From 56cf8dcb84c805dbed9d385d1707aea373aff490 Mon Sep 17 00:00:00 2001
From: L3D <l3d@c3woc.de>
Date: Sat, 25 Nov 2023 02:35:52 +0100
Subject: [PATCH] Prepare nginx exporter

---
 .gitmodules                                   |   3 +
 host_vars/mail01.l3d.space/vars.yml           |   4 +-
 host_vars/services.l3d.space/vars.yml         |   7 +-
 host_vars/services.l3d.space/vault.yml        | 146 ++++++++++--------
 host_vars/web01.l3d.space/vars.yml            |   4 +-
 roles/l3d.nginx_exporter                      |   1 +
 site.yml                                      |   1 +
 .../nginx-exporter.mail01.l3d.space_tls.conf  |  24 +++
 ...nginx-exporter.services.l3d.space_tls.conf |  24 +++
 .../nginx-exporter.web01.l3d.space_tls.conf   |  24 +++
 10 files changed, 167 insertions(+), 71 deletions(-)
 create mode 160000 roles/l3d.nginx_exporter
 create mode 100644 templates/files/nginx/sites/nginx-exporter.mail01.l3d.space_tls.conf
 create mode 100644 templates/files/nginx/sites/nginx-exporter.services.l3d.space_tls.conf
 create mode 100644 templates/files/nginx/sites/nginx-exporter.web01.l3d.space_tls.conf

diff --git a/.gitmodules b/.gitmodules
index e7c2a03..1866b11 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -135,3 +135,6 @@
 [submodule "collections/ansible_collections/community/general"]
 	path = collections/ansible_collections/community/general
 	url = https://github.com/ansible-collections/community.general.git
+[submodule "roles/l3d.nginx_exporter"]
+	path = roles/l3d.nginx_exporter
+	url = https://github.com/roles-ansible/ansible_role_nginx_exporter
diff --git a/host_vars/mail01.l3d.space/vars.yml b/host_vars/mail01.l3d.space/vars.yml
index ec5f802..8ed85b3 100644
--- a/host_vars/mail01.l3d.space/vars.yml
+++ b/host_vars/mail01.l3d.space/vars.yml
@@ -44,8 +44,7 @@ postfix__db_user: "{{ _mailserver__mysql_user }}"
 postfix__db_password: "{{ _mailserver__mysql_password }}"
 postfix__db_name: "{{ _mailserver__mysql_database }}"
 
-acme_domain_unwant_list:
-  - name: 'node_exporter.imail01.l3d.space'
+acme_domain_unwant_list: []
 #  - name: 'example.com'
 
 nginx_sites:
@@ -54,6 +53,7 @@ nginx_sites:
       user: 'mailwebuser'
   - name: "{{ mailserver_domain }}"
   - name: 'node-exporter.mail01.l3d.space'
+  - name: 'nginx-exporter.mail01.l3d.space'
 
 # letsencrypt
 acme_notification_email: "{{ _acme_notification_email }}"
diff --git a/host_vars/services.l3d.space/vars.yml b/host_vars/services.l3d.space/vars.yml
index bed36dd..9c3534a 100644
--- a/host_vars/services.l3d.space/vars.yml
+++ b/host_vars/services.l3d.space/vars.yml
@@ -1,6 +1,5 @@
 ---
-acme_domain_unwant_list:
-  - name: 'node_exporter.services.l3d.space'
+acme_domain_unwant_list: []
 #  - name: 'example.com'
 
 nginx_sites:
@@ -8,6 +7,7 @@ nginx_sites:
   - name: 'grafana.l3d.ch'
   - name: 'www.grafana.l3d.ch'
   - name: 'node-exporter.services.l3d.space'
+  - name: 'nginx-exporter.services.l3d.space'
 
 acme_notification_email: "{{ _acme_notification_email }}"
 
@@ -40,6 +40,9 @@ grafana_dashboards:
   - dashboard_id: '1860'
     revision_id: '33'
     datasource: '{{ grafana_datasources.0.name }}'
+  - dashboard_id: '12708'
+    revision_id: '1'
+    datasource: '{{ grafana_datasources.0.name }}'
 
