@import url("/assets/md.css")feat: initial commit

@import url("/assets/md.css")

14 files changed, 1849 insertions, 0 deletions

diff --git a/.env.example b/.env.example
new file mode 100644
index 0000000..2cab6f6
--- /dev/null
+++ b/.env.example
@@ -0,0 +1,3 @@
+POSTGRES_USER=zabbix
+POSTGRES_PASSWORD=aa2e7b87f1569586a3eebfd017c0cd9dcf1e987680d1e5ada1d4ea974631b4ea
+POSTGRES_DB=zabbix
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..595f364
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,6 @@
+/zabbix/pg
+/zabbix/conf/zabbix_server.conf
+.env
+/backups/*
+
+!*.gitkeep
diff --git a/Caddyfile b/Caddyfile
new file mode 120000
index 0000000..d78f98f
--- /dev/null
+++ b/Caddyfile
@@ -0,0 +1 @@
+build-context/Caddyfile
\ No newline at end of file
diff --git a/Containerfile b/Containerfile
new file mode 100644
index 0000000..7078b0a
--- /dev/null
+++ b/Containerfile
@@ -0,0 +1,43 @@
+FROM alpine AS base
+RUN apk update && apk upgrade
+FROM base AS openrc
+RUN apk add openrc && \
+  sed -i 's/^\(tty\d\:\:\)/#\1/g' /etc/inittab && \
+  sed -i \
+  -e 's/#rc_sys=".*"/rc_sys="docker"/g' \
+  -e 's/#rc_env_allow=".*"/rc_env_allow="\*"/g' \
+  -e 's/#rc_crashed_stop=.*/rc_crashed_stop=NO/g' \
+  -e 's/#rc_crashed_start=.*/rc_crashed_start=YES/g' \
+  -e 's/#rc_provide=".*"/rc_provide="loopback net"/g' \
+  /etc/rc.conf && \
+  rm -f /etc/init.d/hwdrivers \
+  /etc/init.d/hwclock \
+  /etc/init.d/hwdrivers \
+  /etc/init.d/modules \
+  /etc/init.d/modules-load \
+  /etc/init.d/modloop
+
+CMD [ "/sbin/init" ]
+
+FROM openrc AS zabbix
+
+RUN apk add openrc logbookd
+RUN apk add caddy caddy-openrc zabbix zabbix-setup zabbix-pgsql zabbix-webif php83-fpm && rm -rf /etc/php83/php-fpm.d
+RUN mkdir -p /etc/zabbix/conf && ln -s /etc/zabbix/conf/zabbix.conf.php /usr/share/webapps/zabbix/conf/zabbix.conf.php
+RUN apk add php83-pgsql php83-ldap
+COPY ./php-fpm.d /etc/php83/php-fpm.d
+COPY Caddyfile /etc/caddy/Caddyfile
+RUN echo "max_execution_time = 600" > /etc/php83/conf.d/30_max_exec_time.ini
+RUN echo "post_max_size = 32M" > /etc/php83/conf.d/30_post_max_size.ini
+RUN echo "max_input_time = 300" > /etc/php83/conf.d/30_max_input_time.ini
+
+# RUN echo '<?php phpinfo(); ?>' > /var/www/mediawiki/w/catgirlinfo.php
+RUN adduser --uid=1001 --system phpfpm
+RUN rc-update add caddy default
+RUN rc-update add php-fpm83 default
+RUN rc-update add zabbix-server default
+RUN rc-update add logbookd default
+
+# Add Zabbix Agent for self-monitoring
+RUN apk add zabbix-agent2 zabbix-agent2-plugin-alpine
+RUN rc-update add zabbix-agent2 default
diff --git a/build-context/.gitkeep b/build-context/.gitkeep
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/build-context/.gitkeep
diff --git a/build-context/Caddyfile b/build-context/Caddyfile
new file mode 100644
index 0000000..6979a0a
--- /dev/null
+++ b/build-context/Caddyfile
@@ -0,0 +1,7 @@
+http:// {
+  encode gzip zstd
+
+  root * /usr/share/webapps/zabbix
+  php_fastcgi 127.0.0.1:9000
+  file_server
+}
diff --git a/build-context/php-fpm.d/docker.conf b/build-context/php-fpm.d/docker.conf
new file mode 100644
index 0000000..864c61c
--- /dev/null
+++ b/build-context/php-fpm.d/docker.conf
@@ -0,0 +1,6 @@
+[global]
+error_log = /proc/self/fd/2
+daemonize = no
+
+; https://github.com/docker-library/php/pull/725#issuecomment-443540114
+log_limit = 8192
diff --git a/build-context/php-fpm.d/zabbix.conf b/build-context/php-fpm.d/zabbix.conf
new file mode 100644
index 0000000..c658bf6
--- /dev/null
+++ b/build-context/php-fpm.d/zabbix.conf
@@ -0,0 +1,20 @@
+[zabbix]
+pm = dynamic
+pm.max_children = 5
+pm.start_servers = 2
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+pm.max_requests = 1000
+
+user = phpfpm
+
+listen = 9000
+chdir = /usr/share/webapps/zabbix
+
+; if we send this to /proc/self/fd/1, it never appears
+access.log = /proc/self/fd/3
+clear_env = no
+
+; Ensure worker stdout and stderr are sent to the main error log.
+catch_workers_output = yes
+decorate_workers_output = no
diff --git a/compose.yml b/compose.yml
new file mode 100644
index 0000000..5dc329f
--- /dev/null
+++ b/compose.yml
@@ -0,0 +1,29 @@
+services:
+  zabbix:
+    image: codeberg.org/dmpmem/zabbix:latest
+    build:
+      dockerfile: ../Containerfile
+      context: ./build-context
+    networks:
+      - zabbix
+    volumes:
+      - ./php-fpm.d:/etc/php83/php-fpm.d:ro
+      - ./Caddyfile:/etc/caddy/Caddyfile:ro
+      - ./zabbix/conf:/etc/zabbix/conf:ro
+      - ./zabbix/conf/zabbix_server.conf:/etc/zabbix/zabbix_server.conf:ro
+      - ./zabbix/conf/zabbix_agent2.conf:/etc/zabbix/zabbix_agent2.conf:ro
+    ports:
+      - 127.0.0.1:16161:80
+    depends_on:
+      - postgres
+  postgres:
+    image: postgres
+    networks:
+      - zabbix
+    env_file:
+      - .env
+    volumes:
+      - ./zabbix/pg:/var/lib/postgresql/data:rw
+
+networks:
+  zabbix:
\ No newline at end of file
diff --git a/php-fpm.d b/php-fpm.d
new file mode 120000
index 0000000..e0d209a
--- /dev/null
+++ b/php-fpm.d
@@ -0,0 +1 @@
+build-context/php-fpm.d
\ No newline at end of file
diff --git a/setup-zabbix-db.sh b/setup-zabbix-db.sh
new file mode 100755
index 0000000..d867076
--- /dev/null
+++ b/setup-zabbix-db.sh
@@ -0,0 +1,9 @@
+#!/bin/zsh
+set -eax
+podman compose up -d postgres
+for f in /usr/share/zabbix/database/postgresql/schema.sql /usr/share/zabbix/database/postgresql/images.sql /usr/share/zabbix/database/postgresql/data.sql; do
+  f2="$(basename "$f")"
+  podman compose run -it --rm zabbix cat "$f" > "tmp.$f2" || (rm "tmp.$f2" && exit 1)
+  (cat "tmp.$f2" | podman compose exec -T postgres psql -U zabbix -f /proc/self/fd/0) || (rm "tmp.$f2" && exit 1)
+  rm "tmp.$f2"
+done
diff --git a/zabbix/conf/zabbix.conf.php b/zabbix/conf/zabbix.conf.php
new file mode 100644
index 0000000..944347d
--- /dev/null
+++ b/zabbix/conf/zabbix.conf.php
@@ -0,0 +1,58 @@
+<?php
+// Zabbix GUI configuration file.
