows-graylog-example/inventory/inventory.yaml
@ -0,0 +1,9 @@
+---
+#
+# Inventory
+#
+all:
+  children:
+    microsoft_windows:
+      hosts:
+        win-test.example.com:
--- a/ansible/windows-graylog-example/playbooks/deploy_win-test.yaml
+++ b/ansible/windows-graylog-example/playbooks/deploy_win-test.yaml
@ -0,0 +1,7 @@
+---
+# Playbook
+# ========
+- hosts: microsoft_windows
+  gather_facts: true
+  roles:
+    - server/windows/graylog
--- a/ansible/windows-graylog-example/roles/windows/graylog/files/graylog_sidecar_installer_1.5.0-1.exe
+++ b/ansible/windows-graylog-example/roles/windows/graylog/files/graylog_sidecar_installer_1.5.0-1.exe
@ -0,0 +1,2 @@
+!! DUMMY FILE !!
+See: https://github.com/Graylog2/collector-sidecar/releases
--- a/ansible/windows-graylog-example/roles/windows/graylog/handlers/main.yaml
+++ b/ansible/windows-graylog-example/roles/windows/graylog/handlers/main.yaml
@ -0,0 +1,7 @@
+---
+# Handlers
+# ========
+- name: "Restart: graylog-sidecar"
+  ansible.windows.win_service:
+    name: graylog-sidecar
+    state: restarted
--- a/ansible/windows-graylog-example/roles/windows/graylog/tasks/main.yaml
+++ b/ansible/windows-graylog-example/roles/windows/graylog/tasks/main.yaml
@ -0,0 +1,10 @@
+---
+# Tasks
+# =====
+- name: "Block"
+  ansible.builtin.include_tasks: "{{ tasks }}"
+  loop:
+    - task_01_install_graylog.yaml
+    - task_02_configure_graylog.yaml
+  loop_control:
+    loop_var: tasks
--- a/ansible/windows-graylog-example/roles/windows/graylog/tasks/task_01_install_graylog.yaml
+++ b/ansible/windows-graylog-example/roles/windows/graylog/tasks/task_01_install_graylog.yaml
@ -0,0 +1,31 @@
+---
+# Tasks
+# =====
+- name: "Block"
+  notify: "Restart: graylog-sidecar"
+  when: ansible_os_family == "Windows"
+  block:
+
+    - name: "Assert vars: graylog-sidecar"
+      ansible.builtin.assert:
+        that:
+          - graylog_server_url is defined
+          - graylog_server_api_token is defined
+
+    - name: "Create: TEMP directory"
+      ansible.windows.win_file:
+        path: C:\Temp
+        state: directory
+
+    - name: "Copy: graylog_sidecar_installer_1.5.0-1.exe"
+      ansible.builtin.copy:
+        src: graylog_sidecar_installer_1.5.0-1.exe
+        dest: C:\temp\graylog_sidecar_installer_1.5.0-1.exe
+
+    - name: "Install: graylog-sidecar"
+      ansible.windows.win_package:
+        path: C:\temp\graylog_sidecar_installer_1.5.0-1.exe
+        creates_path: C:\Program Files\Graylog\sidecar
+        arguments:
+        - "/S -SERVERURL={{ graylog_server_url }} -APITOKEN={{ graylog_server_api_token }}"
+        state: present
--- a/ansible/windows-graylog-example/roles/windows/graylog/tasks/task_02_configure_graylog.yaml
+++ b/ansible/windows-graylog-example/roles/windows/graylog/tasks/task_02_configure_graylog.yaml
@ -0,0 +1,33 @@
+---
+# Tasks
+# =====
+- name: "Block"
+  notify: "Restart: graylog-sidecar"
+  when: ansible_os_family == "Windows"
+  block:
+
+    - name: "Assert vars: graylog-sidecar"
+      ansible.builtin.assert:
+        that:
+          - graylog_server_url is defined
+          - graylog_server_api_token is defined
+          - graylog_update_interval is defined
+          - graylog_tls_skip_verify is defined
+          - graylog_node_id is defined
+          - graylog_tls_skip_verify is defined
+          - graylog_send_status is defined
+          - graylog_log_rotate_max_file_size is defined
+          - graylog_log_rotate_keep_files is defined
+          - graylog_collector_validation_timeout is defined
+
+    - name: "Deploy config: sidecar.yaml.j2"
+      ansible.builtin.template:
+        src: sidecar.yaml.j2
+        dest: C:\Program Files\Graylog\sidecar\sidecar.yml
+        backup: true
+
+    - name: "Deploy config: node-id.j2"
+      ansible.builtin.template:
+        src: node-id.j2
+        dest: C:\Program Files\Graylog\sidecar\node-id
+        backup: false
--- a/ansible/windows-graylog-example/roles/windows/graylog/templates/node-id.j2
+++ b/ansible/windows-graylog-example/roles/windows/graylog/templates/node-id.j2
@ -0,0 +1 @@
+{{ graylog_node_id }}
--- a/ansible/windows-graylog-example/roles/windows/graylog/templates/sidecar.yaml.j2
+++ b/ansible/windows-graylog-example/roles/windows/graylog/templates/sidecar.yaml.j2
@ -0,0 +1,26 @@
+#
+# !! This configuration file is managed by Ansible !!
