add role service-grafana

roles/service-grafana/files/grafana.ini

@@ -0,0 +1,88 @@
+[paths]
+
+[server]
+
+protocol = http
+http_addr = 127.0.0.1
+http_port = 3000
+router_logging = false
+
+[database]
+
+[session]
+
+provider = memory
+
+cookie_secure = true
+
+[dataproxy]
+
+[analytics]
+
+reporting_enabled = false
+
+[security]
+
+login_remember_days = 7
+
+[snapshots]
+
+[users]
+
+allow_sign_up = true
+allow_org_create = false
+
+[auth]
+
+[auth.anonymous]
+
+enabled = true
+org_name = Freifunk MWU
+org_role = Viewer
+
+[auth.github]
+
+[auth.google]
+
+[auth.generic_oauth]
+
+[auth.grafana_com]
+
+[auth.proxy]
+
+[auth.basic]
+
+[auth.ldap]
+
+[smtp]
+
+[emails]
+
+[log]
+
+mode = console
+
+[log.console]
+level = warn
+
+[event_publisher]
+
+[dashboards.json]
+
+[alerting]
+
+enabled = false
+
+[metrics]
+
+enabled = true
+
+[metrics.graphite]
+
+[grafana_com]
+
+[external_image_storage]
+
+[external_image_storage.s3]
+
+[external_image_storage.webdav]

roles/service-grafana/handlers/main.yml

@@ -0,0 +1,10 @@
+---
+- name: restart grafana
+  systemd:
+    name: grafana-server
+    state: restarted
+
+- name: restart nginx
+  systemd:
+    name: nginx
+    state: restarted

roles/service-grafana/meta/main.yml

@@ -0,0 +1,3 @@
+---
+dependencies:
+  - { role: service-nginx }

roles/service-grafana/tasks/main.yml

@@ -0,0 +1,42 @@
+---
+- name: ensure apt key for grafana is present
+  apt_key:
+    state: present
+    id: D59097AB
+    url: "https://packagecloud.io/gpg.key"
+
+- name: ensure grafana apt repo is present
+  apt_repository:
+    state: present
+    repo: "deb https://packagecloud.io/grafana/stable/debian/ stretch main"
+    update_cache: yes
+    filename: grafana
+
+- name: install grafana package
+  package:
+    name: grafana
+    state: present
+
+- name: copy grafana.ini
+  copy:
+    src: grafana.ini
+    dest: /etc/grafana/grafana.ini
+    owner: root
+    group: grafana
+    mode: 0640
+  notify: restart grafana
+
+- name: write vhost grafana.conf
+  template:
+    src: grafana_vhost.conf.j2
+    dest: /etc/nginx/conf.d/grafana.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart nginx
+
+- name: enable systemd unit grafana
+  systemd:
+    name: grafana-server
+    enabled: yes
+    state: started

roles/service-grafana/templates/grafana_vhost.conf.j2

@@ -0,0 +1,24 @@
+server {
+    listen 80;
+    listen [::]:80;
+    server_name stats.{{ http_domain_internal }} stats.{{ http_domain_external }};
+
+    include /etc/nginx/snippets/redirect-to-ssl.conf;
+    include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
+}
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    server_name stats.{{ http_domain_internal }} stats.{{ http_domain_external }};
+
+    ssl_certificate     /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/privkey.pem;
+
+    include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
+
+    location / {
+      set $grafana_addr 127.0.0.1 ;
+      proxy_pass http://$grafana_addr:3000;
+    }
+}