 # l3d.nginx_exporter
 nginx_exporter_listen_address: '127.0.0.1:9113'
diff --git a/host_vars/services.l3d.space/vault.yml b/host_vars/services.l3d.space/vault.yml
index 13de558..179cb61 100644
--- a/host_vars/services.l3d.space/vault.yml
+++ b/host_vars/services.l3d.space/vault.yml
@@ -1,66 +1,82 @@
 $ANSIBLE_VAULT;1.1;AES256
-66353239353261346266343339303763373165646634656132393732336430323365653036346231
-6335626530613662363737636436663937643433373938610a333535353836313034343935393130
-39333262656264393833343338343836373531653965396631353438663564616362316466363436
-6663353731306236330a643763303333383962633635663063396230653135656634636162333563
-63346562656566623864303136623638333538666430313430313032656236336563313637633631
-35623737396464383266336439383534373761353665306566623838663833323165653761633537
-61363063626264626466303762643966396631383962356630313735623366623332636337303064
-38383032343661643935663636346338356335396466316436663866653132323935626166636564
-36633539343263633031643462613534653561326364363864616139613763306334303133363639
-65326432353062663664656165313338646634343535653736633662373463343635613461386664
-30306533303534393733366666303233646134653366336432373233666239663563316331636465
-34313430663239363661393834626238313633363066656265643032346637653737383932376165
-35373835633163343563353265656261653135643962666334386362376534353465323030363636
-64393161303939373339316136383766316564303331666135353930316235663738323932353161
-30653934376663616363646563316531663661343165656563323537643030386130373535336163
-66666363323138333464383466393235336338303439326132346162613833383439346662393334
-32656434363732313435303863333037373534636438313264623634373130303164336437323634
-63326332393034363465376231373639303233376162363337643463656437323663373831383865
-31623131363661376563396661623835303236643633306665633536623830333731333062316538
-39323632353938346534393662643862333065363233323034656464323535636237356432666537
-66303436373531383934326637353261666636366530643537646465366236656361313735656134
-36346338306637326165346162353435373661643034396565356366636362383663646461636166
-33313935633462346237356162303336373135666263383533623835623461323361306261356631
-32373661386566393762633835353930633936313964623133363239616331653132633266653134
-34643561663730643461333965353034313833623937656663393062626633356262346338306664
-38303733613031346466633966626164346265373162386361343139383966363935613533663864
-39386235303163663535333236616162356564656632316466326331646463303164393163363735
-34303063396336653637303461663265323061653266663833636135303030666635326661623130
-61623664623737303865346463303035376564343030653535353064316338303032313239383635
-37316163653862313638613436613133663831643762306634623831366535313134376631386637
-37626336323764356363316663306234613566616338376466343464643233366138313835333933
-38616365306463316432336638316465626635666266316164623337313233383832633833666433
-34393161386232663733646164616135663836626634333936613163393535316362323563323162
-37616635633832376162306561666236386636333532333362393031623563386566333633356138
-32613133663131333931326538313332316630316462323636323031353261656133646336366136
-32326535393936326164323863646433626335376230353831356537613230373332393934356633
-31653533323065666530303539663333666436393131366665376337636163383232616566366239
-31303330356363643139363234613966306535383238326265316436363235396139396530343561
-62396330613964646238393437383130393934346363623139626538326365306235313939646566
-37666164616439663737646431316235326263383239623833373066303831383839353231373737
-66376636363134643031366332643135623939333736646531333534663366333236616439623038
-34653462643436366235373138653039323034326438386233396633626163393463343233633234
-64623233376531653035646462396366353833656431613963636466356532643064346530333366
-63356364393266316432353862626435613166373465633464303330303136656636653539663638
-33363034363732353938333361663631356363633235396232343366333433376266316231323266
-36373862323866326365306362653436343135343032396537613633306264373038383237323435
-39643633623862303263633765303466376535646564393835323139623166376235373136636138
-30613563353763366463613961633337633638653337333834386463346635373461373237623163
-37303539616233343465656233613335666535643431373566616439383537396630373765313534
-64353134306131396338663265373037396565323934643038343231336265303838326632343764
-64356166343434343335323134643332343634343338396338313239666231393739393530343732
-32636561386365386331333237326565373532363131623937636632333032373635353935333562
-35643461643730623465326631313961393162313035326161643339333062333961623936323332
-61303666353434366364653131313636633964346565333566626164663838323030626538386432
-36343364613133386566376131663136396637393138316266333935313463386533383833373032
-31663337653834303764326666643336363766353963343633653037396136633436376238376431
-30613438626165373232633863336235303634336464313465383033343365303538373135313638
-30643333316234396532313863623362343239663762396535653762373265316536643732386131
-37383132323666383363303965316633303638636339386135656432363034333531353164363933
-66366463363035633732343465356264623430393333383165323364306365363239386430626566
-30353230653466323464333238353231313130383061663532313963626235656230303537643435
-38303634306263383738633338663139313132656363326637633530323765333363323635363666
-38353530363334333231356666353463613735616233633461363866356135633833616335343865
-61366161643938333231383539633236366565393833633634393738613065643033633865666664
-6361
+39303134626437393662336266636533656235623863333638306161383663323130363538663563
+3533653865653136616563623365623033623337623433360a336131376135343864633638666264
+61323737613439613035653433666433613030613331666234633833336238386135623035386335
+3137356662626465640a653736363266356435656234656365363035386264333637626130666532
+39373330303363353061346364323035613031343965636435313033376330653032643334306132
+32313262373536396137313336343832633734633361633234393634636637636432623866623431
+64373230316330636533323966613963373533363964666165386233303965376139653263316663
+30633261613764303832663432313166656538353132643531363864353266356431303865663235
