Move all shared into this new repo

app/atlassian/bitbucket/tasks/main.yml

@@ -0,0 +1,36 @@
+---
+# Create the atlbitbucket PostgreSQL user
+- name: Creating the atlbitbucket PostgreSQL user
+  become: yes
+  become_user: postgres
+  postgresql_user:
+    name: atlbitbucket
+    password: '{{ atlbitbucket_password }}'
+    encrypted: yes
+    expires: infinity
+    state: present
+
+# pgsql can login in many ways
+# Local linux user on socket: sudo -u atlbitbucket psql bitbucket
+# TCP/IP with password: psql -h localhost -U atlbitbucket bitbucket
+
+# Create the bitbucket PostgreSQL database
+- name: Creating the bitbucket PostgreSQL database
+  become: yes
+  become_user: postgres
+  postgresql_db:
+    db: bitbucket
+    encoding: UTF-8
+    owner: atlbitbucket
+
+# Create PostgreSQL account for employee mreschke
+- name: Creating PostgreSQL account for mreschke
+  become: yes
+  become_user: postgres
+  postgresql_user:
+    name: mreschke
+    role_attr_flags: SUPERUSER
+    password: '{{ mreschke_password }}'
+    encrypted: yes
+    expires: infinity
+    state: present

app/atlassian/confluence/files/confluence/original-confluence6.8--server.xml

@@ -0,0 +1,90 @@
+<Server port="8000" shutdown="SHUTDOWN" debug="0">
+    <Service name="Tomcat-Standalone">
+        <!--
+         ==============================================================================================================
+         DEFAULT - Direct connector with no proxy, for unproxied HTTP access to Confluence.
+
+         If using a http/https proxy, comment out this connector.
+         ==============================================================================================================
+        -->
+        <Connector port="8090" connectionTimeout="20000" redirectPort="8443"
+                   maxThreads="48" minSpareThreads="10"
+                   enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
+                   protocol="org.apache.coyote.http11.Http11NioProtocol"/>
+        <!--
+         ==============================================================================================================
+         HTTP - Proxying Confluence via Apache or Nginx over HTTP
+
+         If you're proxying traffic to Confluence over HTTP, uncomment the connector below and comment out the others.
+         Make sure you provide the right information for proxyName and proxyPort.
+
+         For more information see:
+            Apache - https://confluence.atlassian.com/x/4xQLM
+            nginx  - https://confluence.atlassian.com/x/TgSvEg
+
+         ==============================================================================================================
+        -->
+
+        <!--
+        <Connector port="8090" connectionTimeout="20000" redirectPort="8443"
+                   maxThreads="48" minSpareThreads="10"
+                   enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
+                   protocol="org.apache.coyote.http11.Http11NioProtocol"
+                   scheme="http" proxyName="<subdomain>.<domain>.com" proxyPort="80"/>
+        -->
+        
+        <!--
+         ==============================================================================================================
+         HTTPS - Direct connector with no proxy, for unproxied HTTPS access to Confluence.
+
+         For more info see https://confluence.atlassian.com/x/s3UC
+         ==============================================================================================================
+        -->
+
+        <!--
+        <Connector port="8443" maxHttpHeaderSize="8192"
+                   maxThreads="150" minSpareThreads="25"
+                   protocol="org.apache.coyote.http11.Http11NioProtocol"
+                   enableLookups="false" disableUploadTimeout="true"
+                   acceptCount="100" scheme="https" secure="true"
+                   clientAuth="false" sslProtocol="TLSv1.2" sslEnabledProtocols="TLSv1.2" SSLEnabled="true"
+                   URIEncoding="UTF-8" keystorePass="<MY_CERTIFICATE_PASSWORD>"/>
+        -->
+
+        <!--
+         ==============================================================================================================
+         HTTPS - Proxying Confluence via Apache or Nginx over HTTPS
+
+         If you're proxying traffic to Confluence over HTTPS, uncomment the connector below and comment out the others.
+         Make sure you provide the right information for proxyName and proxyPort.
+
+         For more information see:
+            Apache - https://confluence.atlassian.com/x/PTT3MQ
+            nginx  - https://confluence.atlassian.com/x/cNIvMw
+         ==============================================================================================================
+        -->
+
+        <!--
+        <Connector port="8090" connectionTimeout="20000" redirectPort="8443"
+                   maxThreads="48" minSpareThreads="10"
+                   enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
+                   protocol="org.apache.coyote.http11.Http11NioProtocol"
+                   scheme="https" proxyName="<subdomain>.<domain>.com" proxyPort="443"/>
+        -->
+
+        <Engine name="Standalone" defaultHost="localhost" debug="0">
+            <Host name="localhost" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="false" startStopThreads="4">
+                <Context path="" docBase="../confluence" debug="0" reloadable="false" useHttpOnly="true">
+                    <!-- Logging configuration for Confluence is specified in confluence/WEB-INF/classes/log4j.properties -->
+                    <Manager pathname=""/>
+                    <Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60"/>
+                </Context>
+
+                <Context path="${confluence.context.path}/synchrony-proxy" docBase="../synchrony-proxy" debug="0"
+                         reloadable="false" useHttpOnly="true">
+                    <Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60"/>
+                </Context>
+            </Host>
+        </Engine>
+    </Service>
+</Server>

