diff options
Diffstat (limited to 'playbooks/roles/mon')
| -rw-r--r-- | playbooks/roles/mon/templates/stacks/docker-compose.yml | 35 | ||||
| -rw-r--r-- | playbooks/roles/mon/templates/volumes/gatus/config/config.yml | 82 | ||||
| -rw-r--r-- | playbooks/roles/mon/templates/volumes/gatus/data/.gitkeep (renamed from playbooks/roles/mon/templates/volumes/data/.gitkeep) | 0 | ||||
| -rw-r--r-- | playbooks/roles/mon/templates/volumes/prometheus/config.yml | 39 |
4 files changed, 155 insertions, 1 deletions
diff --git a/playbooks/roles/mon/templates/stacks/docker-compose.yml b/playbooks/roles/mon/templates/stacks/docker-compose.yml index ff7269f..98332cc 100644 --- a/playbooks/roles/mon/templates/stacks/docker-compose.yml +++ b/playbooks/roles/mon/templates/stacks/docker-compose.yml @@ -2,12 +2,14 @@ services: mon: image: twinproduction/gatus:latest volumes: - - {{ mon_base }}/volumes/data:/data + - "{{ mon_base }}/volumes/gatus/data:/data" + - "{{ mon_base }}/volumes/gatus/config:/config" environment: - TZ={{ timezone }} - DEPLOYMENT_TIME={{ deployment_time }} networks: - proxy + - metrics deploy: mode: replicated update_config: @@ -20,12 +22,43 @@ services: labels: - traefik.enable=true - traefik.swarm.network=proxy + - traefik.http.routers.mon.middlewares=oauth-verify - traefik.http.routers.mon.tls=true - traefik.http.routers.mon.tls.certResolver=letsencrypt - traefik.http.routers.mon.rule=Host(`{{ mon_domain }}`) - traefik.http.routers.mon.entrypoints=websecure - traefik.http.services.mon.loadbalancer.server.port=8080 + prometheus: + image: prom/prometheus:latest + volumes: + - "{{ mon_base }}/volumes/prometheus/config.yml:/etc/prometheus/prometheus.yml" + networks: + - proxy + - metrics + environment: + - TZ={{ timezone }} + - DEPLOYMENT_TIME={{ deployment_time }} + deploy: + mode: replicated + replicas: 1 + update_config: + parallelism: 1 + order: start-first + failure_action: rollback + labels: + - traefik.enable=true + - traefik.swarm.network=proxy + - traefik.http.routers.prometheus.tls=true + - traefik.http.routers.prometheus.tls.certResolver=letsencrypt + - traefik.http.routers.prometheus.rule=Host(`{{ prometheus_domain }}`) + - traefik.http.routers.prometheus.entrypoints=websecure + - traefik.http.services.prometheus.loadbalancer.server.port=9090 + networks: proxy: external: true + metrics: + name: metrics + driver: overlay + attachable: true diff --git a/playbooks/roles/mon/templates/volumes/gatus/config/config.yml b/playbooks/roles/mon/templates/volumes/gatus/config/config.yml new file mode 100644 index 0000000..2d1c0ef --- /dev/null +++ b/playbooks/roles/mon/templates/volumes/gatus/config/config.yml @@ -0,0 +1,82 @@ +metrics: true + +endpoints: + - name: "HealthCheck" + url: "{{ healthchecks_io_ping }}" + interval: 60s + conditions: + - "[STATUS] == 200" + - "[BODY] == pat(*OK*)" + + - name: "Expiration For {{ domain }}" + url: "https://{{ domain }}" + interval: 30m + conditions: + - "[DOMAIN_EXPIRATION] > 720h" + - "[CERTIFICATE_EXPIRATION] > 240h" + + - name: "LDAPS" + url: "tls://{{ idm_domain }}:3636" + interval: 5m + client: + timeout: 5s + conditions: + - "[CONNECTED] == true" + - "[CERTIFICATE_EXPIRATION] > 48h" + +{% for port in [465,993] %} + - name: "mail on port {{ port }}" + group: "mail" + url: "tls://{{ mail_domain }}:{{ port }}" + interval: 5m + client: + timeout: 5s + conditions: + - "[CONNECTED] == true" + - "[CERTIFICATE_EXPIRATION] > 48h" +{% endfor %} + +{% for user, m in mesh.items() %} +{% for healthcheck in m.public_healthchecks %} + - name: "healthcheck {{ user }} pub {{ healthcheck }} 200" + group: "{{ user }}_pub" + url: "{{ healthcheck }}" + interval: 1m + conditions: + - "[STATUS] == 200" +{% endfor %} +{% for healthcheck in m.private_healthchecks %} + - name: "healthcheck {{ user }} priv {{ healthcheck }}" + url: "{{ healthcheck }}" + group: "{{ user }}_priv" + interval: 1m + conditions: + - "[STATUS] == 200" + - name: "healthcheck {{ user }} pub {{ healthcheck }} 403" + group: "{{ user }}_priv" + url: "{{ healthcheck }}" + client: + dns-resolver: "tcp://1.1.1.1:53" + interval: 1m + conditions: + - "[STATUS] == 403" +{% endfor %} +{% for record in m.private_records %} + - name: "DNS Check [{{ record.name }}_{{ record.type }}]" + group: "{{ user }}_dns_private" + url: "{{ m.gateway }}" + interval: 5m + dns: + query-name: "{{ record.name }}" + query-type: "{{ record.type }}" + conditions: + - "[BODY] == {{ record.ip }}" + - "[DNS_RCODE] == NOERROR" + + - name: "PING {{ record.name }}" + group: "{{ user }}_dns_private" + url: "icmp://{{ record.name }}" + conditions: + - "[CONNECTED] == true" +{% endfor %} +{% endfor %} diff --git a/playbooks/roles/mon/templates/volumes/data/.gitkeep b/playbooks/roles/mon/templates/volumes/gatus/data/.gitkeep index e69de29..e69de29 100644 --- a/playbooks/roles/mon/templates/volumes/data/.gitkeep +++ b/playbooks/roles/mon/templates/volumes/gatus/data/.gitkeep diff --git a/playbooks/roles/mon/templates/volumes/prometheus/config.yml b/playbooks/roles/mon/templates/volumes/prometheus/config.yml new file mode 100644 index 0000000..be59f7f --- /dev/null +++ b/playbooks/roles/mon/templates/volumes/prometheus/config.yml @@ -0,0 +1,39 @@ +global: + scrape_interval: 20s + +scrape_configs: + - job_name: prometheus + static_configs: + - targets: + - mon_prometheus:9090 + + - job_name: gatus + static_configs: + - targets: + - mon_mon:8080 + + - job_name: oauth-proxy + static_configs: + - targets: + - traefik_oauth2-proxy:5577 + + - job_name: traefik + static_configs: + - targets: + - traefik_traefik:5577 + + - job_name: headscale + static_configs: + - targets: + - "{{ headscale_host }}:443" + basic_auth: + username: '{{ metrics_htpasswd_user }}' + password: '{{ metrics_htpasswd_passwd }}' + + - job_name: outbound + static_configs: + - targets: + - "{{ outbound_domain }}:443" + basic_auth: + username: '{{ metrics_htpasswd_user }}' + password: '{{ metrics_htpasswd_passwd }}' |