+# !! DO NOT change local file. Change Ansible role !!
+#
+server_url: "{{ graylog_server_url }}"
+server_api_token: "{{ graylog_server_api_token }}"
+
+node_id: "file:C:\\Program Files\\Graylog\\sidecar\\node-id"
+node_name: ""
+
+update_interval: {{ graylog_update_interval }}
+tls_skip_verify: "{{ graylog_tls_skip_verify }}"
+send_status: "{{ graylog_send_status }}"
+
+cache_path: "C:\\Program Files\\Graylog\\sidecar\\cache"
+log_path: "C:\\Program Files\\Graylog\\sidecar\\logs"
+log_rotate_max_file_size: "{{ graylog_log_rotate_max_file_size }}"
+log_rotate_keep_files: {{ graylog_log_rotate_keep_files }}
+collector_validation_timeout: "{{ graylog_collector_validation_timeout }}"
+collector_configuration_directory: "C:\\Program Files\\Graylog\\sidecar\\generated"
+windows_drive_range: "CDEFGHIJKLMNOPQRSTUVWXYZ"
+
+tags: [ default ]
+
+collector_binaries_accesslist:
+  - "C:\\Program Files\\Graylog\\sidecar\\winlogbeat.exe"
--- a/ansible/windows-graylog-example/roles/windows/graylog/vars/main.yaml
+++ b/ansible/windows-graylog-example/roles/windows/graylog/vars/main.yaml
@ -0,0 +1,11 @@
+---
+# Vars
+# ====
+graylog_server_url: "https://___URL_OF_GRAYLOG_SERVER___/api"
+graylog_server_api_token: "___GRAYLOG_API_TOKEN___"
+graylog_update_interval: 10
+graylog_tls_skip_verify: true
+graylog_send_status: true
+graylog_log_rotate_max_file_size: "10MiB"
+graylog_log_rotate_keep_files: 10
+graylog_collector_validation_timeout: "1m"
--- a/ansible/windows-nsclientplusplus-example/README.md
+++ b/ansible/windows-nsclientplusplus-example/README.md
@ -0,0 +1,9 @@
+# windows-nsclientplusplus-example
+
+## English
+
+🇺🇸 [Deploy NSCLient++ on Windows Servers with an Ansible Role](https://www.thierolf.org/posts/deploy-nsclient-on-windows-servers-with-an-ansible-role/)
+
+## Deutsch
+
+🇩🇪 [Installation von NSClient++ auf Windows Server mit einer Ansible Role](https://www.thierolf.org/posts/installation-von-nsclient-auf-windows-server-mit-einer-ansible-rolle/)
--- a/ansible/windows-nsclientplusplus-example/inventory/group_vars/microsoft_windows.yaml
+++ b/ansible/windows-nsclientplusplus-example/inventory/group_vars/microsoft_windows.yaml
@ -0,0 +1,9 @@
+---
+#
+# group_vars for Microsoft Windows
+ansible_ssh_common_args: "-o StrictHostKeyChecking=no"
+ansible_user: "[ANSIBLE_USERNAME]"
+ansible_password: "[ANSIBLE_PASSWORD]"
+ansible_become_password: "{{ ansible_password }}"
+ansible_connection: ssh
+ansible_shell_type: powershell
--- a/ansible/windows-nsclientplusplus-example/inventory/host_vars/win-test.example.com.yaml
+++ b/ansible/windows-nsclientplusplus-example/inventory/host_vars/win-test.example.com.yaml
@ -0,0 +1,30 @@
+---
+# Ansible-specific
+# ================
+ansible_host: n.n.n.n
+hostname: win-server1
+domainname: example.com
+fqdn: "{{ hostname }}.{{ domainname }}"
+
+# NSClient++
+# ==========
+nscp_module_nrpe_server: enabled
+nscp_module_nrpe_simple_cache: enabled
+nscp_module_nrpe_command_client: disabled
+nscp_module_nrpe_check_disk: enabled
+nscp_module_nrpe_check_eventglog: enabled
+nscp_module_nrpe_check_externalscripts: enabled
