ansible/monitoring.yml

---
- hosts: monitoring
  vars:
        apt:
                keys:
                        - "https://packages.grafana.com/gpg.key"
                        - "https://repos.influxdata.com/influxdb.key"
                repos:
                        - { repo: 'https://repos.influxdata.com/ubuntu stretch stable', file: "influxdata" }
                        - { repo: 'https://packages.grafana.com/oss/deb stable main', file: "grafanalabs" }
                packages:
                        - { package: "grafana", state: present }
                        - { package: "telegraf", state: present }
        systemd:
                services:
                        - { name: "grafana-server", enabled: true, state: restarted }
                        - { name: "telegraf", enabled: true, state: restarted }
        vault:
                roles:
                        - "postgresql"
                        - "grafana"
                        - "telegraf"
                        - "grafana"
        grafana:
                listen:
                        port: '{{ global.monitoring.grafana.port }}'
                        domain: '{{ global.monitoring.grafana.domain }}'
                database:
                        type: 'postgres'
                        host: '{{ postgres.host }}:{{ postgres.port }}'
                        name: 'grafana'
                        user: 'grafana'
                        ssl: 'require'
                        password: "{{ postgres.dbpass['grafana'] }}"
                cache:
                        type: "redis"
                        connstr: "addr={{ global.backend.redis.host }}:{{ global.backend.redis.port }},pool_size=100,db=9"
                auth:
                        generic_oauth:
                                - {
                                        name: 'Gitea',
                                        enabled: 'true',
                                        allow_sign_up: 'false',
                                        client_id: '{{ vault_gitea.client_id }}',
                                        client_secret: '{{ vault_gitea.client_secret }}',
                                        scopes: 'user:email',
                                        auth_url: 'https://{{ global.dev.gitea.domain }}/login/oauth/authorize',
                                        token_url: 'https://{{ global.dev.gitea.domain }}/login/oauth/access_token',
                                        api_url: 'https://{{ global.dev.gitea.domain }}/api/v1/user'
                                }
  roles:
        - vault
        - apt
        - grafana
        - telegraf
        - systemd