+64333665663739336163633933653831623464353962663836613765353935346635323161633831
+38653235353436303934393061353439653732616565643561336438613931656164666136616537
+61643364616632616563313534353139363762643163373339663262653466393065653434653935
+62366166393763353136663331386661643361353634326561643766653963303934383939316665
+31336433633435666564373538316537353531306632306632373031346235663562343731316431
+37353036663666383761373065333937643030353464633433343962626366636437326131653934
+64343461636364336130636566633962613733346430393135303965373635383538666137396335
+37633739633366353765666537336362346530336132376165656135376261623530313831663839
+38663061383564393464333135393731323639353531393964316136333665356166643634316461
+32343734653134343633313630623234636338663935386636656235313635356364336632383462
+64393366313964653833323031633036396264383166643935666331346133663534353937333361
+31383734303636383230386335323030663034303331366264623933646537316638373134663861
+36616334343563373839393063383330636630303132663332643038393933383565656338646436
+35386537333666336663353235333634623935396131663364646264326137343263306631356238
+33326333653336653332393235363265616137616331356566643634333763383762626531633635
+31336333363231643630333361633837386131353264303037386364366264633632343134643365
+33623265363133366639383033316132663431346539343131353664363834316566306464646262
+65303037656363656335346662326461353165633566316661303332666136353537316533306665
+37383862633964333063343333626231393438653838626466393565613466656662623265363166
+63303237656130353132653039333562363638643565363731623135653264393361343932613937
+36623835633466353139633966663531663433303335376437643031353630393365353236306635
+64376134613865393261613330373433666661393731333262663335616232646665333931663038
+64323037303536616566663962633535656664633330623331666239326136623433333931636462
+31626236326336646165623834626566343533363938373635633832623761313030653533646431
+37653763383136643465363335386636306136336632356339653264396532623039653533353036
+36313833363434376538346433313436383035646366353639313461346133383632643334346537
+66363537326537626565393735316636373365386339646264316365303665323234633838316330
+66306566346261373633323862363637653636343338316335373066643130616662323664306336
+34313061343034663262396630353231393930393538623736616337336133393163646635326431
+34393963386364653433323765626566306232616161666536306663636635343238323630353039
+35386331663136383461313866386466336164616635363138306239356334306265393331633062
+38313335633931353232336163643562323636326564643864636236303530303135393132333232
+38643139376534366264633233656334653938306232303631356339356164333335313737346134
+31333135663965393533333737356132383533653161636562346264373132346463346239633162
+64326464356435393963373639613063343764343964643432363165353662393039323039666139
+64306136656236663935333538303437393333363631616463656230663931313432396666616633
+62366336336162393264376137643066633038376332623330336534383235663562366136663762
+39656565336631323431346364666563366561336661316239313231313833633939336638666465
+37376265326433363735656266336339653136386461336531316634626532626138303437313737
+61303232633265383035663666663663623962383331376364313961333237363265653134656361
+39363962396138323761346431636533333234616361306437326666393065303332386439343664
+32306663633565343130663261623337323035333165373062396334356330616635663932616362
+34663331633065613738373631666434633132353664663132386532396365643063363161396430
+65613861653538616263633533323136636235616133383266366362623461323363353361323762
+62326333633564346331333861656564303161643033363935356331306133343066323738656363
+33303966323033643862303235323238633335303065356233656133376433393564643462633232
+32303730313839343931616235623437366330623539636361373165643162343836323731396535
+36316566623231373234306166306239336235613639636234343034663961393339656663313830
+65333366366333343963313533653439643931393363346132636539343631366536373564363832
+30613266663062343262343263306134363539343264636331313132373165353738303538613639
+33363130383463356233383864383738336361633437383639633164383737393432633838396434
+36356230623962376263313466663834626132336331616236313939313034613432633532643161
+62303963336139396566386232316138663562633435396463363534383735303039373836353530
+36323161656566366566356462353834623536313932386632623135653562333134316630376531
+33623362396165313530393739646566366265656665383563643632333336636235343835333362
+39306462316439336133393832316664333736633561313362613765373235373462343638356430
+63336265363763646434623364373139333165613337323635303238353231633165636633336566
+31373130326232653661393765313430633330613439613261646530633139613533313662633538
+65623565373232356166346364303538626164376538633265633261393335633363393136316539
+35303036653932333831303961633364393238663537653763376163333863616138666565666533
+65666530316434333565663336373235353437623433306234393336323065323165323432656236
+30333538376534333431353836636339346137396166633130336262663638376138613530356563
+33373564326231333064663563613637316436333531313037333930636363373030373863373162
+30383835303730323839333265633533656131636633333131643262383132396135366635363035
+64363564306236633537393766623766383530356135346236653531663265336264376530383961
+65386139663664353133633837643538646532386164626438363861316435636133393461666132
+39366663366165363138613063353563653966386561633435306661383935376335663535663065
+32366434323038623338383637366534313263363666646434363737373536373033386639333132
+31333037623864636162613336363133616665663839383262333630616132333663366237366136
+62343661666532626232346563323333336238336662646237366639666336303036393339336433
+66373661313838303363363131313537323661386462306538643663373866646363303935376539
+33346465303836343563363532656164663637656136646137323364333861613932326539393037
+39623265333633343832643237393962373865343932663161373937303831316263
diff --git a/host_vars/web01.l3d.space/vars.yml b/host_vars/web01.l3d.space/vars.yml
index ba2710c..04a6455 100644
--- a/host_vars/web01.l3d.space/vars.yml
+++ b/host_vars/web01.l3d.space/vars.yml
@@ -114,8 +114,7 @@ acme_reload_services:
 acme_restart_services:
   - 'gitea'
 
