Add monitoring role

roles/monitoring/templates/nginx-site.conf

@@ -0,0 +1,45 @@
+server {
+	listen 443 ssl http2 default_server;
+	listen [::]:443 ssl http2;
+	server_name {{ monitoring_domain }};
+
+	{% if monitoring_bootstrap_cert %}
+	include "snippets/snakeoil.conf";
+	{% else %}
+	ssl_certificate     "/var/lib/dehydrated/certs/{{ monitoring_domain }}/fullchain.pem";
+	ssl_certificate_key "/var/lib/dehydrated/certs/{{ monitoring_domain }}/privkey.pem";
+	{% endif %}
+
+	add_header X-Robots-Tag noindex;
+
+	location / {
+		proxy_pass http://localhost:9000/;
+		include proxy_params;
+	}
+
+	location /prometheus/ {
+		proxy_pass http://localhost:9090/prometheus/;
+		include proxy_params;
+
+		{% for range in trusted_ranges %}
+		allow "{{ range.cidr }}";
+		{% endfor %}
+		allow "127.0.0.1";
+		allow "::1";
+		deny all;
+	}
+
+	include "snippets/acme.conf";
+}
+
+server {
+	listen 80 default_server;
+	listen [::]:80;
+	server_name {{ monitoring_domain }};
+
+	location / {
+		rewrite ^/(.*) https://$server_name$request_uri? redirect;
+	}
+
+	include "snippets/acme.conf";
+}