Merge branch 'main' into smd

.gitattributes

@@ -1,3 +1,2 @@
 *.png filter=lfs diff=lfs merge=lfs -text
 **/vault.yml diff=ansible-vault merge=binary
-**/vault.yml diff=ansible-vault merge=binary

.gitmodules

@@ -66,10 +66,6 @@
 	path = roles/do1jlr.rspamd
 	url = https://github.com/roles-ansible/ansible_role_rspamd.git
   branch = main
-[submodule "roles/unattended_upgrades"]
-	path = roles/unattended_upgrades
-	url = https://github.com/jnv/ansible-role-unattended-upgrades.git
-  branch = master
 [submodule "roles/do1jlr.nginx"]
 	path = roles/do1jlr.nginx
 	url = https://github.com/DO1JLR/ansible_role_nginx.git
@@ -109,9 +105,6 @@
 [submodule "collections/ansible_collections/community/mysql"]
 	path = collections/ansible_collections/community/mysql
 	url = https://github.com/ansible-collections/community.mysql.git
-[submodule "collections/ansible_collections/community/general"]
-	path = collections/ansible_collections/community/general
-	url = https://github.com/ansible-collections/community.general.git
 [submodule "collections/ansible_collections/community/crypto"]
 	path = collections/ansible_collections/community/crypto
 	url = https://github.com/ansible-collections/community.crypto.git
@@ -127,3 +120,18 @@
 [submodule "roles/do1jlr.packages"]
 	path = roles/l3d.packages
 	url = https://github.com/roles-ansible/ansible_role_packages.git
+[submodule "collections/ansible_collections/prometheus/prometheus"]
+	path = collections/ansible_collections/prometheus/prometheus
+	url = https://github.com/prometheus-community/ansible
+[submodule "collections/ansible_collections/community/grafana"]
+	path = collections/ansible_collections/community/grafana
+	url = https://github.com/ansible-collections/community.grafana
+[submodule "collections/ansible_collections/grafana/grafana"]
+	path = collections/ansible_collections/grafana/grafana
+	url = https://github.com/grafana/grafana-ansible-collection
+[submodule "roles/unattended_upgrades"]
+	path = roles/unattended_upgrades
+	url = https://github.com/hifis-net/ansible-role-unattended-upgrades.git
+[submodule "collections/ansible_collections/community/general"]
+	path = collections/ansible_collections/community/general
+	url = https://github.com/ansible-collections/community.general.git

collections/ansible_collections/community/grafana

@@ -0,0 +1 @@
+Subproject commit ff49e951e5656ce3298fd7e958fb9845add59193

collections/ansible_collections/grafana/grafana

@@ -0,0 +1 @@
+Subproject commit d6d468ce8f4d1ddd25a669c4177f3f194377bc92

collections/ansible_collections/prometheus/prometheus

@@ -0,0 +1 @@
+Subproject commit 2cfaf9c513bb81f0f0a585bfe3d008a84bbf74a7

group_vars/all/vars.yml

@@ -18,3 +18,6 @@ ntp_servers:
   - 1.pool.ntp.org iburst
   - 2.pool.ntp.org iburst
   - 3.pool.ntp.org iburst
+
+# prometheus.prometeus.node_exporter
+node_exporter_web_listen_address: '127.0.0.1:9100'

host_vars/services.l3d.space/vars.yml

@@ -25,3 +25,7 @@ etebase__create_backup: true
 # acmetool config
 acme_reload_services:
   - 'nginx'
+
+# grafana.grafana-grafana
+grafana_address: '127.0.0.1'
+grafana_instance: 'grafana.l3d.ch'