+
+$DB['TYPE']			= 'POSTGRESQL';
+$DB['SERVER']			= 'postgres';
+$DB['PORT']			= '0';
+$DB['DATABASE']			= 'zabbix';
+$DB['USER']			= 'zabbix';
+$DB['PASSWORD']			= '1d03dcc36d69df8b6d8075109b559627f7dad4f0189b7ed82eb8aa8d1d539e4131b2427bce89af8c6631af568bd3fc922c6adeb95de62dfec3da8ed7dcc0052a';
+
+// Schema name. Used for PostgreSQL.
+$DB['SCHEMA']			= '';
+
+// Used for TLS connection.
+$DB['ENCRYPTION']		= false;
+$DB['KEY_FILE']			= '';
+$DB['CERT_FILE']		= '';
+$DB['CA_FILE']			= '';
+$DB['VERIFY_HOST']		= false;
+$DB['CIPHER_LIST']		= '';
+
+// Vault configuration. Used if database credentials are stored in Vault secrets manager.
+$DB['VAULT']			= '';
+$DB['VAULT_URL']		= '';
+$DB['VAULT_PREFIX']		= '';
+$DB['VAULT_DB_PATH']		= '';
+$DB['VAULT_TOKEN']		= '';
+$DB['VAULT_CERT_FILE']		= '';
+$DB['VAULT_KEY_FILE']		= '';
+// Uncomment to bypass local caching of credentials.
+// $DB['VAULT_CACHE']		= true;
+
+// Uncomment and set to desired values to override Zabbix hostname/IP and port.
+// $ZBX_SERVER			= '';
+// $ZBX_SERVER_PORT		= '';
+
+$ZBX_SERVER_NAME		= 'test';
+
+$IMAGE_FORMAT_DEFAULT	= IMAGE_FORMAT_PNG;
+
+// Uncomment this block only if you are using Elasticsearch.
+// Elasticsearch url (can be string if same url is used for all types).
+//$HISTORY['url'] = [
+//	'uint' => 'http://localhost:9200',
+//	'text' => 'http://localhost:9200'
+//];
+// Value types stored in Elasticsearch.
+//$HISTORY['types'] = ['uint', 'text'];
+
+// Used for SAML authentication.
+// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
+//$SSO['SP_KEY']			= 'conf/certs/sp.key';
+//$SSO['SP_CERT']			= 'conf/certs/sp.crt';
+//$SSO['IDP_CERT']		= 'conf/certs/idp.crt';
+//$SSO['SETTINGS']		= [];
+
+// If set to false, support for HTTP authentication will be disabled.
+// $ALLOW_HTTP_AUTH = true;
diff --git a/zabbix/conf/zabbix_agent2.conf.example b/zabbix/conf/zabbix_agent2.conf.example
new file mode 100644
index 0000000..87eae5d
--- /dev/null
+++ b/zabbix/conf/zabbix_agent2.conf.example
@@ -0,0 +1,556 @@
+# This is a configuration file for Zabbix agent 2 (Unix)
+# To get more information about Zabbix, visit https://www.zabbix.com
+
+############ GENERAL PARAMETERS #################
+
+### Option: PidFile
+#	Name of PID file.
+#
+# Mandatory: no
+# Default:
+# PidFile=/tmp/zabbix_agent2.pid
+
+### Option: LogType
+#	Specifies where log messages are written to:
+#		system  - syslog
+#		file    - file specified with LogFile parameter
+#		console - standard output
+#
+# Mandatory: no
+# Default:
+# LogType=file
+
+### Option: LogFile
+#	Log file name for LogType 'file' parameter.
+#
+# Mandatory: yes, if LogType is set to file, otherwise no
+# Default:
+# LogFile=/tmp/zabbix_agent2.log
+
+LogFile=/var/log/zabbix/zabbix_agent2.log
+
+### Option: LogFileSize
+#	Maximum size of log file in MB.
+#	0 - disable automatic log rotation.
+#
+# Mandatory: no
+# Range: 0-1024
+# Default:
+# LogFileSize=1
+
+### Option: DebugLevel
+#	Specifies debug level:
+#	0 - basic information about starting and stopping of Zabbix processes
+#	1 - critical information
+#	2 - error information
+#	3 - warnings
+#	4 - for debugging (produces lots of information)
+#	5 - extended debugging (produces even more information)
+#
+# Mandatory: no
+# Range: 0-5
+# Default:
+# DebugLevel=3
+
+### Option: SourceIP
+#	Source IP address for outgoing connections.
+#
+# Mandatory: no
+# Default:
+# SourceIP=
+
+##### Passive checks related
+
+### Option: Server
+#	List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of Zabbix servers and Zabbix proxies.
+#	Incoming connections will be accepted only from the hosts listed here.
+#	If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally
+#	and '::/0' will allow any IPv4 or IPv6 address.
+#	'0.0.0.0/0' can be used to allow any IPv4 address.
+#	Example: Server=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com
+#
+#   If left empty or not set will disable passive checks, and Zabbix agent 2 will not listen on the ListenPort.
+#
+# Mandatory: no
+# Default:
+# Server=
+Server=127.0.0.1
+
+### Option: ListenPort
+#	Agent will listen on this port for connections from the server.
+#
+# Mandatory: no
+# Range: 1024-32767
+# Default:
+# ListenPort=10050
+
+### Option: ListenIP
+#	List of comma delimited IP addresses that the agent should listen on.
+#	First IP address is sent to Zabbix server if connecting to it to retrieve list of active checks.
+#
+# Mandatory: no
+# Default:
+# ListenIP=0.0.0.0
+
+### Option: StatusPort
+#	Agent will listen on this port for HTTP status requests.
+#
+# Mandatory: no
+# Range: 1024-32767
+# Default:
+# StatusPort=
+
+##### Active checks related
+
+### Option: ServerActive
+#	Zabbix server/proxy address or cluster configuration to get active checks from.
+#	Server/proxy address is IP address or DNS name and optional port separated by colon.
+#	Cluster configuration is one or more server addresses separated by semicolon.
+#	Multiple Zabbix servers/clusters and Zabbix proxies can be specified, separated by comma.
+#	More than one Zabbix proxy should not be specified from each Zabbix server/cluster.
+#	If Zabbix proxy is specified then Zabbix server/cluster for that proxy should not be specified.
+#	Multiple comma-delimited addresses can be provided to use several independent Zabbix servers in parallel. Spaces are allowed.
+#	If port is not specified, default port is used.
+#	IPv6 addresses must be enclosed in square brackets if port for that host is specified.
+#	If port is not specified, square brackets for IPv6 addresses are optional.
+#	If this parameter is not specified, active checks are disabled.
+#	Example for Zabbix proxy:
+#		ServerActive=127.0.0.1:10051
+#	Example for multiple servers:
+#		ServerActive=127.0.0.1:20051,zabbix.domain,[::1]:30051,::1,[12fc::1]
+#	Example for high availability:
+#		ServerActive=zabbix.cluster.node1;zabbix.cluster.node2:20051;zabbix.cluster.node3
+#	Example for high availability with two clusters and one server:
+#		ServerActive=zabbix.cluster.node1;zabbix.cluster.node2:20051,zabbix.cluster2.node1;zabbix.cluster2.node2,zabbix.domain
+#
+# Mandatory: no
+# Default:
+# ServerActive=
+
+ServerActive=127.0.0.1
+
+### Option: Hostname
+#	List of comma delimited unique, case sensitive hostnames.