app/atlassian/confluence/files/mysql/mysqld.cnf

@@ -0,0 +1,40 @@
+# Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA
+
+#
+# The MySQL  Server configuration file.
+#
+# For explanations see
+# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
+
+[mysqld]
+pid-file	= /var/run/mysqld/mysqld.pid
+socket		= /var/run/mysqld/mysqld.sock
+datadir		= /var/lib/mysql
+log-error	= /var/log/mysql/error.log
+# By default we only accept connections from localhost
+bind-address	= 0.0.0.0
+# Disabling symbolic-links is recommended to prevent assorted security risks
+symbolic-links=0
+
+# Confluence Customizations
+# https://confluence.atlassian.com/doc/database-setup-for-mysql-128747.html
+character-set-server=utf8
+collation-server=utf8_bin
+default-storage-engine=INNODB
+max_allowed_packet=256M
+innodb_log_file_size=2GB
+transaction-isolation=READ-COMMITTED
+binlog_format=row

app/atlassian/confluence/handlers/main.yml

@@ -0,0 +1,3 @@
+---
+- name: restart mysql
+  service: name=mysql state=restarted

app/atlassian/confluence/tasks/main.yml

@@ -0,0 +1,2 @@
+---
+- include_tasks: mysql.yml

app/atlassian/confluence/tasks/mysql.yml

@@ -0,0 +1,34 @@
+---
+# Copy /etc/mysql/mysql.conf.d/mysqld.cnf
+- name: Copying /etc/mysql/mysql.conf.d/mysqld.cnf
+  copy:
+    src: files/mysql/mysqld.cnf
+    dest: /etc/mysql/mysql.conf.d/mysqld.cnf
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart mysql # Only reloads if file has changed!
+
+# Create the confluence MySQL database
+- name: Creating the confluence database
+  mysql_db:
+    name: confluence
+    state: present
+
+# Create confluence MySQL user
+- name: Creating MySQL confluence user
+  mysql_user:
+    name: confluence
+    host: localhost # This is local user, you cannot access MySQL on this user remotely (not '%' login), this is good
+    password: '{{ confluence_password }}'
+    priv: 'confluence.*:ALL'
+    state: present # Verified if you change the PW and re-run, it DOES change properly!
+
+# Create MySQL accounts for employee mreschke
+- name: Creating MySQL account for mreschke
+  mysql_user:
+    name: mreschke
+    host: '%'
+    password: '{{ mreschke_password }}'
+    priv: '*.*:ALL'
+    state: present