-acme_domain_unwant_list:
-  - name: 'node_exporter.web01.l3d.space'
+acme_domain_unwant_list: []
 #  - name: 'example.com'
 
 nginx_sites:
@@ -195,6 +194,7 @@ nginx_sites:
       user: 'klima'
   - name: 'www.klima-streik.de'
   - name: 'node-exporter.web01.l3d.space'
+  - name: 'nginx-exporter.web01.l3d.space'
 
 acme_notification_email: "{{ _acme_notification_email }}"
 
diff --git a/roles/l3d.nginx_exporter b/roles/l3d.nginx_exporter
new file mode 160000
index 0000000..267a2c1
--- /dev/null
+++ b/roles/l3d.nginx_exporter
@@ -0,0 +1 @@
+Subproject commit 267a2c108a147c12cf66251af2b92b05d9ef166c
diff --git a/site.yml b/site.yml
index 7357af7..5fa1ed9 100644
--- a/site.yml
+++ b/site.yml
@@ -30,6 +30,7 @@
     - {role: do1jlr.webhost, tags: [web, webhost], become: true}
     - {role: do1jlr.acmetool, tags: [web, acmetool], become: true}
     - {role: do1jlr.nginx, tags: [web, nginx]}
+    - {role: l3d.nginx_exporter, tags: [monitoring, nginx, prometheus, exporter]}
 