+#	Required for active checks and must match hostnames as configured on the server.
+#	Value is acquired from HostnameItem if undefined.
+#
+# Mandatory: no
+# Default:
+# Hostname=
+Hostname=Zabbix Container
+
+### Option: HostnameItem
+#	Item used for generating Hostname if it is undefined. Ignored if Hostname is defined.
+#	Does not support UserParameters or aliases.
+#
+# Mandatory: no
+# Default:
+# HostnameItem=system.hostname
+
+HostnameItem=system.run[hostname -f]
+
+### Option: HostMetadata
+#	Optional parameter that defines host metadata.
+#	Host metadata is used at host auto-registration process.
+#	An agent will issue an error and not start if the value is over limit of 2034 bytes.
+#	If not defined, value will be acquired from HostMetadataItem.
+#
+# Mandatory: no
+# Range: 0-2034 bytes
+# Default:
+# HostMetadata=
+
+### Option: HostMetadataItem
+#	Optional parameter that defines an item used for getting host metadata.
+#	Host metadata is used at host auto-registration process.
+#	During an auto-registration request an agent will log a warning message if
+#	the value returned by specified item is over limit of 65535 characters.
+#	This option is only used when HostMetadata is not defined.
+#
+# Mandatory: no
+# Default:
+# HostMetadataItem=
+
+### Option: HostInterface
+#	Optional parameter that defines host interface.
+#	Host interface is used at host auto-registration process.
+#	An agent will issue an error and not start if the value is over limit of 255 characters.
+#	If not defined, value will be acquired from HostInterfaceItem.
+#
+# Mandatory: no
+# Range: 0-255 characters
+# Default:
+# HostInterface=
+
+### Option: HostInterfaceItem
+#	Optional parameter that defines an item used for getting host interface.
+#	Host interface is used at host auto-registration process.
+#	During an auto-registration request an agent will log a warning message if
+#	the value returned by specified item is over limit of 255 characters.
+#	This option is only used when HostInterface is not defined.
+#
+# Mandatory: no
+# Default:
+# HostInterfaceItem=
+
+### Option: RefreshActiveChecks
+#	How often list of active checks is refreshed, in seconds.
+#
+# Mandatory: no
+# Range: 1-86400
+# Default:
+# RefreshActiveChecks=5
+
+### Option: BufferSend
+#	Do not keep data longer than N seconds in buffer.
+#
+# Mandatory: no
+# Range: 1-3600
+# Default:
+# BufferSend=5
+
+### Option: BufferSize
+#	Maximum number of values in a memory buffer. The agent will send
+#	all collected data to Zabbix Server or Proxy if the buffer is full.
+#	Option is not valid if EnablePersistentBuffer=1
+#
+# Mandatory: no
+# Range: 2-65535
+# Default:
+# BufferSize=1000
+
+### Option: EnablePersistentBuffer
+#	Enable usage of local persistent storage for active items.
+#	0 - disabled, in-memory buffer is used (default); 1 - use persistent buffer
+# Mandatory: no
+# Range: 0-1
+# Default:
+# EnablePersistentBuffer=0
+
+### Option: PersistentBufferPeriod
+#	Zabbix Agent2 will keep data for this time period in case of no
+#	connectivity with Zabbix server or proxy. Older data will be lost. Log data will be preserved.
+#	Option is valid if EnablePersistentBuffer=1
+#
+# Mandatory: no
+# Range: 1m-365d
+# Default:
+# PersistentBufferPeriod=1h
+
+### Option: PersistentBufferFile
+#	Full filename. Zabbix Agent2 will keep SQLite database in this file.
+#	Option is valid if EnablePersistentBuffer=1
+#
+# Mandatory: no
+# Default:
+# PersistentBufferFile=
+
+### Option: HeartbeatFrequency
+#	Frequency of heartbeat messages in seconds.
+#	Used for monitoring availability of active checks.
+#	0 - heartbeat messages disabled.
+#
+# Mandatory: no
+# Range: 0-3600
+# Default: 60
+# HeartbeatFrequency=
+
+############ ADVANCED PARAMETERS #################
+
+### Option: Alias
+#	Sets an alias for an item key. It can be used to substitute long and complex item key with a smaller and simpler one.
+#	Multiple Alias parameters may be present. Multiple parameters with the same Alias key are not allowed.
+#	Different Alias keys may reference the same item key.
+#	For example, to retrieve the ID of user 'zabbix':
+#	Alias=zabbix.userid:vfs.file.regexp[/etc/passwd,^zabbix:.:([0-9]+),,,,\1]
+#	Now shorthand key zabbix.userid may be used to retrieve data.
+#	Aliases can be used in HostMetadataItem but not in HostnameItem parameters.
+#
+# Mandatory: no
+# Range:
+# Default:
+
+### Option: Timeout
+#	Specifies how long to wait (in seconds) for establishing connection and exchanging data with Zabbix proxy or server.
+#
+# Mandatory: no
+# Range: 1-30
+# Default:
+# Timeout=3
+
+### Option: Include
+#	You may include individual files or all files in a directory in the configuration file.
+#	Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time.
+#
+# Mandatory: no
+# Default:
+# Include=
+
+# Include=/usr/local/etc/zabbix_agent2.userparams.conf
+# Include=/usr/local/etc/zabbix_agent2.conf.d/
+# Include=/usr/local/etc/zabbix_agent2.conf.d/*.conf
+
+### Option:PluginTimeout
+#	Timeout for connections with external plugins.
+#
+# Mandatory: no
+# Range: 1-30
+# Default: <Global timeout>
+# PluginTimeout=
+
+### Option:PluginSocket
+#	Path to unix socket for external plugin communications.
+#
+# Mandatory: no
+# Default:/tmp/agent.plugin.sock
+# PluginSocket=
+
+PluginSocket=/run/zabbix/agent.plugin.sock
+
+####### USER-DEFINED MONITORED PARAMETERS #######
+
+### Option: UnsafeUserParameters
+#	Allow all characters to be passed in arguments to user-defined parameters.
+#	The following characters are not allowed:
+#	\ ' " ` * ? [ ] { } ~ $ ! & ; ( ) < > | # @
+#	Additionally, newline characters are not allowed.
+#	0 - do not allow
+#	1 - allow
+#
+# Mandatory: no
+# Range: 0-1
+# Default:
+# UnsafeUserParameters=0
+
+### Option: UserParameter
+#	User-defined parameter to monitor. There can be several user-defined parameters.
+#	Format: UserParameter=<key>,<shell command>
+#	See 'zabbix_agentd' directory for examples.
+#
+# Mandatory: no
+# Default:
+# UserParameter=
+
+### Option: UserParameterDir
+#	Directory to execute UserParameter commands from. Only one entry is allowed.
+#	When executing UserParameter commands the agent will change the working directory to the one
+#	specified in the UserParameterDir option.
+#	This way UserParameter commands can be specified using the relative ./ prefix.
+#
+# Mandatory: no
+# Default:
+# UserParameterDir=
+
+### Option: ControlSocket
+#	The control socket, used to send runtime commands with '-R' option.
+#
+# Mandatory: no
+# Default:
+# ControlSocket=
+
+ControlSocket=/run/zabbix/zabbix_agent2.sock
+
+####### TLS-RELATED PARAMETERS #######
+
+### Option: TLSConnect
+#	How the agent should connect to server or proxy. Used for active checks.