app/atlassian/jira/tasks/main.yml

@@ -0,0 +1,39 @@
+---
+# Create the jira PostgreSQL user
+- name: Creating the jira PostgreSQL user
+  become: yes
+  become_user: postgres
+  postgresql_user:
+    name: jira
+    password: '{{ jira_password }}'
+    encrypted: yes
+    expires: infinity
+    state: present
+
+# pgsql can login in many ways
+# Local linux user on socket: sudo -u jira psql jira
+# TCP/IP with password: psql -h localhost -U jira jira
+
+# Create the jira PostgreSQL database
+- name: Creating the jira PostgreSQL database
+  become: yes
+  become_user: postgres
+  postgresql_db:
+    db: jira
+    encoding: UNICODE
+    lc_collate: C
+    lc_ctype: C
+    template: template0
+    owner: jira
+
+# Create PostgreSQL account for employee mreschke
+- name: Creating PostgreSQL account for mreschke
+  become: yes
+  become_user: postgres
+  postgresql_user:
+    name: mreschke
+    role_attr_flags: SUPERUSER
+    password: '{{ mreschke_password }}'
+    encrypted: yes
+    expires: infinity
+    state: present

app/atlassian/servicedesk/files/confluence/original-confluence6.8--server.xml

@@ -0,0 +1,90 @@
+<Server port="8000" shutdown="SHUTDOWN" debug="0">
+    <Service name="Tomcat-Standalone">
+        <!--
+         ==============================================================================================================
+         DEFAULT - Direct connector with no proxy, for unproxied HTTP access to Confluence.
+
+         If using a http/https proxy, comment out this connector.
+         ==============================================================================================================
+        -->
+        <Connector port="8090" connectionTimeout="20000" redirectPort="8443"
+                   maxThreads="48" minSpareThreads="10"
+                   enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
+                   protocol="org.apache.coyote.http11.Http11NioProtocol"/>
+        <!--
+         ==============================================================================================================
+         HTTP - Proxying Confluence via Apache or Nginx over HTTP
+
+         If you're proxying traffic to Confluence over HTTP, uncomment the connector below and comment out the others.
+         Make sure you provide the right information for proxyName and proxyPort.
+
+         For more information see:
+            Apache - https://confluence.atlassian.com/x/4xQLM
+            nginx  - https://confluence.atlassian.com/x/TgSvEg
+
+         ==============================================================================================================
+        -->
+
+        <!--
+        <Connector port="8090" connectionTimeout="20000" redirectPort="8443"
+                   maxThreads="48" minSpareThreads="10"
+                   enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
+                   protocol="org.apache.coyote.http11.Http11NioProtocol"
+                   scheme="http" proxyName="<subdomain>.<domain>.com" proxyPort="80"/>
+        -->
+        
+        <!--
+         ==============================================================================================================
+         HTTPS - Direct connector with no proxy, for unproxied HTTPS access to Confluence.
+
+         For more info see https://confluence.atlassian.com/x/s3UC
+         ==============================================================================================================
+        -->
+
+        <!--
+        <Connector port="8443" maxHttpHeaderSize="8192"
+                   maxThreads="150" minSpareThreads="25"
+                   protocol="org.apache.coyote.http11.Http11NioProtocol"
+                   enableLookups="false" disableUploadTimeout="true"
+                   acceptCount="100" scheme="https" secure="true"
+                   clientAuth="false" sslProtocol="TLSv1.2" sslEnabledProtocols="TLSv1.2" SSLEnabled="true"
+                   URIEncoding="UTF-8" keystorePass="<MY_CERTIFICATE_PASSWORD>"/>
+        -->
+
+        <!--
+         ==============================================================================================================
+         HTTPS - Proxying Confluence via Apache or Nginx over HTTPS
+
+         If you're proxying traffic to Confluence over HTTPS, uncomment the connector below and comment out the others.
+         Make sure you provide the right information for proxyName and proxyPort.
+
+         For more information see:
+            Apache - https://confluence.atlassian.com/x/PTT3MQ
+            nginx  - https://confluence.atlassian.com/x/cNIvMw
+         ==============================================================================================================
+        -->
+
+        <!--
+        <Connector port="8090" connectionTimeout="20000" redirectPort="8443"
+                   maxThreads="48" minSpareThreads="10"
+                   enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
+                   protocol="org.apache.coyote.http11.Http11NioProtocol"
+                   scheme="https" proxyName="<subdomain>.<domain>.com" proxyPort="443"/>
+        -->
+
+        <Engine name="Standalone" defaultHost="localhost" debug="0">
+            <Host name="localhost" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="false" startStopThreads="4">
+                <Context path="" docBase="../confluence" debug="0" reloadable="false" useHttpOnly="true">
+                    <!-- Logging configuration for Confluence is specified in confluence/WEB-INF/classes/log4j.properties -->
+                    <Manager pathname=""/>
+                    <Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60"/>
+                </Context>
+
+                <Context path="${confluence.context.path}/synchrony-proxy" docBase="../synchrony-proxy" debug="0"
+                         reloadable="false" useHttpOnly="true">
+                    <Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60"/>
+                </Context>
+            </Host>
+        </Engine>
+    </Service>
+</Server>