+nscp_module_nrpe_check_helpers: enabled
+nscp_module_nrpe_check_logfile: enabled
+nscp_module_nrpe_check_nscp: enabled
+nscp_module_nrpe_check_system: enabled 
+nscp_module_nrpe_check_tasksched: enabled
+nscp_module_nrpe_check_wmi: enabled
+nscp_module_nrpe_check_net: disabled
+
+# NRPE Win-PDH
+# ============
+nrpe_win_pdh_total_disk_reads: true
+nrpe_win_pdh_total_disk_writes: true
+nrpe_win_pdh_thread_context_switches: true
+nrpe_win_pdh_memory_page_faults: true
--- a/ansible/windows-nsclientplusplus-example/inventory/inventory.yaml
+++ b/ansible/windows-nsclientplusplus-example/inventory/inventory.yaml
@ -0,0 +1,8 @@
+---
+#
+# Inventory
+all:
+  children:
+    microsoft_windows:
+      hosts:
+        win-test.example.com:
--- a/ansible/windows-nsclientplusplus-example/playbooks/deploy_win-test.yaml
+++ b/ansible/windows-nsclientplusplus-example/playbooks/deploy_win-test.yaml
@ -0,0 +1,7 @@
+---
+# Playbook
+# ========
+- hosts: microsoft_windows
+  gather_facts: true
+  roles:
+    - server/windows/nsclientplusplus
--- a/ansible/windows-nsclientplusplus-example/roles/windows/nsclientplusplus/files/NSCP-0.5.3.4-x64.msi
+++ b/ansible/windows-nsclientplusplus-example/roles/windows/nsclientplusplus/files/NSCP-0.5.3.4-x64.msi
@ -0,0 +1,2 @@
+!! DUMMY FILE !!
+See: https://github.com/mickem/nscp/releases/tag/0.5.3.4
--- a/ansible/windows-nsclientplusplus-example/roles/windows/nsclientplusplus/handlers/main.yaml
+++ b/ansible/windows-nsclientplusplus-example/roles/windows/nsclientplusplus/handlers/main.yaml
@ -0,0 +1,7 @@
+---
+# Handlers
+# ========
+- name: "Restart: nscp"
+  ansible.windows.win_service:
+    name: nscp
+    state: restarted
--- a/ansible/windows-nsclientplusplus-example/roles/windows/nsclientplusplus/tasks/main.yaml
+++ b/ansible/windows-nsclientplusplus-example/roles/windows/nsclientplusplus/tasks/main.yaml
@ -0,0 +1,10 @@
+---
+# Tasks
+# =====
+- name: "Block"
+  ansible.builtin.include_tasks: "{{ tasks }}"
+  loop:
+    - task_01_install_nsclientplusplus.yaml
+    - task_02_configure_nsclientplusplus.yaml
+  loop_control:
+    loop_var: tasks
--- a/ansible/windows-nsclientplusplus-example/roles/windows/nsclientplusplus/tasks/task_01_install_nsclientplusplus.yaml
+++ b/ansible/windows-nsclientplusplus-example/roles/windows/nsclientplusplus/tasks/task_01_install_nsclientplusplus.yaml
@ -0,0 +1,39 @@
+---
+# Tasks
+# =====
+- name: "Block"
+  notify: "Restart: nscp"
+  when: ansible_os_family == "Windows"
+  block:
+
+    - name: "Assert vars: nscp"
+      ansible.builtin.assert:
+        that:
+          - nscp_allowed_hosts is defined
+          - nscp_cache_allowed_hosts is defined
+          - nscp_timeout is defined
+          - nscp_nrpe_allow_arguments is defined
+          - nscp_nrpe_nasty_characters is defined
+          - nscp_nrpe_allowed_hosts is defined
+          - nscp_nrpe_use_ssl is defined
+          - nscp_nrpe_insecure is defined
+          - nscp_nrpe_port is defined
+          - nscp_nrpe_performance_data is defined
+
+    - name: "Create TEMP directory"
+      ansible.windows.win_file:
+        path: C:\Temp
+        state: directory