+#	Only one value can be specified:
+#		unencrypted - connect without encryption
+#		psk         - connect using TLS and a pre-shared key
+#		cert        - connect using TLS and a certificate
+#
+# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
+# Default:
+# TLSConnect=unencrypted
+
+### Option: TLSAccept
+#	What incoming connections to accept.
+#	Multiple values can be specified, separated by comma:
+#		unencrypted - accept connections without encryption
+#		psk         - accept connections secured with TLS and a pre-shared key
+#		cert        - accept connections secured with TLS and a certificate
+#
+# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
+# Default:
+# TLSAccept=unencrypted
+
+### Option: TLSCAFile
+#	Full pathname of a file containing the top-level CA(s) certificates for
+#	peer certificate verification.
+#
+# Mandatory: no
+# Default:
+# TLSCAFile=
+
+### Option: TLSCRLFile
+#	Full pathname of a file containing revoked certificates.
+#
+# Mandatory: no
+# Default:
+# TLSCRLFile=
+
+### Option: TLSServerCertIssuer
+#		Allowed server certificate issuer.
+#
+# Mandatory: no
+# Default:
+# TLSServerCertIssuer=
+
+### Option: TLSServerCertSubject
+#		Allowed server certificate subject.
+#
+# Mandatory: no
+# Default:
+# TLSServerCertSubject=
+
+### Option: TLSCertFile
+#	Full pathname of a file containing the agent certificate or certificate chain.
+#
+# Mandatory: no
+# Default:
+# TLSCertFile=
+
+### Option: TLSKeyFile
+#	Full pathname of a file containing the agent private key.
+#
+# Mandatory: no
+# Default:
+# TLSKeyFile=
+
+### Option: TLSPSKIdentity
+#	Unique, case sensitive string used to identify the pre-shared key.
+#
+# Mandatory: no
+# Default:
+# TLSPSKIdentity=
+
+### Option: TLSPSKFile
+#	Full pathname of a file containing the pre-shared key.
+#
+# Mandatory: no
+# Default:
+# TLSPSKFile=
+
+####### PLUGIN-SPECIFIC PARAMETERS #######
+
+### Option: Plugins
+#	A plugin can have one or more plugin specific configuration parameters in format:
+#     Plugins.<PluginName>.<Parameter1>=<value1>
+#     Plugins.<PluginName>.<Parameter2>=<value2>
+#
+# Mandatory: no
+# Range:
+# Default:
+
+### Option: Plugins.Log.MaxLinesPerSecond
+#	Maximum number of new lines the agent will send per second to Zabbix Server
+#	or Proxy processing 'log' and 'logrt' active checks.
+#	The provided value will be overridden by the parameter 'maxlines',
+#	provided in 'log' or 'logrt' item keys.
+#
+# Mandatory: no
+# Range: 1-1000
+# Default:
+# Plugins.Log.MaxLinesPerSecond=20
+
+### Option: AllowKey
+#	Allow execution of item keys matching pattern.
+#	Multiple keys matching rules may be defined in combination with DenyKey.
+#	Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments.
+#	Parameters are processed one by one according their appearance order.
+#	If no AllowKey or DenyKey rules defined, all keys are allowed.
+#
+# Mandatory: no
+
+### Option: DenyKey
+#	Deny execution of items keys matching pattern.
+#	Multiple keys matching rules may be defined in combination with AllowKey.
+#	Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments.
+#	Parameters are processed one by one according their appearance order.
+#	If no AllowKey or DenyKey rules defined, all keys are allowed.
+#       Unless another system.run[*] rule is specified DenyKey=system.run[*] is added by default.
+#
+# Mandatory: no
+# Default:
+# DenyKey=system.run[*]
+
+### Option: Plugins.SystemRun.LogRemoteCommands
+#	Enable logging of executed shell commands as warnings.
+#	0 - disabled
+#	1 - enabled
+#
+# Mandatory: no
+# Default:
+# Plugins.SystemRun.LogRemoteCommands=0
+
+### Option: ForceActiveChecksOnStart
+#	Perform active checks immediately after restart for first received configuration.
+#	Also available as per plugin configuration, example: Plugins.Uptime.System.ForceActiveChecksOnStart=1
+#
+# Mandatory: no
+# Range: 0-1
+# Default:
+# ForceActiveChecksOnStart=0
+
+# Include configuration files for plugins
+Include=./zabbix_agent2.d/plugins.d/*.conf
+
+####### For advanced users - TLS ciphersuite selection criteria #######
+
+### Option: TLSCipherCert13
+#	Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+#	Override the default ciphersuite selection criteria for certificate-based encryption.
+#
+# Mandatory: no
+# Default:
+# TLSCipherCert13=
+
+### Option: TLSCipherCert
+#	OpenSSL (TLS 1.2) cipher string.
+#	Override the default ciphersuite selection criteria for certificate-based encryption.
+#	Example:
+#		EECDH+aRSA+AES128:RSA+aRSA+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherCert=
+
+### Option: TLSCipherPSK13
+#	Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+#	Override the default ciphersuite selection criteria for PSK-based encryption.
+#	Example:
+#		TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
+#
+# Mandatory: no
+# Default:
+# TLSCipherPSK13=
+
+### Option: TLSCipherPSK
+#	OpenSSL (TLS 1.2) cipher string.
+#	Override the default ciphersuite selection criteria for PSK-based encryption.
+#	Example:
+#		kECDHEPSK+AES128:kPSK+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherPSK=
+
+### Option: TLSCipherAll13
+#	Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+#	Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
+#	Example:
+#		TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
+#
+# Mandatory: no
+# Default:
+# TLSCipherAll13=
+
+### Option: TLSCipherAll
+#	OpenSSL (TLS 1.2) cipher string.
+#	Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
+#	Example:
+#		EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherAll=
diff --git a/zabbix/conf/zabbix_server.conf.example b/zabbix/conf/zabbix_server.conf.example
new file mode 100644
index 0000000..6035469
--- /dev/null
+++ b/zabbix/conf/zabbix_server.conf.example
@@ -0,0 +1,1110 @@
+# This is a configuration file for Zabbix server daemon
+# To get more information about Zabbix, visit https://www.zabbix.com
+
+############ GENERAL PARAMETERS #################
+
+### Option: ListenPort
+#	Listen port for trapper.
+#
+# Mandatory: no
+# Range: 1024-32767
+# Default:
+# ListenPort=10051
+
+### Option: SourceIP
+#	Source IP address for outgoing connections.
+#
+# Mandatory: no
+# Default:
+# SourceIP=
+
+### Option: LogType
+#	Specifies where log messages are written to:
+#		system  - syslog
+#		file    - file specified with LogFile parameter
+#		console - standard output
+#
+# Mandatory: no
+# Default:
+# LogType=file
+
+### Option: LogFile
+#	Log file name for LogType 'file' parameter.
+#
+# Mandatory: yes, if LogType is set to file, otherwise no
+# Default:
+# LogFile=
+
+LogFile=/var/log/zabbix/zabbix_server.log
+
+### Option: LogFileSize
+#	Maximum size of log file in MB.
+#	0 - disable automatic log rotation.
+#
+# Mandatory: no
+# Range: 0-1024
+# Default:
+# LogFileSize=1
+
+### Option: DebugLevel
+#	Specifies debug level:
+#	0 - basic information about starting and stopping of Zabbix processes
+#	1 - critical information
+#	2 - error information
+#	3 - warnings
+#	4 - for debugging (produces lots of information)
+#	5 - extended debugging (produces even more information)
+#
+# Mandatory: no
+# Range: 0-5
+# Default:
+# DebugLevel=3
+
+### Option: PidFile
+#	Name of PID file.