app/atlassian/servicedesk/files/mysql/mysqld.cnf

@@ -0,0 +1,38 @@
+#
+# The Percona Server 5.7 configuration file.
+#
+# One can use all long options that the program supports.
+# Run program with --help to get a list of available options and with
+# --print-defaults to see which it would actually understand and use.
+#
+# For explanations see
+# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
+
+[mysqld]
+user   = mysql
+pid-file = /var/run/mysqld/mysqld.pid
+socket   = /var/run/mysqld/mysqld.sock
+port   = 3306
+basedir    = /usr
+datadir    = /var/lib/mysql
+tmpdir   = /tmp
+lc-messages-dir  = /usr/share/mysql
+explicit_defaults_for_timestamp
+
+log-error    = /var/log/mysql/error.log
+
+bind-address = 0.0.0.0
+
+# Recommended in standard MySQL setup
+sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_ALL_TABLES
+
+# Disabling symbolic-links is recommended to prevent assorted security risks
+symbolic-links=0
+
+# Servicedesk Customizations
+# https://confluence.atlassian.com/adminjiraserver/connecting-jira-applications-to-mysql-938846854.html
+character-set-server=utf8
+collation-server=utf8_bin
+default-storage-engine=INNODB
+max_allowed_packet=256M
+innodb_log_file_size=2G

app/atlassian/servicedesk/handlers/main.yml

@@ -0,0 +1,3 @@
+---
+- name: restart mysql
+  service: name=mysql state=restarted

app/atlassian/servicedesk/tasks/main.yml

@@ -0,0 +1,2 @@
+---
+- include_tasks: mysql.yml

app/atlassian/servicedesk/tasks/mysql.yml

@@ -0,0 +1,36 @@
+---
+# Copy MySQL server config file
+- name: Writing /etc/mysql/percona-server.conf.d/mysqld.cnf
+  template:
+    src: "files/mysql/mysqld.cnf"
+    dest: "/etc/mysql/percona-server.conf.d/mysqld.cnf"
+    owner: root
+    group: root
+    mode: 0644 #-rw-r--r--
+  notify: restart mysql # Only runs if file changed!
+
+# Create the servicedesk MySQL database
+- name: Creating the servicedesk database
+  mysql_db:
+    name: servicedesk
+    state: present
+    encoding: utf8
+    collation: utf8_bin
+
+# Create servicedesk MySQL user
+- name: Creating MySQL servicedesk user
+  mysql_user:
+    name: servicedesk
+    host: localhost # This is local user, you cannot access MySQL on this user remotely (not '%' login), this is good
+    password: '{{ servicedesk_password }}'
+    priv: 'servicedesk.*:ALL'
+    state: present # Verified if you change the PW and re-run, it DOES change properly!
+
+# Create MySQL accounts for employee mreschke
+- name: Creating MySQL account for mreschke
+  mysql_user:
+    name: mreschke
+    host: '%'
+    password: '{{ mreschke_password }}'
+    priv: '*.*:ALL'
+    state: present