+
+    - name: "Copy: NSCP-0.5.3.4-x64.msi"
+      ansible.builtin.copy:
+        src: NSCP-0.5.3.4-x64.msi
+        dest: C:\temp\NSCP-0.5.3.4-x64.msi
+
+    - name: "Install: nscp"
+      ansible.windows.win_package:
+        path: C:\temp\NSCP-0.5.3.4-x64.msi
+        creates_path: C:\Program Files\NSClient++
+        arguments:
+        - "/quiet"
+        state: present
--- a/ansible/windows-nsclientplusplus-example/roles/windows/nsclientplusplus/tasks/task_02_configure_nsclientplusplus.yaml
+++ b/ansible/windows-nsclientplusplus-example/roles/windows/nsclientplusplus/tasks/task_02_configure_nsclientplusplus.yaml
@ -0,0 +1,57 @@
+---
+# Tasks
+# =====
+- name: "Block"
+  notify: "Restart: nscp"
+  when: ansible_os_family == "Windows"
+  block:
+
+    - name: "Assert vars: nscp"
+      ansible.builtin.assert:
+        that:
+          - nscp_allowed_hosts is defined
+          - nscp_cache_allowed_hosts is defined
+          - nscp_timeout is defined
+          - nscp_nrpe_allow_arguments is defined
+          - nscp_nrpe_nasty_characters is defined
+          - nscp_nrpe_allowed_hosts is defined
+          - nscp_nrpe_use_ssl is defined
+          - nscp_nrpe_insecure is defined
+          - nscp_nrpe_port is defined
+          - nscp_nrpe_performance_data is defined
+          - nscp_module_nrpe_server is defined
+          - nscp_module_nrpe_simple_cache is defined
+          - nscp_module_nrpe_command_client is defined
+          - nscp_module_nrpe_check_disk is defined
+          - nscp_module_nrpe_check_eventglog is defined
+          - nscp_module_nrpe_check_externalscripts is defined
+          - nscp_module_nrpe_check_helpers is defined
+          - nscp_module_nrpe_check_logfile is defined
+          - nscp_module_nrpe_check_nscp is defined
+          - nscp_module_nrpe_check_system is defined
+          - nscp_module_nrpe_check_tasksched is defined
+          - nscp_module_nrpe_check_wmi is defined
+          - nscp_module_nrpe_check_net is defined
+          - nrpe_win_pdh_total_disk_reads is defined
+          - nrpe_win_pdh_total_disk_writes is defined
+          - nrpe_win_pdh_thread_context_switches is defined
+          - nrpe_win_pdh_memory_page_faults is defined
+
+    - name: "Deploy config: nsclient.ini.j2"
+      ansible.builtin.template:
+        src: nsclient.ini.j2
+        dest: C:\Program Files\NSClient++\nsclient.ini
+        backup: true
+
+    - name: "Set Win-Firewall to allow nscp"
+      community.windows.win_firewall_rule:
+        name: "[ansible-managed] Allow-TCP-NSClient++"
+        localport: {{ nscp_nrpe_port }}
+        action: allow
+        direction: in
+        protocol: tcp
+        profiles: 
+        - domain
+        - private
+        enabled: yes
+        state: present
--- a/ansible/windows-nsclientplusplus-example/roles/windows/nsclientplusplus/templates/nsclient.ini.j2
+++ b/ansible/windows-nsclientplusplus-example/roles/windows/nsclientplusplus/templates/nsclient.ini.j2
@ -0,0 +1,60 @@
+#
+# !! This configuration file is managed by Ansible !!
+# !! DO NOT change local file. Change Ansible role !!