+#
+# Mandatory: no
+# Default:
+PidFile=/var/run/zabbix/zabbix_server.pid
+
+### Option: SocketDir
+#	IPC socket directory.
+#		Directory to store IPC sockets used by internal Zabbix services.
+#
+# Mandatory: no
+# Default:
+# SocketDir=/tmp
+
+### Option: DBHost
+#	Database host name.
+#	If set to localhost, socket is used for MySQL.
+#	If set to empty string, socket is used for PostgreSQL.
+#
+# Mandatory: no
+DBHost=postgres
+
+### Option: DBName
+#	Database name.
+#
+# Mandatory: yes
+DBName=zabbix
+
+### Option: DBSchema
+#	Schema name. Used for PostgreSQL.
+#
+# Mandatory: no
+# Default:
+# DBSchema=
+
+### Option: DBUser
+#	Database user.
+#
+# Mandatory: no
+DBUser=zabbix
+
+### Option: DBPassword
+#	Database password.
+#	Comment this line if no password is used.
+#
+# Mandatory: no
+# Default:
+# DBPassword=
+DBPassword=aa2e7b87f1569586a3eebfd017c0cd9dcf1e987680d1e5ada1d4ea974631b4ea
+
+### Option: DBSocket
+#	Path to MySQL socket.
+#
+# Mandatory: no
+# Default:
+# DBSocket=
+
+### Option: DBPort
+#	Database port when not using local socket.
+#
+# Mandatory: no
+# Range: 1024-65535
+# Default for MySQL: 3306
+# Default for PostgreSQL: 5432
+# DBPort=
+
+### Option: AllowUnsupportedDBVersions
+#	Allow server to work with unsupported database versions.
+#       0 - do not allow
+#       1 - allow
+#
+# Mandatory: no
+# Default:
+# AllowUnsupportedDBVersions=0
+
+### Option: HistoryStorageURL
+#	History storage HTTP[S] URL.
+#
+# Mandatory: no
+# Default:
+# HistoryStorageURL=
+
+### Option: HistoryStorageTypes
+#	Comma separated list of value types to be sent to the history storage.
+#
+# Mandatory: no
+# Default:
+# HistoryStorageTypes=uint,dbl,str,log,text
+
+### Option: HistoryStorageDateIndex
+#	Enable preprocessing of history values in history storage to store values in different indices based on date.
+#	0 - disable
+#	1 - enable
+#
+# Mandatory: no
+# Default:
+# HistoryStorageDateIndex=0
+
+### Option: ExportDir
+#	Directory for real time export of events, history and trends in newline delimited JSON format.
+#	If set, enables real time export.
+#
+# Mandatory: no
+# Default:
+# ExportDir=
+
+### Option: ExportFileSize
+#	Maximum size per export file in bytes.
+#	Only used for rotation if ExportDir is set.
+#
+# Mandatory: no
+# Range: 1M-1G
+# Default:
+# ExportFileSize=1G
+
+### Option: ExportType
+#	List of comma delimited types of real time export - allows to control export entities by their
+#	type (events, history, trends) individually.
+#	Valid only if ExportDir is set.
+#
+# Mandatory: no
+# Default:
+# ExportType=events,history,trends
+
+############ ADVANCED PARAMETERS ################
+
+### Option: StartPollers
+#	Number of pre-forked instances of pollers.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartPollers=5
+
+### Option: StartAgentPollers
+#	Number of pre-forked instances of asynchronous Zabbix agent pollers. Also see MaxConcurrentChecksPerPoller.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartAgentPollers=1
+
+### Option: StartHTTPAgentPollers
+#	Number of pre-forked instances of asynchronous HTTP agent pollers. Also see MaxConcurrentChecksPerPoller.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartHTTPAgentPollers=1
+
+### Option: StartSNMPPollers
+#	Number of pre-forked instances of asynchronous SNMP pollers. Also see MaxConcurrentChecksPerPoller.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartSNMPPollers=1
+
+### Option: MaxConcurrentChecksPerPoller
+#	Maximum number of asynchronous checks that can be executed at once by each HTTP agent poller or agent poller.
+#
+# Mandatory: no
+# Range: 1-1000
+# Default:
+# MaxConcurrentChecksPerPoller=1000
+
+### Option: StartIPMIPollers
+#	Number of pre-forked instances of IPMI pollers.
+#		The IPMI manager process is automatically started when at least one IPMI poller is started.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartIPMIPollers=0
+
+
+### Option: StartPreprocessors
+#	Number of pre-started instances of preprocessing worker threads should be set to no less than
+#	the available CPU core count. More workers should be set if preprocessing is not CPU-bound and has
+#	lots of network requests.
+# Mandatory: no
+# Range: 1-1000
+# Default:
+# StartPreprocessors=16
+
+### Option: StartConnectors
+#	Number of pre-forked instances of connector workers.
+#		The connector manager process is automatically started when connector worker is started.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartConnectors=0
+
+### Option: StartPollersUnreachable
+#	Number of pre-forked instances of pollers for unreachable hosts (including IPMI and Java).
+#	At least one poller for unreachable hosts must be running if regular, IPMI or Java pollers
+#	are started.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartPollersUnreachable=1
+
+### Option: StartHistoryPollers
+#	Number of pre-forked instances of history pollers.
+#	Only required for calculated checks.
+#	A database connection is required for each history poller instance.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartHistoryPollers=5
+
+### Option: StartTrappers
+#	Number of pre-forked instances of trappers.
+#	Trappers accept incoming connections from Zabbix sender, active agents and active proxies.
+#	At least one trapper process must be running to display server availability and view queue
+#	in the frontend.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartTrappers=5
+
+### Option: StartPingers
+#	Number of pre-forked instances of ICMP pingers.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartPingers=1
+
+### Option: StartDiscoverers
+#	Number of pre-started instances of discovery workers.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartDiscoverers=5
+
+### Option: StartHTTPPollers
+#	Number of pre-forked instances of HTTP pollers.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartHTTPPollers=1
+
+### Option: StartTimers
+#	Number of pre-forked instances of timers.
+#	Timers process maintenance periods.
+#	Only the first timer process handles host maintenance updates. Problem suppression updates are shared
+#	between all timers.
+#
+# Mandatory: no
+# Range: 1-1000
+# Default:
+# StartTimers=1
+
+### Option: StartEscalators
+#	Number of pre-forked instances of escalators.
+#
+# Mandatory: no
+# Range: 1-100
+# Default:
+# StartEscalators=1
+
+### Option: StartAlerters
+#	Number of pre-forked instances of alerters.
+#	Alerters send the notifications created by action operations.
+#
+# Mandatory: no
+# Range: 1-100
+# Default:
+# StartAlerters=3
+
+### Option: JavaGateway
+#	IP address (or hostname) of Zabbix Java gateway.
+#	Only required if Java pollers are started.
+#
+# Mandatory: no
+# Default:
+# JavaGateway=
+
+### Option: JavaGatewayPort
+#	Port that Zabbix Java gateway listens on.
+#
+# Mandatory: no
+# Range: 1024-32767
+# Default:
+# JavaGatewayPort=10052
+
+### Option: StartJavaPollers
+#	Number of pre-forked instances of Java pollers.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartJavaPollers=0
+
+### Option: StartVMwareCollectors
+#	Number of pre-forked vmware collector instances.
+#
+# Mandatory: no
+# Range: 0-250
+# Default:
+# StartVMwareCollectors=0
+
+### Option: VMwareFrequency
+#	How often Zabbix will connect to VMware service to obtain a new data.
