Add monitoring role

roles/monitoring/tasks/blackbox.yaml

@@ -0,0 +1,4 @@
+---
+- name: Install blackbox exporter
+  apt:
+    name: prometheus-blackbox-exporter

roles/monitoring/tasks/grafana.yaml

@@ -0,0 +1,46 @@
+---
+- name: Add key
+  get_url:
+    url: https://apt.grafana.com/gpg.key
+    dest: /etc/apt/keyrings/grafana.asc
+  notify: apt update
+
+- name: Grafana source
+  copy:
+    dest: /etc/apt/sources.list.d/grafana.list
+    content: "deb [signed-by=/etc/apt/keyrings/grafana.asc] https://apt.grafana.com stable main"
+  notify: apt update
+
+- meta: flush_handlers
+
+- name: Install Grafana
+  apt:
+    name: grafana
+
+- name: Configure grafana
+  template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart grafana
+  with_items:
+    - { src: grafana.ini, dest: /etc/grafana/grafana.ini }
+    - { src: grafana-ldap.toml, dest: /etc/grafana/ldap.toml }
+
+- name: Configure grafana data source
+  template:
+    src: grafana-data-source.yml
+    dest: "/etc/grafana/provisioning/datasources/{{ item.name | lower }}.yaml"
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart grafana
+  with_items:
+    - name: Prometheus
+      type: prometheus
+      access: proxy
+      url: 'http://{{ prometheus_web_listen_address }}/prometheus'
+      basicAuth: false
+      isDefault: true

roles/monitoring/tasks/main.yaml

@@ -0,0 +1,66 @@
+---
+- name: monitoring
+  tags: monitoring
+  block:
+    - name: Install dependencies
+      apt:
+        name: nginx
+        state: present
+
+    - name: Clear default nginx site
+      file:
+        state: absent
+        path: /etc/nginx/sites-enabled/default
+      notify: reload nginx
+
+    - name: Install nginx site
+      template:
+        src: nginx-site.conf
+        dest: /etc/nginx/sites-available/monitoring
+        owner: root
+        group: root
+        mode: 0644
+      notify: reload nginx
+
+    - name: Enable nginx site
+      file:
+        src: /etc/nginx/sites-available/monitoring
+        dest: /etc/nginx/sites-enabled/monitoring
+        state: link
+      notify: reload nginx
+
+    - name: Start nginx
+      systemd:
+        name: nginx
+        state: started
+        enabled: yes
+
+    - name: Allow HTTP/HTTPS
+      iptables:
+        chain: INPUT
+        protocol: tcp
+        destination_port: "{{ item.port }}"
+        ctstate: NEW
+        jump: ACCEPT
+        ip_version: "{{ item.ip }}"
+        action: insert
+      with_items:
+        - { ip: ipv6, port: 80 }
+        - { ip: ipv6, port: 443 }
+      notify: persist iptables
+
+- name: mqtt_exporter
+  tags: mqtt_exporter
+  import_tasks: mqtt_exporter.yaml
+
+- name: blackbox
+  tags: blackbox
+  import_tasks: blackbox.yaml
+
+- name: prometheus
+  tags: prometheus
+  import_tasks: prometheus.yaml
+
+- name: grafana
+  tags: grafana
+  import_tasks: grafana.yaml

roles/monitoring/tasks/mqtt_exporter.yaml

@@ -0,0 +1,46 @@
+---
+- name: Clone source
+  git:
+    repo: https://github.com/polyfloyd/mqtt-exporter.git
+    version: main
+    dest: /opt/mqtt_exporter
+    accept_hostkey: yes
+  notify: restart mqtt_exporter
+
+- name: Install apt dependencies
+  apt:
+    name:
+      - python3-paho-mqtt
+      - python3-prometheus-client
+      - python3-yaml
+    state: present
+
+- name: Install service
+  template:
+    src: mqtt_exporter.service
+    dest: /etc/systemd/system/mqtt_exporter.service
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+    - daemon reload
+    - restart mqtt_exporter
+
+- name: Install config file
+  template:
+    src: mqtt_exporter_config.yaml
+    dest: /etc/mqtt_exporter.yaml
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+    - daemon reload
+    - restart mqtt_exporter
+
+- meta: flush_handlers
+
+- name: Start service
+  systemd:
+    name: mqtt_exporter
+    state: started
+    enabled: true

roles/monitoring/tasks/prometheus.yaml

@@ -0,0 +1,27 @@
+---
+- name: Install dependencies
+  apt:
+    name: prometheus
+
+- name: Configure Prometheus
+  template:
+    src: prometheus.yml
+    dest: "{{ prometheus_config_dir }}/prometheus.yml"
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart prometheus
+
+- name: Configure Prometheus args
+  lineinfile:
+    path: /etc/default/prometheus
+    line: >-
+      ARGS="
+      --storage.tsdb.retention.time={{ prometheus_storage_retention }}
+      --storage.tsdb.retention.size=0
+      --web.listen-address={{ prometheus_web_listen_address }}
+      --web.external-url=prometheus
+      --config.file={{ prometheus_config_dir }}/prometheus.yml
+      "
+    regexp: '^ARGS'
+  notify: restart prometheus