app/gitlab/tasks/main.yml

@@ -0,0 +1,22 @@
+---
+# Add Gitlab sources GPG keys
+# Reverse engineered their https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.deb.sh
+- name: Addding Gitlab sources GPG keys
+  apt_key: url='https://packages.gitlab.com/gitlab/gitlab-ee/gpgkey' state=present
+
+# Add Gitlab repositories - Debian 9 Stretch
+# Reverse engineered their https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.deb.sh
+# They CURL this URL to get actual apt-sources https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/config_file.list?os=debian&dist=stretch&source=script
+- name: Adding Gitlab sources for Debian 9 Stretch
+  apt_repository: repo='deb https://packages.gitlab.com/gitlab/gitlab-ee/debian/ stretch main' state=present
+  when: ansible_os_family == "Debian" and ansible_distribution_major_version == "9"
+
+# Install Gitlab
+- name: Installing Gitlab
+  apt:
+    update_cache: yes
+    state: present
+    name:
+      - gitlab-ee
+  environment:
+    EXTERNAL_URL: '{{ url }}'

app/gluu-gateway/tasks/install-ubuntu16.yml

@@ -0,0 +1,15 @@
+# Add GLUU sources GPG keys
+- name: Addding GLUU sources GPG keys
+  apt_key: url='https://repo.gluu.org/ubuntu/gluu-apt.key' state=present
+
+# Add GLUU repositories
+- name: Adding GLUU sources for Ubuntu 16.04
+  apt_repository: repo='deb https://repo.gluu.org/ubuntu/ xenial main' state=present
+
+# Install GLUU Gateway
+- name: Installing GLUU Gateway
+  apt:
+    update_cache: yes
+    state: present
+    name:
+      - gluu-gateway

app/gluu-gateway/tasks/main.yml

@@ -0,0 +1,4 @@
+---
+# Gluu Gateway works on Ubuntu 16.04...not on Debian 9
+- include_tasks: install-ubuntu16.yml
+  when: ansible_distribution == "Ubuntu" and ansible_distribution_version == "16.04"

app/gluu/tasks/main.yml

@@ -0,0 +1,17 @@
+---
+# Add GLUU sources GPG keys
+- name: Addding GLUU sources GPG keys
+  apt_key: url='https://repo.gluu.org/debian/gluu-apt.key' state=present
+
+# Add GLUU repositories - Debian 9 Stretch
+- name: Adding GLUU sources for Debian 9 Stretch
+  apt_repository: repo='deb https://repo.gluu.org/debian/ stretch-stable main' state=present
+  when: ansible_os_family == "Debian" and ansible_distribution_major_version == "9"
+
+# Install GLUU
+- name: Installing GLUU 3.1.6
+  apt:
+    update_cache: yes
+    state: present
+    name:
+      - gluu-server-3.1.6.sp1

app/tightvncserver/tasks/main.yml

@@ -0,0 +1,8 @@
+---
+  # Install tightvncserver
+  - name: Installing tightvncserver
+    apt:
+      update_cache: yes
+      state: present
+      name:
+        - tightvncserver