host_vars/services.l3d.space/vault.yml

@@ -1,18 +1,26 @@
 $ANSIBLE_VAULT;1.1;AES256
-36303862626638383966623733653733316630343437666130656664353064393633343831393261
+38633637643839303839303663643461313236656466336463376361623338306161323735646431
-3735303864663231623362373761653736346538313736320a356361643562656431323963306264
+3664666664656463323737313734343532386136333764620a363638666263383262616137633130
-32386363323635363466323638363437383463646166626632613332313861383162323463333637
+36616665616632346439633832346662323833616163333835666536383433383462616364376133
-3933303462386163360a353365333632343861393666663239623664663038666433666363623934
+3937373938383963640a626336323432626463363065346663396537343961386131326534623661
-63363263656434666136343833316138343730626432303430613031346561373436613836626165
+36656535383135313562613338343136386466316231626162313833656232363633336236636164
-34373331373266663835633466653437626533383566393833636361313937363965616461336130
+62653937316331313331626436366130386164353264636435373365653432393463326661623334
-62363239316437313935333037643632616665373439636237336264646133313030383633333763
+39656465663130343838663839626432396361343065396237616536386430633061303463393831
-38643333316531303638333435623563633266373463656138366334336134363861643365656532
+62366139333530656431616663383063656662616236396535383931386534366232666134653438
-31336134353464396533303261623038363037626530623764363664343566333437383231313366
+34333135666161643565333736656433396134663765616534303865353635363366323739646131
-62616533646330663464663530626437633764383963353736643330616430626463386532626361
+61363937343733323036636236336336646538636239663739373234393030616664346561396230
-63323437336664326535616638396538333338303838653930623038623631643562613431336563
+36633364343233376637376439623631303030636564353866386638636432613232346438366465
-34333662613061396130353865386434626665626665633139363266663038613137356138383364
+63376664666462396162623832393532666265326466383735316638613064336331323861616236
-61343736393361616332323764356162313936306432323232343764666163386533313862646537
+34393238313739396163646335396564353438626630393830633961316136633863633732393635
-34366432666464633735333436623832643630316432323138303338646563313361636366396563
+33373138353936323934663130636266343836316139356462616431313733333239623062343132
-34366230313131656438336561636634376661346533393539613030626532613734333739613131
+35616533633865376238356265646437353436383062666237613266616634643764643764313631
-34666139323639376536383630633534333734323561366239306634303735656361643138356337
+63343331623932383336363765303431353737653735653131623466363334346665316632313438
-3137
+64316532646630366563393839363938376465316661313761346461343465626536393263666337
+32643561623535303034663964376439343039653862333063363132333835303234636631636433
+37343731376533323630313137343930326538366566306661333366356633373461613939366338
+65383433373633623263333733336634366437633965656132366238313236316561303530333564
+35383430663935303435623165333866386535353035396533336638356634353439633133373562
+35316232393561646262383165613330636464623036353733363438656139623064303937313532
+62376431666635376239363261346537633831643165396331666463666235666436646233396564
+37343635343639383662316330313839656631303237383535643730646164306630303465626434
+31343935346331636435313935666637393261633063396539386530613731396637

roles/unattended_upgrades

@@ -1 +1 @@
-Subproject commit ff35ee6e1cd604bdd71437f73e2b912dd39a9a16
+Subproject commit c0d0c569ebef916fe0bbb5cfa5e3f1bbd7a28751

site.yml

@@ -14,6 +14,7 @@
     - {role: do1jlr.rtl_nic_firmware, tags: [apu, rtl_nic, firmware]}
     - {role: do1jlr.avahi_client, tags: [avahi, avahi_client]}
     - {role: do1jlr.ntp, tags: [ntp]}
+    - {role: prometheus.prometheus.node_exporter, tags: [monitoring, node_exporter]}
 
 - name: User specific roles for all hosts
   hosts: all
@@ -46,6 +47,7 @@
   hosts: services
   roles:
     - {role: do1jlr.etebase, tags: [etebase, etesync, calendar, kalender, contacts, kontakte]}
+    - {role: grafana.grafana.grafana, tags: [grafana. monitoring]}
 
 - name: Deploy mail config
   hosts: mail

templates/files/nginx/sites/node_exporter.web01.l3d.space_tls

@@ -0,0 +1,17 @@
+server {
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+
+  server_name node_exporter.web01.l3d.space;
+
+  include snippets/tls_parameters_{{ site.name }}.snippet.conf;
+  include snippets/tls_certificate_{{ site.name }}.snippet.conf;
+  include snippets/logging_{{ site.name }}.snippet.conf;
+
+  root /srv/www/c3woc.de;
+
+  location / {
+    charset utf-8;
+    try_files $uri $uri/ =404;
+  }
+}