+#
+# Mandatory: no
+# Range: 10-86400
+# Default:
+# VMwareFrequency=60
+
+### Option: VMwarePerfFrequency
+#	How often Zabbix will connect to VMware service to obtain performance data.
+#
+# Mandatory: no
+# Range: 10-86400
+# Default:
+# VMwarePerfFrequency=60
+
+### Option: VMwareCacheSize
+#	Size of VMware cache, in bytes.
+#	Shared memory size for storing VMware data.
+#	Only used if VMware collectors are started.
+#
+# Mandatory: no
+# Range: 256K-2G
+# Default:
+# VMwareCacheSize=8M
+
+### Option: VMwareTimeout
+#	Specifies how many seconds vmware collector waits for response from VMware service.
+#
+# Mandatory: no
+# Range: 1-300
+# Default:
+# VMwareTimeout=10
+
+### Option: SNMPTrapperFile
+#	Temporary file used for passing data from SNMP trap daemon to the server.
+#	Must be the same as in zabbix_trap_receiver.pl or SNMPTT configuration file.
+#
+# Mandatory: no
+# Default:
+# SNMPTrapperFile=/var/log/zabbix/zabbix_traps.tmp
+
+### Option: StartSNMPTrapper
+#	If 1, SNMP trapper process is started.
+#
+# Mandatory: no
+# Range: 0-1
+# Default:
+# StartSNMPTrapper=0
+
+### Option: ListenIP
+#	List of comma delimited IP addresses that the trapper should listen on.
+#	Trapper will listen on all network interfaces if this parameter is missing.
+#
+# Mandatory: no
+# Default:
+# ListenIP=0.0.0.0
+
+### Option: HousekeepingFrequency
+#	How often Zabbix will perform housekeeping procedure (in hours).
+#	Housekeeping is removing outdated information from the database.
+#	To prevent Housekeeper from being overloaded, no more than 4 times HousekeepingFrequency
+#	hours of outdated information are deleted in one housekeeping cycle, for each item.
+#	To lower load on server startup housekeeping is postponed for 30 minutes after server start.
+#	With HousekeepingFrequency=0 the housekeeper can be only executed using the runtime control option.
+#	In this case the period of outdated information deleted in one housekeeping cycle is 4 times the
+#	period since the last housekeeping cycle, but not less than 4 hours and not greater than 4 days.
+#
+# Mandatory: no
+# Range: 0-24
+# Default:
+# HousekeepingFrequency=1
+
+### Option: MaxHousekeeperDelete
+#	The table "housekeeper" contains "tasks" for housekeeping procedure in the format:
+#	[housekeeperid], [tablename], [field], [value].
+#	No more than 'MaxHousekeeperDelete' rows (corresponding to [tablename], [field], [value])
+#	will be deleted per one task in one housekeeping cycle.
+#	If set to 0 then no limit is used at all. In this case you must know what you are doing!
+#
+# Mandatory: no
+# Range: 0-1000000
+# Default:
+# MaxHousekeeperDelete=5000
+
+### Option: CacheSize
+#	Size of configuration cache, in bytes.
+#	Shared memory size for storing host, item and trigger data.
+#
+# Mandatory: no
+# Range: 128K-64G
+# Default:
+# CacheSize=32M
+
+### Option: CacheUpdateFrequency
+#	How often Zabbix will perform update of configuration cache, in seconds.
+#
+# Mandatory: no
+# Range: 1-3600
+# Default:
+# CacheUpdateFrequency=10
+
+### Option: StartDBSyncers
+#	Number of pre-forked instances of DB Syncers.
+#
+# Mandatory: no
+# Range: 1-100
+# Default:
+# StartDBSyncers=4
+
+### Option: HistoryCacheSize
+#	Size of history cache, in bytes.
+#	Shared memory size for storing history data.
+#
+# Mandatory: no
+# Range: 128K-2G
+# Default:
+# HistoryCacheSize=16M
+
+### Option: HistoryIndexCacheSize
+#	Size of history index cache, in bytes.
+#	Shared memory size for indexing history cache.
+#
+# Mandatory: no
+# Range: 128K-2G
+# Default:
+# HistoryIndexCacheSize=4M
+
+### Option: TrendCacheSize
+#	Size of trend write cache, in bytes.
+#	Shared memory size for storing trends data.
+#
+# Mandatory: no
+# Range: 128K-2G
+# Default:
+# TrendCacheSize=4M
+
+### Option: TrendFunctionCacheSize
+#	Size of trend function cache, in bytes.
+#	Shared memory size for caching calculated trend function data.
+#
+# Mandatory: no
+# Range: 128K-2G
+# Default:
+# TrendFunctionCacheSize=4M
+
+### Option: ValueCacheSize
+#	Size of history value cache, in bytes.
+#	Shared memory size for caching item history data requests.
+#	Setting to 0 disables value cache.
+#
+# Mandatory: no
+# Range: 0,128K-64G
+# Default:
+# ValueCacheSize=8M
+
+### Option: Timeout
+#	Specifies how long to wait (in seconds) for establishing connection and exchanging data with Zabbix proxy, agent, web service, and for SNMP checks (except SNMP `walk[OID]` and `get[OID]` items) and `icmpping[*]` item.
+#
+# Mandatory: no
+# Range: 1-30
+# Default:
+# Timeout=3
+
+Timeout=4
+
+### Option: TrapperTimeout
+#	Specifies timeout in seconds for:
+#		retrieval of historical data from Zabbix proxy
+#		sending configuration data to Zabbix proxy
+#		Global script / remote command execution on Zabbix proxy / server
+#
+# Mandatory: no
+# Range: 1-300
+# Default:
+# TrapperTimeout=300
+
+### Option: UnreachablePeriod
+#	After how many seconds of unreachability treat a host as unavailable.
+#
+# Mandatory: no
+# Range: 1-3600
+# Default:
+# UnreachablePeriod=45
+
+### Option: UnavailableDelay
+#	How often host is checked for availability during the unavailability period, in seconds.
+#
+# Mandatory: no
+# Range: 1-3600
+# Default:
+# UnavailableDelay=60
+
+### Option: UnreachableDelay
+#	How often host is checked for availability during the unreachability period, in seconds.
+#
+# Mandatory: no
+# Range: 1-3600
+# Default:
+# UnreachableDelay=15
+
+### Option: AlertScriptsPath
+#	Full path to location of custom alert scripts.
+#	Default depends on compilation options.
+#	To see the default path run command "zabbix_server --help".
+#
+# Mandatory: no
+# Default:
+# AlertScriptsPath=${datadir}/zabbix/alertscripts
+
+### Option: ExternalScripts
+#	Full path to location of external scripts.
+#	Default depends on compilation options.
+#	To see the default path run command "zabbix_server --help".
+#
+# Mandatory: no
+# Default:
+# ExternalScripts=${datadir}/zabbix/externalscripts
+
+### Option: FpingLocation
+#	Location of fping.
+#	Make sure that fping binary has root ownership and SUID flag set.
+#
+# Mandatory: no
+# Default:
+# FpingLocation=/usr/sbin/fping
+
+### Option: Fping6Location
+#	Location of fping6.
+#	Make sure that fping6 binary has root ownership and SUID flag set.
+#	Make empty if your fping utility is capable to process IPv6 addresses.
+#
+# Mandatory: no
+# Default:
+# Fping6Location=/usr/sbin/fping6
+
+### Option: SSHKeyLocation
+#	Location of public and private keys for SSH checks and actions.
+#
+# Mandatory: no
+# Default:
+# SSHKeyLocation=
+
+### Option: LogSlowQueries
+#	How long a database query may take before being logged (in milliseconds).
+#	Only works if DebugLevel set to 3, 4 or 5.