app/zabbix/agent/files/original_zabbix_agentd.conf

@@ -0,0 +1,396 @@
+# This is a configuration file for Zabbix agent daemon (Unix)
+# To get more information about Zabbix, visit http://www.zabbix.com
+
+############ GENERAL PARAMETERS #################
+
+### Option: PidFile
+#	Name of PID file.
+#
+# Mandatory: no
+# Default:
+# PidFile=/tmp/zabbix_agentd.pid
+
+PidFile=/var/run/zabbix/zabbix_agentd.pid
+
+### Option: LogType
+#	Specifies where log messages are written to:
+#		system  - syslog
+#		file    - file specified with LogFile parameter
+#		console - standard output
+#
+# Mandatory: no
+# Default:
+# LogType=file
+
+### Option: LogFile
+#	Log file name for LogType 'file' parameter.
+#
+# Mandatory: no
+# Default:
+# LogFile=
+
+LogFile=/var/log/zabbix/zabbix_agentd.log
+
+### Option: LogFileSize
+#	Maximum size of log file in MB.
+#	0 - disable automatic log rotation.
+#
+# Mandatory: no
+# Range: 0-1024
+# Default:
+# LogFileSize=1
+
+LogFileSize=0
+
+### Option: DebugLevel
+#	Specifies debug level:
+#	0 - basic information about starting and stopping of Zabbix processes
+#	1 - critical information
+#	2 - error information
+#	3 - warnings
+#	4 - for debugging (produces lots of information)
+#	5 - extended debugging (produces even more information)
+#
+# Mandatory: no
+# Range: 0-5
+# Default:
+# DebugLevel=3
+
+### Option: SourceIP
+#	Source IP address for outgoing connections.
+#
+# Mandatory: no
+# Default:
+# SourceIP=
+
+### Option: EnableRemoteCommands
+#	Whether remote commands from Zabbix server are allowed.
+#	0 - not allowed
+#	1 - allowed
+#
+# Mandatory: no
+# Default:
+# EnableRemoteCommands=0
+
+### Option: LogRemoteCommands
+#	Enable logging of executed shell commands as warnings.
+#	0 - disabled
+#	1 - enabled
+#
+# Mandatory: no
+# Default:
+# LogRemoteCommands=0
+
+##### Passive checks related
+
+### Option: Server
+#	List of comma delimited IP addresses, optionally in CIDR notation, or hostnames of Zabbix servers and Zabbix proxies.
+#	Incoming connections will be accepted only from the hosts listed here.
+#	If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally and '::/0' will allow any IPv4 or IPv6 address.
+#	'0.0.0.0/0' can be used to allow any IPv4 address.
+#	Example: Server=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.domain
+#
+# Mandatory: yes, if StartAgents is not explicitly set to 0
+# Default:
+# Server=
+
+Server=127.0.0.1
+
+### Option: ListenPort
+#	Agent will listen on this port for connections from the server.
+#
+# Mandatory: no
+# Range: 1024-32767
+# Default:
+# ListenPort=10050
+
+### Option: ListenIP
+#	List of comma delimited IP addresses that the agent should listen on.
+#	First IP address is sent to Zabbix server if connecting to it to retrieve list of active checks.
+#
+# Mandatory: no
+# Default:
+# ListenIP=0.0.0.0
+
+### Option: StartAgents
+#	Number of pre-forked instances of zabbix_agentd that process passive checks.
+#	If set to 0, disables passive checks and the agent will not listen on any TCP port.
+#
+# Mandatory: no
+# Range: 0-100
+# Default:
+# StartAgents=3
+
+##### Active checks related
+
+### Option: ServerActive
+#	List of comma delimited IP:port (or hostname:port) pairs of Zabbix servers and Zabbix proxies for active checks.
+#	If port is not specified, default port is used.
+#	IPv6 addresses must be enclosed in square brackets if port for that host is specified.
+#	If port is not specified, square brackets for IPv6 addresses are optional.
+#	If this parameter is not specified, active checks are disabled.
+#	Example: ServerActive=127.0.0.1:20051,zabbix.domain,[::1]:30051,::1,[12fc::1]
+#
+# Mandatory: no
+# Default:
+# ServerActive=
+
+ServerActive=127.0.0.1
+
+### Option: Hostname
+#	Unique, case sensitive hostname.
+#	Required for active checks and must match hostname as configured on the server.
+#	Value is acquired from HostnameItem if undefined.
+#
+# Mandatory: no
+# Default:
+# Hostname=
+
+Hostname=Zabbix server
+
+### Option: HostnameItem
+#	Item used for generating Hostname if it is undefined. Ignored if Hostname is defined.
+#	Does not support UserParameters or aliases.
+#
+# Mandatory: no
+# Default:
+# HostnameItem=system.hostname
+
+### Option: HostMetadata
+#	Optional parameter that defines host metadata.
+#	Host metadata is used at host auto-registration process.
+#	An agent will issue an error and not start if the value is over limit of 255 characters.
+#	If not defined, value will be acquired from HostMetadataItem.
+#
+# Mandatory: no
+# Range: 0-255 characters
+# Default:
+# HostMetadata=
+
+### Option: HostMetadataItem
+#	Optional parameter that defines an item used for getting host metadata.
+#	Host metadata is used at host auto-registration process.
+#	During an auto-registration request an agent will log a warning message if
+#	the value returned by specified item is over limit of 255 characters.
+#	This option is only used when HostMetadata is not defined.
+#
+# Mandatory: no
+# Default:
+# HostMetadataItem=
+
+### Option: RefreshActiveChecks
+#	How often list of active checks is refreshed, in seconds.
+#
+# Mandatory: no
+# Range: 60-3600
+# Default:
+# RefreshActiveChecks=120
+
+### Option: BufferSend
+#	Do not keep data longer than N seconds in buffer.
+#
+# Mandatory: no
+# Range: 1-3600
+# Default:
+# BufferSend=5
+
+### Option: BufferSize
+#	Maximum number of values in a memory buffer. The agent will send
