ansible-ffibk/roles/service-prometheus/templates/node_exporter_vhost.conf.j2

server {
    listen {{ lookup('dig', inventory_hostname, 'qtype=A') }}:9100 ssl;
    listen [{{ lookup('dig', inventory_hostname, 'qtype=AAAA') }}]:9100 ssl;
    server_name {{ inventory_hostname_short }}.{{ http_domain_external }} {{ inventory_hostname_short }}.{{ http_domain_internal }};

{% if acme_server == 'zuckerwatte' %}
    ssl_certificate     /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/fullchain.pem;
    ssl_certificate_key /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/privkey.pem;
{% else %}
    ssl_certificate     /etc/nginx/ssl/{{ http_domain_external }}/fullchain.pem;
    ssl_certificate_key /etc/nginx/ssl/{{ http_domain_external }}/privkey.pem;
{% endif %}

    include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;

    location / {
      proxy_pass http://127.0.0.1:9100;

      allow 127.0.0.0/8;
      allow ::1/128;
{% for host in groups['monitoring'] %}
      allow {{ lookup('dig', host, 'qtype=A') }};
      allow {{ lookup('dig', host, 'qtype=AAAA') }};
      deny all;
{% endfor %}
    }
}
role service-prometheus: move node_exporter to own vhost 2018-09-24 15:10:10 +02:00			`server {`
			`listen {{ lookup('dig', inventory_hostname, 'qtype=A') }}:9100 ssl;`
			`listen [{{ lookup('dig', inventory_hostname, 'qtype=AAAA') }}]:9100 ssl;`
			`server_name {{ inventory_hostname_short }}.{{ http_domain_external }} {{ inventory_hostname_short }}.{{ http_domain_internal }};`

service-prometheus: quick fix for wrong ssl cert should be fixed properly (see #28) 2019-09-27 15:39:56 +02:00			`{% if acme_server == 'zuckerwatte' %}`
role service-prometheus: move node_exporter to own vhost 2018-09-24 15:10:10 +02:00			`ssl_certificate /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/fullchain.pem;`
			`ssl_certificate_key /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/privkey.pem;`
service-prometheus: quick fix for wrong ssl cert should be fixed properly (see #28) 2019-09-27 15:39:56 +02:00			`{% else %}`
			`ssl_certificate /etc/nginx/ssl/{{ http_domain_external }}/fullchain.pem;`
			`ssl_certificate_key /etc/nginx/ssl/{{ http_domain_external }}/privkey.pem;`
			`{% endif %}`
role service-prometheus: move node_exporter to own vhost 2018-09-24 15:10:10 +02:00
			`include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;`

			`location / {`
			`proxy_pass http://127.0.0.1:9100;`

			`allow 127.0.0.0/8;`
			`allow ::1/128;`
Remove dashes from group_vars names 2019-05-22 09:18:40 +02:00			`{% for host in groups['monitoring'] %}`
role service-prometheus: move node_exporter to own vhost 2018-09-24 15:10:10 +02:00			`allow {{ lookup('dig', host, 'qtype=A') }};`
			`allow {{ lookup('dig', host, 'qtype=AAAA') }};`
			`deny all;`
			`{% endfor %}`
			`}`
			`}`