+#	0 - don't log slow queries.
+#
+# Mandatory: no
+# Range: 1-3600000
+# Default:
+# LogSlowQueries=0
+
+LogSlowQueries=3000
+
+### Option: TmpDir
+#	Temporary directory.
+#
+# Mandatory: no
+# Default:
+# TmpDir=/tmp
+
+### Option: StartProxyPollers
+#	Number of pre-forked instances of pollers for passive proxies.
+#
+# Mandatory: no
+# Range: 0-250
+# Default:
+# StartProxyPollers=1
+
+### Option: ProxyConfigFrequency
+#	How often Zabbix Server sends configuration data to a Zabbix Proxy in seconds.
+#	This parameter is used only for proxies in the passive mode.
+#
+# Mandatory: no
+# Range: 1-3600*24*7
+# Default:
+# ProxyConfigFrequency=10
+
+### Option: ProxyDataFrequency
+#	How often Zabbix Server requests history data from a Zabbix Proxy in seconds.
+#	This parameter is used only for proxies in the passive mode.
+#
+# Mandatory: no
+# Range: 1-3600
+# Default:
+# ProxyDataFrequency=1
+
+### Option: StartLLDProcessors
+#	Number of pre-forked instances of low level discovery processors.
+#
+# Mandatory: no
+# Range: 1-100
+# Default:
+# StartLLDProcessors=2
+
+### Option: AllowRoot
+#	Allow the server to run as 'root'. If disabled and the server is started by 'root', the server
+#	will try to switch to the user specified by the User configuration option instead.
+#	Has no effect if started under a regular user.
+#	0 - do not allow
+#	1 - allow
+#
+# Mandatory: no
+# Default:
+# AllowRoot=0
+
+### Option: User
+#	Drop privileges to a specific, existing user on the system.
+#	Only has effect if run as 'root' and AllowRoot is disabled.
+#
+# Mandatory: no
+# Default:
+# User=zabbix
+
+### Option: Include
+#	You may include individual files or all files in a directory in the configuration file.
+#	Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time.
+#
+# Mandatory: no
+# Default:
+# Include=
+
+# Include=/usr/local/etc/zabbix_server.general.conf
+# Include=/usr/local/etc/zabbix_server.conf.d/
+# Include=/usr/local/etc/zabbix_server.conf.d/*.conf
+
+### Option: SSLCertLocation
+#	Location of SSL client certificates.
+#	This parameter is used in web monitoring and for communication with Vault.
+#	Default depends on compilation options.
+#	To see the default path run command "zabbix_server --help".
+#
+# Mandatory: no
+# Default:
+# SSLCertLocation=${datadir}/zabbix/ssl/certs
+
+### Option: SSLKeyLocation
+#	Location of private keys for SSL client certificates.
+#	This parameter is used in web monitoring and for communication with Vault.
+#	Default depends on compilation options.
+#	To see the default path run command "zabbix_server --help".
+#
+# Mandatory: no
+# Default:
+# SSLKeyLocation=${datadir}/zabbix/ssl/keys
+
+### Option: SSLCALocation
+#	Override the location of certificate authority (CA) files for SSL server certificate verification.
+#	If not set, system-wide directory will be used.
+#	This parameter is used in web monitoring, SMTP authentication, HTTP agent items and for communication with Vault.
+#
+# Mandatory: no
+# Default:
+# SSLCALocation=
+
+### Option: StatsAllowedIP
+#	List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of external Zabbix instances.
+#	Stats request will be accepted only from the addresses listed here. If this parameter is not set no stats requests
+#	will be accepted.
+#	If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally
+#	and '::/0' will allow any IPv4 or IPv6 address.
+#	'0.0.0.0/0' can be used to allow any IPv4 address.
+#	Example: StatsAllowedIP=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com
+#
+# Mandatory: no
+# Default:
+# StatsAllowedIP=
+StatsAllowedIP=127.0.0.1
+
+####### LOADABLE MODULES #######
+
+### Option: LoadModulePath
+#	Full path to location of server modules.
+#	Default depends on compilation options.
+#	To see the default path run command "zabbix_server --help".
+#
+# Mandatory: no
+# Default:
+# LoadModulePath=${libdir}/modules
+
+### Option: LoadModule
+#	Module to load at server startup. Modules are used to extend functionality of the server.
+#	Formats:
+#		LoadModule=<module.so>
+#		LoadModule=<path/module.so>
+#		LoadModule=</abs_path/module.so>
+#	Either the module must be located in directory specified by LoadModulePath or the path must precede the module name.
+#	If the preceding path is absolute (starts with '/') then LoadModulePath is ignored.
+#	It is allowed to include multiple LoadModule parameters.
+#
+# Mandatory: no
+# Default:
+# LoadModule=
+
+####### TLS-RELATED PARAMETERS #######
+
+### Option: TLSCAFile
+#	Full pathname of a file containing the top-level CA(s) certificates for
+#	peer certificate verification.
+#
+# Mandatory: no
+# Default:
+# TLSCAFile=
+
+### Option: TLSCRLFile
+#	Full pathname of a file containing revoked certificates.
+#
+# Mandatory: no
+# Default:
+# TLSCRLFile=
+
+### Option: TLSCertFile
+#	Full pathname of a file containing the server certificate or certificate chain.
+#
+# Mandatory: no
+# Default:
+# TLSCertFile=
+
+### Option: TLSKeyFile
+#	Full pathname of a file containing the server private key.
+#
+# Mandatory: no
+# Default:
+# TLSKeyFile=
+
+####### For advanced users - TLS ciphersuite selection criteria #######
+
+### Option: TLSCipherCert13
+#	Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+#	Override the default ciphersuite selection criteria for certificate-based encryption.
+#
+# Mandatory: no
+# Default:
+# TLSCipherCert13=
+
+### Option: TLSCipherCert
+#	GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
+#	Override the default ciphersuite selection criteria for certificate-based encryption.
+#	Example for GnuTLS:
+#		NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
+#	Example for OpenSSL:
+#		EECDH+aRSA+AES128:RSA+aRSA+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherCert=
+
+### Option: TLSCipherPSK13
+#	Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+#	Override the default ciphersuite selection criteria for PSK-based encryption.
+#	Example:
+#		TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
+#
+# Mandatory: no
+# Default:
+# TLSCipherPSK13=
+
+### Option: TLSCipherPSK
+#	GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
+#	Override the default ciphersuite selection criteria for PSK-based encryption.
+#	Example for GnuTLS:
+#		NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL
+#	Example for OpenSSL:
+#		kECDHEPSK+AES128:kPSK+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherPSK=
+
+### Option: TLSCipherAll13
+#	Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+#	Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
+#	Example:
+#		TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
+#
+# Mandatory: no
+# Default:
+# TLSCipherAll13=
+
+### Option: TLSCipherAll
+#	GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
+#	Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
+#	Example for GnuTLS:
+#		NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
+#	Example for OpenSSL:
+#		EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherAll=
+
+### Option: DBTLSConnect
+#	Setting this option enforces to use TLS connection to database.
+#	required    - connect using TLS
+#	verify_ca   - connect using TLS and verify certificate
+#	verify_full - connect using TLS, verify certificate and verify that database identity specified by DBHost
+#	              matches its certificate
+#	On MySQL starting from 5.7.11 and PostgreSQL following values are supported: "required", "verify_ca" and
+#	"verify_full".
+#	On MariaDB starting from version 10.2.6 "required" and "verify_full" values are supported.
+#	Default is not to set any option and behavior depends on database configuration
+#
+# Mandatory: no
+# Default:
+# DBTLSConnect=
+
+### Option: DBTLSCAFile
+#	Full pathname of a file containing the top-level CA(s) certificates for database certificate verification.