+#	all collected data to Zabbix Server or Proxy if the buffer is full.
+#
+# Mandatory: no
+# Range: 2-65535
+# Default:
+# BufferSize=100
+
+### Option: MaxLinesPerSecond
+#	Maximum number of new lines the agent will send per second to Zabbix Server
+#	or Proxy processing 'log' and 'logrt' active checks.
+#	The provided value will be overridden by the parameter 'maxlines',
+#	provided in 'log' or 'logrt' item keys.
+#
+# Mandatory: no
+# Range: 1-1000
+# Default:
+# MaxLinesPerSecond=20
+
+############ ADVANCED PARAMETERS #################
+
+### Option: Alias
+#	Sets an alias for an item key. It can be used to substitute long and complex item key with a smaller and simpler one.
+#	Multiple Alias parameters may be present. Multiple parameters with the same Alias key are not allowed.
+#	Different Alias keys may reference the same item key.
+#	For example, to retrieve the ID of user 'zabbix':
+#	Alias=zabbix.userid:vfs.file.regexp[/etc/passwd,^zabbix:.:([0-9]+),,,,\1]
+#	Now shorthand key zabbix.userid may be used to retrieve data.
+#	Aliases can be used in HostMetadataItem but not in HostnameItem parameters.
+#
+# Mandatory: no
+# Range:
+# Default:
+
+### Option: Timeout
+#	Spend no more than Timeout seconds on processing
+#
+# Mandatory: no
+# Range: 1-30
+# Default:
+# Timeout=3
+
+### Option: AllowRoot
+#	Allow the agent to run as 'root'. If disabled and the agent is started by 'root', the agent
+#	will try to switch to the user specified by the User configuration option instead.
+#	Has no effect if started under a regular user.
+#	0 - do not allow
+#	1 - allow
+#
+# Mandatory: no
+# Default:
+# AllowRoot=0
+
+### Option: User
+#	Drop privileges to a specific, existing user on the system.
+#	Only has effect if run as 'root' and AllowRoot is disabled.
+#
+# Mandatory: no
+# Default:
+# User=zabbix
+
+### Option: Include
+#	You may include individual files or all files in a directory in the configuration file.
+#	Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time.
+#
+# Mandatory: no
+# Default:
+# Include=
+
+Include=/etc/zabbix/zabbix_agentd.d/*.conf
+
+# Include=/usr/local/etc/zabbix_agentd.userparams.conf
+# Include=/usr/local/etc/zabbix_agentd.conf.d/
+# Include=/usr/local/etc/zabbix_agentd.conf.d/*.conf
+
+####### USER-DEFINED MONITORED PARAMETERS #######
+
+### Option: UnsafeUserParameters
+#	Allow all characters to be passed in arguments to user-defined parameters.
+#	The following characters are not allowed:
+#	\ ' " ` * ? [ ] { } ~ $ ! & ; ( ) < > | # @
+#	Additionally, newline characters are not allowed.
+#	0 - do not allow
+#	1 - allow
+#
+# Mandatory: no
+# Range: 0-1
+# Default:
+# UnsafeUserParameters=0
+
+### Option: UserParameter
+#	User-defined parameter to monitor. There can be several user-defined parameters.
+#	Format: UserParameter=<key>,<shell command>
+#	See 'zabbix_agentd' directory for examples.
+#
+# Mandatory: no
+# Default:
+# UserParameter=
+
+####### LOADABLE MODULES #######
+
+### Option: LoadModulePath
+#	Full path to location of agent modules.
+#	Default depends on compilation options.
+#
+# Mandatory: no
+# Default:
+# LoadModulePath=${libdir}/modules
+
+### Option: LoadModule
+#	Module to load at agent startup. Modules are used to extend functionality of the agent.
+#	Format: LoadModule=<module.so>
+#	The modules must be located in directory specified by LoadModulePath.
+#	It is allowed to include multiple LoadModule parameters.
+#
+# Mandatory: no
+# Default:
+# LoadModule=
+
+####### TLS-RELATED PARAMETERS #######
+
+### Option: TLSConnect
+#	How the agent should connect to server or proxy. Used for active checks.
+#	Only one value can be specified:
+#		unencrypted - connect without encryption
+#		psk         - connect using TLS and a pre-shared key
+#		cert        - connect using TLS and a certificate
+#
+# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
+# Default:
+# TLSConnect=unencrypted
+
+### Option: TLSAccept
+#	What incoming connections to accept.
+#	Multiple values can be specified, separated by comma:
+#		unencrypted - accept connections without encryption
+#		psk         - accept connections secured with TLS and a pre-shared key
+#		cert        - accept connections secured with TLS and a certificate
+#
+# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
+# Default:
+# TLSAccept=unencrypted
+
+### Option: TLSCAFile
+#	Full pathname of a file containing the top-level CA(s) certificates for
+#	peer certificate verification.
+#
+# Mandatory: no
+# Default:
+# TLSCAFile=
+
+### Option: TLSCRLFile
+#	Full pathname of a file containing revoked certificates.
+#
+# Mandatory: no
+# Default:
+# TLSCRLFile=
+
+### Option: TLSServerCertIssuer
+#      Allowed server certificate issuer.
+#
+# Mandatory: no
+# Default:
+# TLSServerCertIssuer=
+
+### Option: TLSServerCertSubject
+#      Allowed server certificate subject.
+#
+# Mandatory: no
+# Default:
+# TLSServerCertSubject=
+
+### Option: TLSCertFile
+#	Full pathname of a file containing the agent certificate or certificate chain.
+#
+# Mandatory: no
+# Default:
+# TLSCertFile=
+
+### Option: TLSKeyFile
+#	Full pathname of a file containing the agent private key.
+#
+# Mandatory: no
+# Default:
+# TLSKeyFile=
+
+### Option: TLSPSKIdentity
+#	Unique, case sensitive string used to identify the pre-shared key.
+#
+# Mandatory: no
+# Default:
+# TLSPSKIdentity=
+
+### Option: TLSPSKFile
+#	Full pathname of a file containing the pre-shared key.
+#
+# Mandatory: no
+# Default:
+# TLSPSKFile=