 
 - name: Deploy web config
diff --git a/templates/files/nginx/sites/nginx-exporter.mail01.l3d.space_tls.conf b/templates/files/nginx/sites/nginx-exporter.mail01.l3d.space_tls.conf
new file mode 100644
index 0000000..c56abd7
--- /dev/null
+++ b/templates/files/nginx/sites/nginx-exporter.mail01.l3d.space_tls.conf
@@ -0,0 +1,24 @@
+server {
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+
+  server_name nginx-exporter.mail.l3d.space;
+
+  include snippets/tls_parameters_{{ site.name }}.snippet.conf;
+  include snippets/tls_certificate_{{ site.name }}.snippet.conf;
+  include snippets/logging_{{ site.name }}.snippet.conf;
+
+
+  location / {
+    charset utf-8;
+    proxy_pass http://localhost:9113;
+    proxy_read_timeout 3600;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    allow 127.0.0.1;  #  allow requests from localhost
+    allow ::1;  #  allow requests from localhost
+    allow {{ prometheus_v4 }};  # allow prometheus IPv4
+    allow {{ prometheus_v6 }};  # allow prometheus IPv6
+    deny all;   # deny all other hosts
+  }
+}
diff --git a/templates/files/nginx/sites/nginx-exporter.services.l3d.space_tls.conf b/templates/files/nginx/sites/nginx-exporter.services.l3d.space_tls.conf
new file mode 100644
index 0000000..849cbae
--- /dev/null
+++ b/templates/files/nginx/sites/nginx-exporter.services.l3d.space_tls.conf
@@ -0,0 +1,24 @@
+server {
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+
+  server_name nginx-exporter.services.l3d.space;
+
+  include snippets/tls_parameters_{{ site.name }}.snippet.conf;
+  include snippets/tls_certificate_{{ site.name }}.snippet.conf;
+  include snippets/logging_{{ site.name }}.snippet.conf;
+
+
+  location / {
+    charset utf-8;
+    proxy_pass http://localhost:9113;
+    proxy_read_timeout 3600;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    allow 127.0.0.1;  #  allow requests from localhost
+    allow ::1;  #  allow requests from localhost
+    allow {{ prometheus_v4 }};  # allow prometheus IPv4
+    allow {{ prometheus_v6 }};  # allow prometheus IPv6
+    deny all;   # deny all other hosts
+  }
+}
diff --git a/templates/files/nginx/sites/nginx-exporter.web01.l3d.space_tls.conf b/templates/files/nginx/sites/nginx-exporter.web01.l3d.space_tls.conf
new file mode 100644
index 0000000..e63e0a7
--- /dev/null
+++ b/templates/files/nginx/sites/nginx-exporter.web01.l3d.space_tls.conf
@@ -0,0 +1,24 @@
+server {
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+
+  server_name nginx-exporter.web01.l3d.space;
+
+  include snippets/tls_parameters_{{ site.name }}.snippet.conf;
+  include snippets/tls_certificate_{{ site.name }}.snippet.conf;
+  include snippets/logging_{{ site.name }}.snippet.conf;
+
+
+  location / {
+    charset utf-8;
+    proxy_pass http://localhost:9113;
+    proxy_read_timeout 3600;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    allow 127.0.0.1;  #  allow requests from localhost
+    allow ::1;  #  allow requests from localhost
+    allow {{ prometheus_v4 }};  # allow prometheus IPv4
+    allow {{ prometheus_v6 }};  # allow prometheus IPv6
+    deny all;   # deny all other hosts
+  }
+}