---
- hosts: monitoring
  vars:
        file:
                - { path: "/etc/telegraf/telegraf.conf", owner: "telegraf", group: "root", mode: "700", state: file }
        apt:
                sign_keys:
                        - "https://packages.grafana.com/gpg.key"
                        - "https://repos.influxdata.com/influxdb.key"
                repos:
                        - { repo: 'https://repos.influxdata.com/ubuntu stretch stable', file: "influxdata" }
                        - { repo: 'https://packages.grafana.com/oss/deb stable main', file: "grafanalabs" }
                packages:
                        - { package: "grafana", state: present }
                        - { package: "telegraf", state: present }
        systemd:
                services:
                        - { name: "grafana-server", enabled: true, action: restarted }
                        - { name: "telegraf", enabled: true, action: reloaded }
                overrides:
                        - "grafana-server"
                        - "telegraf"
        vault:
                roles:
                        - "postgresql"
                        - "grafana"
                        - "telegraf"
                        - "minecraft"
                        - "gitea"
        telegraf:
                outputs:
                        influxdb:
                                host: "{{ global.backend.influxdb.host }}"
                                port: "{{ global.backend.influxdb.port }}"
                                database: "telegraf"
                inputs:
                        redis:
                                servers:
                                        - "tcp://{{ global.backend.redis.host }}:{{ global.backend.redis.port }}"
                        postgresql:
                                address: "host={{ global.backend.postgres.host }} port={{ global.backend.postgres.port }} user={{ vault_postgres.user }} password={{ vault_postgres.password }} sslmode=prefer"
        grafana:
                smtp:
                        from: "grafana@redxen.eu"
                        host: "mail.redxen.eu:465"
                        user: "grafana"
                        password: "{{ vault_grafana.smtp.password }}"
                listen:
                        port: '{{ global.monitoring.grafana.port }}'
                        domain: '{{ global.monitoring.grafana.domain }}'
                database:
                        type: 'postgres'
                        host: '{{ global.backend.postgres.host }}:{{ global.backend.postgres.port }}'
                        name: 'grafana'
                        user: 'grafana'
                        ssl: 'require'
                        password: "{{ vault_postgres.dbpass['grafana']|default() }}"
                cache:
                        type: "redis"
                        connstr: "addr={{ global.backend.redis.host }}:{{ global.backend.redis.port }},pool_size=100,db=9"
                plugins:
                        - "grafana-image-renderer"
                auth:
                        generic_oauth:
                                - {
                                        name: 'Gitea',
                                        enabled: 'true',
                                        allow_sign_up: 'false',
                                        client_id: '{{ vault_gitea.oauth.client_id|default() }}',
                                        client_secret: '{{ vault_gitea.oauth.client_secret|default() }}',
                                        scopes: 'user:email',
                                        auth_url: 'https://{{ global.dev.gitea.domain }}/login/oauth/authorize',
                                        token_url: 'https://{{ global.dev.gitea.domain }}/login/oauth/access_token',
                                        api_url: 'https://{{ global.dev.gitea.domain }}/api/v1/user'
                                }
  roles:
        - vault
        - apt
        - grafana
        - telegraf
        - file
        - systemd