# custom configuration for pfpyroutinecheck
# all system specific paramters are configured here
# please do not modify /etc/perfact/pyroutinecheck/config.py

# Ansible is using the custom template from
# roles/phonehome_deploy/templates/pyroutinecheck_custom.py.j2

# libs that have to be included:
# -*- coding: utf-8 -*-
import pyroutinecheck.checks as checks
import pyroutinecheck.custom_checks as custom_checks


# checks not to perform
# read lib/checks.py and lib/custom_checks.py for checks available
disabled_checks = [
  # AUTHLOG makes no sense. Too many lines. Too slow
  checks.Check_Authlog,
  # No database here
  checks.Check_Postgreslog,
  checks.Check_Long_PSQL_Durations,
  checks.Check_SpecialPrograms,
  #No zope no HA-proxy
  checks.Check_Zope,
  checks.Check_HAProxy_Cert,
  #checks.Check_localBackup,
  checks.Check_Cluster_Heartbeat,
  checks.Check_Drbd,
  checks.Check_Raid,
  # No ssl certs here:
  checks.Check_Cert,
  checks.Check_Cert_General,
]

# Quickchecks to disable on this system
# Names have to match EXACTLY, i.e. qck_my_check
disabled_quickchecks = [
  'qck_is_nodesconf_present',
  'qck_clear_tmp',
  'qck_zoperecord',
  'qck_after_monit_service',
  'qck_check_pg_same_sizes',
  'qck_backupvol_monit',
  'qck_check_package_monit',
  'qck_git_in_env',
  'qck_netrc_perms',
  # qck_monit_alert looks only in monitrc:
  'qck_monit_alert',
  # No postgresql:
  'qck_wal_segments',
  'qck_wal_symlink',
  'qck_dbbackupworkdir',
  # No zope:
  'qck_zope_logrotate',
  'qck_check_repo_ownerships',
  # No apache:
  'qck_manage_rewrite',
  'qck_max_req_workers',
  # No assignd
  'qck_check_assignd',
  # No phonehome to self:
  'qck_check_phonehome',
  # user has never been here:
  'qck_is_pfinstall_present',
]

list_of_packages = [
    'clamav',
    'postfix',
    'monit',
    'python',
    # 'python-perfact',
    'pffirewall', 'pfbackup',
]


# check following items in /etc/logrotate.d/
check_logrotate = [
{% if software is defined and "measure" in software %}    'perfact-measure',
{% endif %}
    'monit',
    'rsyslog'
]


# config files to check, key is used as subpath from backup_path
# If old backups are not being used, comment out all key-value pairs
backup_mapping = {
#    'postgresql': 'dump_db.conf',
#    'system': 'dump_system.conf',
#    'zope': 'dump_zope.conf',
}

# Name of config files used for borg backups
# do NOT add the .py extension here!
# If borg is not being used, comment out the values of this list
backup_borg = [
    'system',
{% if software is defined and "database" in software %}    'db'
{% endif %}
]

# paths to check during Check_General_Certs
general_cert_paths = [
#    '/etc/openvpn/cacert.pem',
#    '/etc/openvpn/OpenVPN-Server_public.pem'
]

# Devices listed here will not be checked in the SystemBackupConfig check
exclude_backup_devs = [
    # Ansible is using the var monit_backup_device from data/hosts
    # (Fallback to /dev/mapper/system-backup if undefined)
    '{{ monit_backup_device | default('/dev/mapper/system-backup') }}',
]

# The versions of these packages are checked
# for the inventory mail
inv_ver_packages = [
{% if software is defined and "measure" in software %}    "perfact-measure",
{% endif %}
#    "perfact-assignd",
#    "perfact-dbbookd",
#    "perfact-dbutils-zope2",
#    "perfact-dbutils-zope4",
#    "perfact-hatools",
    "pfpyroutinecheck",
#    "perfact-phonehome",
#    "perfact-cachetriggerd",
    "perfact-keyring",
#    "perfact-webviewer-servertools",
    "python3-perfact",
]