+#
+[/settings/default]
+allowed hosts = {{ nscp_allowed_hosts }}
+cache allowed hosts = {{ nscp_cache_allowed_hosts }}
+timeout = {{ nscp_timeout }}
+
+[/settings/NRPE/server]
+allow arguments = {{ nscp_nrpe_allow_arguments }}
+allow nasty characters = {{ nscp_nrpe_nasty_characters }}
+allowed hosts = {{ nscp_nrpe_allowed_hosts }}
+use ssl = {{ nscp_nrpe_use_ssl }}
+insecure = {{ nscp_nrpe_insecure }}
+port = {{ nscp_nrpe_port }}
+performance data = {{ nscp_nrpe_performance_data }}
+
+[/modules]
+NRPEServer = {{ nscp_module_nrpe_server }}
+SimpleCache = {{ nscp_module_nrpe_simple_cache }}
+CommandClient = {{ nscp_module_nrpe_command_client }}
+CheckDisk = {{ nscp_module_nrpe_check_disk }}
+CheckEventLog = {{ nscp_module_nrpe_check_eventglog }}
+CheckExternalScripts = {{ nscp_module_nrpe_check_externalscripts }}
+CheckHelpers = {{ nscp_module_nrpe_check_helpers }}
+CheckLogFile = {{ nscp_module_nrpe_check_logfile }}
+CheckNSCP = {{ nscp_module_nrpe_check_nscp }}
+CheckSystem = {{ nscp_module_nrpe_check_system }}
+CheckTaskSched = {{ nscp_module_nrpe_check_tasksched }}
+CheckWMI = {{ nscp_module_nrpe_check_wmi }}
+CheckNet = {{ nscp_module_nrpe_check_net }}
+
+#
+# Standard Performance Counters
+#
+{% if nrpe_win_pdh_total_disk_reads == true %}
+[/settings/system/windows/counters/TotalDiskReads]
+collection strategy=rrd
+useEnglishOnly = 1
+counter=\PhysicalDisk(_Total)\Disk Reads/sec
+{% endif %}
+{% if nrpe_win_pdh_total_disk_writes == true %}
+[/settings/system/windows/counters/TotalDiskWrites]
+collection strategy=rrd
+useEnglishOnly = 1
+counter=\PhysicalDisk(_Total)\Disk Writes/sec
+{% endif %}
+{% if nrpe_win_pdh_thread_context_switches == true %}
+[/settings/system/windows/counters/ThreadContextSwitches]
+collection strategy=rrd
+useEnglishOnly = 1
+counter=\Thread(*)\Context Switches/sec
+{% endif %}
+{% if nrpe_win_pdh_memory_page_faults == true %}
+[/settings/system/windows/counters/MemoryPageFaults]
+collection strategy=rrd
+useEnglishOnly = 1
+counter=\Memory\Page Faults/sec
+{% endif %}
--- a/ansible/windows-nsclientplusplus-example/roles/windows/nsclientplusplus/vars/main.yaml
+++ b/ansible/windows-nsclientplusplus-example/roles/windows/nsclientplusplus/vars/main.yaml
@ -0,0 +1,14 @@
+---
+# Vars
+# ====
+nscp_allowed_hosts: "___IP_MONITORING_SYSTEM___"
+nscp_cache_allowed_hosts: true
+nscp_timeout: 90
+
+nscp_nrpe_allow_arguments: true
+nscp_nrpe_nasty_characters: true
+nscp_nrpe_allowed_hosts: "___IP_MONITORING_SYSTEM___"
+nscp_nrpe_use_ssl: false
+nscp_nrpe_insecure: true
+nscp_nrpe_port: 5666
+nscp_nrpe_performance_data: true
--- a/ansible/windows-snmp-example/README.md
+++ b/ansible/windows-snmp-example/README.md
@ -0,0 +1,9 @@
+# windows-snmp-example
+
+## English
+
+🇺🇸 [OpenSSH Server on Windows and SNMP Service Installation with Ansible](https://www.thierolf.org/posts/openssh-server-on-windows-and-snmp-service-installation-with-ansible/)
+
+## Deutsch
+
+🇩🇪 [OpenSSH Server unter Windows und SNMP Service Installation mit Ansible](https://www.thierolf.org/posts/openssh-server-unter-windows-und-snmp-service-installation-mit-ansible/)
--- a/ansible/windows-snmp-example/inventory/group_vars/microsoft_windows.yaml
+++ b/ansible/windows-snmp-example/inventory/group_vars/microsoft_windows.yaml
@ -0,0 +1,10 @@
+---
+#
+# group_vars for Microsoft Windows
+#
+ansible_ssh_common_args: "-o StrictHostKeyChecking=no"
