diff --git a/.gitattributes b/.gitattributes index 3d7047a..bdfe0b0 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,3 +1,2 @@ *.png filter=lfs diff=lfs merge=lfs -text **/vault.yml diff=ansible-vault merge=binary -**/vault.yml diff=ansible-vault merge=binary diff --git a/.gitmodules b/.gitmodules index c8b88a3..e7c2a03 100644 --- a/.gitmodules +++ b/.gitmodules @@ -66,10 +66,6 @@ path = roles/do1jlr.rspamd url = https://github.com/roles-ansible/ansible_role_rspamd.git branch = main -[submodule "roles/unattended_upgrades"] - path = roles/unattended_upgrades - url = https://github.com/jnv/ansible-role-unattended-upgrades.git - branch = master [submodule "roles/do1jlr.nginx"] path = roles/do1jlr.nginx url = https://github.com/DO1JLR/ansible_role_nginx.git @@ -109,9 +105,6 @@ [submodule "collections/ansible_collections/community/mysql"] path = collections/ansible_collections/community/mysql url = https://github.com/ansible-collections/community.mysql.git -[submodule "collections/ansible_collections/community/general"] - path = collections/ansible_collections/community/general - url = https://github.com/ansible-collections/community.general.git [submodule "collections/ansible_collections/community/crypto"] path = collections/ansible_collections/community/crypto url = https://github.com/ansible-collections/community.crypto.git @@ -127,3 +120,18 @@ [submodule "roles/do1jlr.packages"] path = roles/l3d.packages url = https://github.com/roles-ansible/ansible_role_packages.git +[submodule "collections/ansible_collections/prometheus/prometheus"] + path = collections/ansible_collections/prometheus/prometheus + url = https://github.com/prometheus-community/ansible +[submodule "collections/ansible_collections/community/grafana"] + path = collections/ansible_collections/community/grafana + url = https://github.com/ansible-collections/community.grafana +[submodule "collections/ansible_collections/grafana/grafana"] + path = collections/ansible_collections/grafana/grafana + url = https://github.com/grafana/grafana-ansible-collection +[submodule "roles/unattended_upgrades"] + path = roles/unattended_upgrades + url = https://github.com/hifis-net/ansible-role-unattended-upgrades.git +[submodule "collections/ansible_collections/community/general"] + path = collections/ansible_collections/community/general + url = https://github.com/ansible-collections/community.general.git diff --git a/collections/ansible_collections/community/general b/collections/ansible_collections/community/general index ab0b85d..48e860b 160000 --- a/collections/ansible_collections/community/general +++ b/collections/ansible_collections/community/general @@ -1 +1 @@ -Subproject commit ab0b85d7d2196e36c00cf4316c55582bad3b53f3 +Subproject commit 48e860be2033dc96127127d4355311301a6b31fa diff --git a/collections/ansible_collections/community/grafana b/collections/ansible_collections/community/grafana new file mode 160000 index 0000000..ff49e95 --- /dev/null +++ b/collections/ansible_collections/community/grafana @@ -0,0 +1 @@ +Subproject commit ff49e951e5656ce3298fd7e958fb9845add59193 diff --git a/collections/ansible_collections/grafana/grafana b/collections/ansible_collections/grafana/grafana new file mode 160000 index 0000000..d6d468c --- /dev/null +++ b/collections/ansible_collections/grafana/grafana @@ -0,0 +1 @@ +Subproject commit d6d468ce8f4d1ddd25a669c4177f3f194377bc92 diff --git a/collections/ansible_collections/prometheus/prometheus b/collections/ansible_collections/prometheus/prometheus new file mode 160000 index 0000000..2cfaf9c --- /dev/null +++ b/collections/ansible_collections/prometheus/prometheus @@ -0,0 +1 @@ +Subproject commit 2cfaf9c513bb81f0f0a585bfe3d008a84bbf74a7 diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index bfd046b..fc97ebf 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -18,3 +18,6 @@ ntp_servers: - 1.pool.ntp.org iburst - 2.pool.ntp.org iburst - 3.pool.ntp.org iburst + +# prometheus.prometeus.node_exporter +node_exporter_web_listen_address: '127.0.0.1:9100' diff --git a/host_vars/services.l3d.space/vars.yml b/host_vars/services.l3d.space/vars.yml index fbe25ce..bd7cf1c 100644 --- a/host_vars/services.l3d.space/vars.yml +++ b/host_vars/services.l3d.space/vars.yml @@ -23,3 +23,7 @@ etebase__create_backup: true # acmetool config acme_reload_services: - 'nginx' + +# grafana.grafana-grafana +grafana_address: '127.0.0.1' +grafana_instance: 'grafana.l3d.ch' diff --git a/host_vars/services.l3d.space/vault.yml b/host_vars/services.l3d.space/vault.yml index 1064df7..cde774f 100644 --- a/host_vars/services.l3d.space/vault.yml +++ b/host_vars/services.l3d.space/vault.yml @@ -1,18 +1,26 @@ $ANSIBLE_VAULT;1.1;AES256 -36303862626638383966623733653733316630343437666130656664353064393633343831393261 -3735303864663231623362373761653736346538313736320a356361643562656431323963306264 -32386363323635363466323638363437383463646166626632613332313861383162323463333637 -3933303462386163360a353365333632343861393666663239623664663038666433666363623934 -63363263656434666136343833316138343730626432303430613031346561373436613836626165 -34373331373266663835633466653437626533383566393833636361313937363965616461336130 -62363239316437313935333037643632616665373439636237336264646133313030383633333763 -38643333316531303638333435623563633266373463656138366334336134363861643365656532 -31336134353464396533303261623038363037626530623764363664343566333437383231313366 -62616533646330663464663530626437633764383963353736643330616430626463386532626361 -63323437336664326535616638396538333338303838653930623038623631643562613431336563 -34333662613061396130353865386434626665626665633139363266663038613137356138383364 -61343736393361616332323764356162313936306432323232343764666163386533313862646537 -34366432666464633735333436623832643630316432323138303338646563313361636366396563 -34366230313131656438336561636634376661346533393539613030626532613734333739613131 -34666139323639376536383630633534333734323561366239306634303735656361643138356337 -3137 +38633637643839303839303663643461313236656466336463376361623338306161323735646431 +3664666664656463323737313734343532386136333764620a363638666263383262616137633130 +36616665616632346439633832346662323833616163333835666536383433383462616364376133 +3937373938383963640a626336323432626463363065346663396537343961386131326534623661 +36656535383135313562613338343136386466316231626162313833656232363633336236636164 +62653937316331313331626436366130386164353264636435373365653432393463326661623334 +39656465663130343838663839626432396361343065396237616536386430633061303463393831 +62366139333530656431616663383063656662616236396535383931386534366232666134653438 +34333135666161643565333736656433396134663765616534303865353635363366323739646131 +61363937343733323036636236336336646538636239663739373234393030616664346561396230 +36633364343233376637376439623631303030636564353866386638636432613232346438366465 +63376664666462396162623832393532666265326466383735316638613064336331323861616236 +34393238313739396163646335396564353438626630393830633961316136633863633732393635 +33373138353936323934663130636266343836316139356462616431313733333239623062343132 +35616533633865376238356265646437353436383062666237613266616634643764643764313631 +63343331623932383336363765303431353737653735653131623466363334346665316632313438 +64316532646630366563393839363938376465316661313761346461343465626536393263666337 +32643561623535303034663964376439343039653862333063363132333835303234636631636433 +37343731376533323630313137343930326538366566306661333366356633373461613939366338 +65383433373633623263333733336634366437633965656132366238313236316561303530333564 +35383430663935303435623165333866386535353035396533336638356634353439633133373562 +35316232393561646262383165613330636464623036353733363438656139623064303937313532 +62376431666635376239363261346537633831643165396331666463666235666436646233396564 +37343635343639383662316330313839656631303237383535643730646164306630303465626434 +31343935346331636435313935666637393261633063396539386530613731396637 diff --git a/roles/robertdebock.dovecot b/roles/robertdebock.dovecot index b7f46a2..1f8a3b6 160000 --- a/roles/robertdebock.dovecot +++ b/roles/robertdebock.dovecot @@ -1 +1 @@ -Subproject commit b7f46a2fe10d1924433e72d934ca8de6bb4589b9 +Subproject commit 1f8a3b6ee4ff2d6267bddbcd70bdf84642541eb3 diff --git a/roles/robertdebock.fail2ban b/roles/robertdebock.fail2ban index 7c8482c..62a1594 160000 --- a/roles/robertdebock.fail2ban +++ b/roles/robertdebock.fail2ban @@ -1 +1 @@ -Subproject commit 7c8482cfb6d3ed16e0eb70f87cb91947e03514d6 +Subproject commit 62a159418601b628e33267467fdf031b88006b62 diff --git a/roles/unattended_upgrades b/roles/unattended_upgrades index ff35ee6..c0d0c56 160000 --- a/roles/unattended_upgrades +++ b/roles/unattended_upgrades @@ -1 +1 @@ -Subproject commit ff35ee6e1cd604bdd71437f73e2b912dd39a9a16 +Subproject commit c0d0c569ebef916fe0bbb5cfa5e3f1bbd7a28751 diff --git a/site.yml b/site.yml index 5461880..536cbd3 100644 --- a/site.yml +++ b/site.yml @@ -14,6 +14,7 @@ - {role: do1jlr.rtl_nic_firmware, tags: [apu, rtl_nic, firmware]} - {role: do1jlr.avahi_client, tags: [avahi, avahi_client]} - {role: do1jlr.ntp, tags: [ntp]} + - {role: prometheus.prometheus.node_exporter, tags: [monitoring, node_exporter]} - name: User specific roles for all hosts hosts: all @@ -46,6 +47,7 @@ hosts: services roles: - {role: do1jlr.etebase, tags: [etebase, etesync, calendar, kalender, contacts, kontakte]} + - {role: grafana.grafana.grafana, tags: [grafana. monitoring]} - name: Deploy mail config hosts: mail diff --git a/templates/files/nginx/sites/node_exporter.web01.l3d.space_tls b/templates/files/nginx/sites/node_exporter.web01.l3d.space_tls new file mode 100644 index 0000000..f3d6feb --- /dev/null +++ b/templates/files/nginx/sites/node_exporter.web01.l3d.space_tls @@ -0,0 +1,17 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name node_exporter.web01.l3d.space; + + include snippets/tls_parameters_{{ site.name }}.snippet.conf; + include snippets/tls_certificate_{{ site.name }}.snippet.conf; + include snippets/logging_{{ site.name }}.snippet.conf; + + root /srv/www/c3woc.de; + + location / { + charset utf-8; + try_files $uri $uri/ =404; + } +}