app/zabbix/agent/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+- name: restart mariadb
+  service: name=mariadb state=restarted
+
+- name: restart zabbix-agent
+  service: name=zabbix-agent state=started

app/zabbix/agent/tasks/main.yml

@@ -0,0 +1,23 @@
+---
+---
+# Addubg Zabbix .deb file
+- name: Install Zabbix .deb package from the internet.
+  apt:
+    deb: https://repo.zabbix.com/zabbix/3.4/debian/pool/main/z/zabbix-release/zabbix-release_3.4-1+stretch_all.deb
+
+# Install Zabbix applications
+- name: Installing Zabbix applications
+  apt:
+    update_cache: yes
+    state: present
+    name:
+      #- zabbix-server-mysql
+      #- zabbix-frontend-php
+      - zabbix-agent
+
+# Ensure zabbix-agent service is running
+- name: Starting Zabbix Agent Service
+  service:
+    name: zabbix-agent
+    state: started
+

app/zabbix/server/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+- name: restart mariadb
+  service: name=mariadb state=restarted
+
+- name: restart zabbix-server
+  service: name=zabbix-server state=started

app/zabbix/server/tasks/main.yml

@@ -0,0 +1,17 @@
+---
+#Adding Zabbix .deb file
+- name: Install Zabbix .deb package from the internet.
+  apt:
+    deb: https://repo.zabbix.com/zabbix/3.4/debian/pool/main/z/zabbix-release/zabbix-release_3.4-1+stretch_all.deb
+
+# Install Zabbix applications
+- name: Installing Zabbix applications
+  apt:
+    update_cache: yes
+    state: present
+    name:
+      - zabbix-server-mysql
+      - zabbix-frontend-php
+      - zabbix-agent
+
+