---
- hosts: monitoring
  vars:
        apt:
                sign_keys:
                        - "https://packages.grafana.com/gpg.key"
                        - "https://repos.influxdata.com/influxdb.key"
                repos:
                        - { repo: 'https://repos.influxdata.com/ubuntu stretch stable', file: "influxdata" }
                        - { repo: 'https://packages.grafana.com/oss/deb stable main', file: "grafanalabs" }
                packages:
                        - { package: "grafana", state: present }
                        - { package: "telegraf", state: present }
        systemd:
                services:
                        - { name: "grafana-server", enabled: true, action: restarted }
                        - { name: "telegraf", enabled: true, action: restarted }
                overrides:
                        - "grafana-server"
                        - "telegraf"
        vault:
                roles:
                        - "postgresql"
                        - "grafana"
                        - "telegraf"
                        - "gitea"
        telegraf:
                outputs:
                        influxdb:
                                host: "{{ global.backend.influxdb.host }}"
                                port: "{{ global.backend.influxdb.port }}"
                                database: "telegraf"
                inputs:
                        redis:
                                servers:
                                        - "tcp://{{ global.backend.redis.host }}:{{ global.backend.redis.port }}"
                        postgresql:
                                address: "host={{ global.backend.postgres.host }} port={{ global.backend.postgres.port }} user={{ vault_postgres.user }} password={{ vault_postgres.password }} sslmode=prefer"

                        cloudwatch:
                                - {
                                        region: "eu-central-1",
                                        access_key: "{{ vault_telegraf.aws.access_key }}",
                                        secret_key: "{{ vault_telegraf.aws.secret_key }}",
                                        period: "24h",
                                        interval: "6h",
                                        namespace: "AWS/S3",
                                        ratelimit: 50,
                                        statistic_include: ["average"],
                                        cache_ttl: "12h"
                                }
                                - {
                                        region: "eu-west-1",
                                        access_key: "{{ vault_telegraf.aws.access_key }}",
                                        secret_key: "{{ vault_telegraf.aws.secret_key }}",
                                        period: "24h",
                                        interval: "6h",
                                        namespace: "AWS/SES",
                                        ratelimit: 15,
                                        statistic_include: ["average"],
                                        cache_ttl: "12h"
                                }
                                - {
                                        region: "us-east-1",
                                        access_key: "{{ vault_telegraf.aws.access_key }}",
                                        secret_key: "{{ vault_telegraf.aws.secret_key }}",
                                        period: "12h",
                                        interval: "6h",
                                        namespace: "AWS/Billing",
                                        ratelimit: 15,
                                        statistic_include: ["average"],
                                        cache_ttl: "6h"
                                }
        grafana:
                listen:
                        port: '{{ global.monitoring.grafana.port }}'
                        domain: '{{ global.monitoring.grafana.domain }}'
                database:
                        type: 'postgres'
                        host: '{{ global.backend.postgres.host }}:{{ global.backend.postgres.port }}'
                        name: 'grafana'
                        user: 'grafana'
                        ssl: 'require'
                        password: "{{ vault_postgres.dbpass['grafana'] }}"
                cache:
                        type: "redis"
                        connstr: "addr={{ global.backend.redis.host }}:{{ global.backend.redis.port }},pool_size=100,db=9"
                auth:
                        generic_oauth:
                                - {
                                        name: 'Gitea',
                                        enabled: 'true',
                                        allow_sign_up: 'false',
                                        client_id: '{{ vault_gitea.oauth.client_id }}',
                                        client_secret: '{{ vault_gitea.oauth.client_secret }}',
                                        scopes: 'user:email',
                                        auth_url: 'https://{{ global.dev.gitea.domain }}/login/oauth/authorize',
                                        token_url: 'https://{{ global.dev.gitea.domain }}/login/oauth/access_token',
                                        api_url: 'https://{{ global.dev.gitea.domain }}/api/v1/user'
                                }
  roles:
        - vault
        - apt
        - grafana
        - telegraf
        - systemd