+#	Supported only for MySQL and PostgreSQL
+#
+# Mandatory: no
+#	(yes, if DBTLSConnect set to one of: verify_ca, verify_full)
+# Default:
+# DBTLSCAFile=
+
+### Option: DBTLSCertFile
+#	Full pathname of file containing Zabbix server certificate for authenticating to database.
+#	Supported only for MySQL and PostgreSQL
+#
+# Mandatory: no
+# Default:
+# DBTLSCertFile=
+
+### Option: DBTLSKeyFile
+#	Full pathname of file containing the private key for authenticating to database.
+#	Supported only for MySQL and PostgreSQL
+#
+# Mandatory: no
+# Default:
+# DBTLSKeyFile=
+
+### Option: DBTLSCipher
+#	The list of encryption ciphers that Zabbix server permits for TLS protocols up through TLSv1.2
+#	Supported only for MySQL
+#
+# Mandatory no
+# Default:
+# DBTLSCipher=
+
+### Option: DBTLSCipher13
+#	The list of encryption ciphersuites that Zabbix server permits for TLSv1.3 protocol
+#	Supported only for MySQL, starting from version 8.0.16
+#
+# Mandatory no
+# Default:
+# DBTLSCipher13=
+
+### Option: Vault
+#	Specifies vault:
+#		HashiCorp - HashiCorp KV Secrets Engine - Version 2
+#		CyberArk  - CyberArk Central Credential Provider
+#
+# Mandatory: no
+# Default:
+# Vault=HashiCorp
+
+### Option: VaultToken
+#	Vault authentication token that should have been generated exclusively for Zabbix server with read only permission
+#	to paths specified in Vault macros and read only permission to path specified in optional VaultDBPath
+#	configuration parameter.
+#	It is an error if VaultToken and VAULT_TOKEN environment variable are defined at the same time.
+#
+# Mandatory: no
+#	(yes, if Vault is explicitly set to HashiCorp)
+# Default:
+# VaultToken=
+
+### Option: VaultURL
+#	Vault server HTTP[S] URL. System-wide CA certificates directory will be used if SSLCALocation is not specified.
+#
+# Mandatory: no
+# Default:
+# VaultURL=https://127.0.0.1:8200
+
+### Option: VaultPrefix
+#	Custom prefix for Vault path or query depending on the Vault.
+#	Most suitable defaults will be used if not specified.
+#	Note that 'data' is automatically appended after mountpoint for HashiCorp if VaultPrefix is not specified.
+#	Example prefix for HashiCorp:
+#		/v1/secret/data/zabbix/
+#	Example prefix for CyberArk:
+#		/AIMWebService/api/Accounts?
+# Mandatory: no
+# Default:
+# VaultPrefix=
+
+### Option: VaultDBPath
+#	Vault path or query depending on the Vault from where credentials for database will be retrieved by keys.
+#	Keys used for HashiCorp are 'password' and 'username'.
+#		Example path with VaultPrefix=/v1/secret/data/zabbix/:
+#		database
+#		Example path without VaultPrefix:
+#			secret/zabbix/database
+#	Keys used for CyberArk are 'Content' and 'UserName'.
+#	Example query:
+#			AppID=zabbix_server&Query=Safe=passwordSafe;Object=zabbix_server_database
+#	This option can only be used if DBUser and DBPassword are not specified.
+#
+# Mandatory: no
+# Default:
+# VaultDBPath=
+
+### Option: VaultTLSCertFile
+#	Name of the SSL certificate file used for client authentication. The certificate file must be in PEM1 format.
+#	If the certificate file contains also the private key, leave the SSL key file field empty. The directory
+#	containing this file is specified by configuration parameter SSLCertLocation.
+#
+# Mandatory: no
+# Default:
+# VaultTLSCertFile=
+
+### Option: VaultTLSKeyFile
+#	Name of the SSL private key file used for client authentication. The private key file must be in PEM1 format.
+#	The directory containing this file is specified by configuration parameter SSLKeyLocation.
+#
+# Mandatory: no
+# Default:
+# VaultTLSKeyFile=
+
+### Option: StartReportWriters
+#	Number of pre-forked report writer instances.
+#
+# Mandatory: no
+# Range: 0-100
+# Default:
+# StartReportWriters=0
+
+### Option: WebServiceURL
+#	URL to Zabbix web service, used to perform web related tasks.
+#	Example: http://localhost:10053/report
+#
+# Mandatory: no
+# Default:
+# WebServiceURL=
+
+### Option: ServiceManagerSyncFrequency
+#	How often Zabbix will synchronize configuration of a service manager (in seconds).
+#
+# Mandatory: no
+# Range: 1-3600
+# Default:
+# ServiceManagerSyncFrequency=60
+
+### Option: ProblemHousekeepingFrequency
+#	How often Zabbix will delete problems for deleted triggers (in seconds).
+#
+# Mandatory: no
+# Range: 1-3600
+# Default:
+# ProblemHousekeepingFrequency=60
+
+## Option: StartODBCPollers
+#	Number of pre-forked ODBC poller instances.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartODBCPollers=1
+
+### Option: EnableGlobalScripts
+#    Enable global scripts on Zabbix server.
+#       0 - disable
+#       1 - enable
+#
+# Mandatory: no
+# Default:
+# EnableGlobalScripts=1
+EnableGlobalScripts=0
+
+# Option: AllowSoftwareUpdateCheck
+#       Allow Zabbix UI to receive information about software updates from zabbix.com
+#       0 - disable software update checks
+#       1 - enable software update checks
+#
+# Mandatory: no
+# Default:
+# AllowSoftwareUpdateCheck=1
+
+### Option: SMSDevices
+#	List of comma delimited modem files allowed to use Zabbix server
+#       SMS sending not possible if this parameter is not set
+#	Example: SMSDevices=/dev/ttyUSB0,/dev/ttyUSB1
+#
+# Mandatory: no
+# Default:
+# SMSDevices=
+
+####### For advanced users - TCP-related fine-tuning parameters #######
+
+## Option: ListenBacklog
+#       The maximum number of pending connections in the queue. This parameter is passed to
+#       listen() function as argument 'backlog' (see "man listen").
+#
+# Mandatory: no
+# Range: 0 - INT_MAX (depends on system, too large values may be silently truncated to implementation-specified maximum)
+# Default: SOMAXCONN (hard-coded constant, depends on system)
+# ListenBacklog=
+
+
+####### High availability cluster parameters #######
+
+## Option: HANodeName
+#	The high availability cluster node name.
+#	When empty, server is working in standalone mode; a node with empty name is registered with address for the frontend to connect to.
+#
+# Mandatory: no
+# Default:
+# HANodeName=
+
+## Option: NodeAddress
+#	IP or hostname with optional port to specify how frontend should connect to the server.
+#	Format: <address>[:<port>]
+#
+#	If IP or hostname is not set, then ListenIP value will be used. In case ListenIP is not set, localhost will be used.
+#	If port is not set, then ListenPort value will be used. In case ListenPort is not set, 10051 will be used.
+#	This option can be overridden by address specified in frontend configuration.
+#
+# Mandatory: no
+# Default:
+# NodeAddress=localhost:10051
+
+####### Browser monitoring #######
+
+### Option: WebDriverURL
+#	WebDriver interface HTTP[S] URL. For example http://localhost:4444 used with Selenium WebDriver standalone server.
+#
+# Mandatory: no
+# Default:
+# WebDriverURL=
+
+### Option: StartBrowserPollers
+#	Number of pre-forked instances of browser item pollers.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartBrowserPollers=1