+ansible_user: "[ANSIBLE_USERNAME]"
+ansible_password: "[ANSIBLE_PASSWORD]"
+ansible_become_password: "{{ ansible_password }}"
+ansible_connection: ssh
+ansible_shell_type: powershell
--- a/ansible/windows-snmp-example/inventory/host_vars/win-test.example.com.yaml
+++ b/ansible/windows-snmp-example/inventory/host_vars/win-test.example.com.yaml
@ -0,0 +1,8 @@
+---
+# 
+# host_vars for Microsoft Windows
+#
+ansible_host: [IPV4_ADDRESS]
+hostname: win-test
+domainname: example.com
+fqdn: "{{ hostname }}.{{ domainname }}"
--- a/ansible/windows-snmp-example/inventory/inventory.yaml
+++ b/ansible/windows-snmp-example/inventory/inventory.yaml
@ -0,0 +1,9 @@
+---
+#
+# Inventory
+#
+all:
+  children:
+    microsoft_windows:
+      hosts:
+        win-test.example.com:
--- a/ansible/windows-snmp-example/playbooks/deploy_win-test.yaml
+++ b/ansible/windows-snmp-example/playbooks/deploy_win-test.yaml
@ -0,0 +1,8 @@
+---
+#
+# Playbook
+#
+- hosts: win-test.example.com
+  gather_facts: true
+  roles:
+    - windows/snmp
--- a/ansible/windows-snmp-example/roles/windows/snmp/main.yaml
+++ b/ansible/windows-snmp-example/roles/windows/snmp/main.yaml
@ -0,0 +1,12 @@
+---
+#
+# Tasks
+#
+- name: "Block"
+  ansible.builtin.include_tasks: "{{ tasks }}"
+  loop:
+    - task_01_install_snmp.yaml
+    - task_02_config_sysinfo.yaml
+    - task_03_config_firewall.yaml
+  loop_control:
+    loop_var: tasks
--- a/ansible/windows-snmp-example/roles/windows/snmp/task_01_install_snmp.yaml
+++ b/ansible/windows-snmp-example/roles/windows/snmp/task_01_install_snmp.yaml
@ -0,0 +1,26 @@
+---
+#
+# task_01_install_snmp.yaml
+#
+- name: "Install SNMP-Service"
+  ansible.windows.win_feature:
+    name: SNMP-Service
+    state: present
+    include_sub_features: true
+    include_management_tools: true
+
+- name: "Install RSAT-SNMP"
+  ansible.windows.win_feature:
+    name: RSAT-SNMP
+    state: present
+    include_sub_features: true
+    include_management_tools: true
+
+- name: "Set Win-SNMP-Communities"
+  community.windows.win_snmp:
+    community_strings:
+    - "[SNMP_COMMUNITY]"
+    permitted_managers:
+    - localhost
+    - [IPV4_OF_MONITORING_SYSTEM]
+    action: set
--- a/ansible/windows-snmp-example/roles/windows/snmp/task_02_config_sysinfo.yaml
+++ b/ansible/windows-snmp-example/roles/windows/snmp/task_02_config_sysinfo.yaml
@ -0,0 +1,13 @@
+---
+#
+# task_02_config_sysinfo.yaml
+#
+- name: "Set SNMP-sysContact"
+  ansible.windows.win_powershell:
+    script: |
+      Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\RFC1156Agent" -Name "sysContact" -Value "SNMP_TEST_CONTACT"
+
+- name: "Set SNMP-sysLocation"
+  ansible.windows.win_powershell:
+    script: |
+      Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\RFC1156Agent" -Name "sysLocation" -Value "SNMP_TEST_LOCATION"
--- a/ansible/windows-snmp-example/roles/windows/snmp/task_03_config_firewall.yaml
+++ b/ansible/windows-snmp-example/roles/windows/snmp/task_03_config_firewall.yaml
@ -0,0 +1,16 @@
+---
+#
+# task_03_config_firewall.yaml
+#
+- name: "Set Win-Firewall to allow SNMP Queries"
+  community.windows.win_firewall_rule:
+    name: "Allow-UDP-SNMP [ansible-managed]"
+    localport: 161
+    action: allow
+    direction: in
+    protocol: udp
+    profiles: 
+    - domain
+    - private
+    enabled: yes
+    state: present