Working config for dashboard / prometheus / grafana

roles/nginx/templates/etc-nginx.conf.j2

@@ -6,6 +6,10 @@ pid                 /run/nginx.pid;
 worker_rlimit_nofile 16384;
 include             {{ nginx_modules_dir }}/*.conf;
 
+events {
+       worker_connections 768;
+}
+
 http {
     sendfile on;
     tcp_nopush on;

roles/nginx/templates/site.conf.j2

@@ -8,7 +8,7 @@ server {
 
     include /etc/nginx/tls_params;
     ssl_certificate        /var/lib/dehydrated/certs/{{ site.server_name }}/fullchain.pem;
-    ssl_certificate_key    /var/lib/dehydrated/certs/{{ site.server_name }}/fullkey.pem;
+    ssl_certificate_key    /var/lib/dehydrated/certs/{{ site.server_name }}/privkey.pem;
 
     location ~ /\.ht {
         deny all;
@@ -26,8 +26,8 @@ server {
 
     # Include snippets
 {% for file in site.snippets | default([]) %}
-{% include "../../../snippets/" . file %}
+{% include "snippets/" ~ file %}
-{% endif %}
+{% endfor %}
 
     # Per site configuration
 {% for line in site.config | default([]) %}

roles/nginx/templates/snippets

@@ -0,0 +1 @@
+../../../snippets/

snippets/prometheus-nginx.j2

@@ -4,10 +4,10 @@ location /prometheus/ {
     proxy_pass http://localhost:9090/prometheus/;
     include proxy_params;
 
-{% for host in bitlair_ip_whitelist %}
+{% for host in trusted_ranges | default([]) %}
-    allow {{ host }};
+    allow {{ host.cidr }};
-{% endif %}
+{% endfor %}
-    allow "127.0.0.0/8"
+    allow "127.0.0.0/8";
     allow "::1";
     deny all;
 }