Merge pull request #33 from cuties-social/feature/monitoring

update node-exporter and remove wireguard
cuties-social · Feb 21, 2022 · bede806 · bede806
2 parents d1005cd + ba450eb
commit bede806
Show file tree

Hide file tree

Showing 8 changed files with 19 additions and 55 deletions.
diff --git a/group_vars/all.yml b/group_vars/all.yml
@@ -297,31 +297,6 @@ backup_ssh_key: !vault |
 
 backup_target: "u225467@u225467.your-storagebox.de"
 
-wireguard_private_key: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          62346536613234373262383139366335613338383338643634356532383830333432663464353431
-          6434383566656563343235356234383462633966363564350a326136393962313364396130633033
-          62646364613166646331393636633339386663356330323438383132393432646165363436663337
-          6162396138633732620a633262333266366239346561616331336162653466663962616435666363
-          33313231396633346364663931616232643439666630396531343662383030633335393437613165
-          3539333065396436666531646236613563323962373335613261
-wireguard_listen_port: 51820
-wireguard_endpoint_address: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          32303362383834343661333334353861663735373165306437326532653036393239353235306536
-          3930653530393832356238323136376134613462613565370a396133373266393132303761343935
-          61666562636363636437316438623861613765326161306330613637643238633537633864363763
-          3166316464346161630a633662356462623365343032636239303564393633313832616465393237
-          37336462343330363163623361376232363862616538613133353030353262653766
-wireguard_endpoint_public_key: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          39343539353136313463313061656462363939383761326665323337376165346665643465336439
-          6263366565396538636162373333613665393138623732370a633939663337623536346638353966
-          62363739303034663462386661323166376534396665623030356535353361386539326164383739
-          6666643865656530360a316365383062323933623837636538333933376461363862396262663562
-          30313134373263353635313666653336343534356166633162363466313230353665303836333264
-          3837313066383162353036373937383032623037666130303635
-
 users:
 - name: 'n0emis'
   state: 'absent'

diff --git a/roles/mastodon/templates/nginx/mastodon.conf.j2 b/roles/mastodon/templates/nginx/mastodon.conf.j2
@@ -107,6 +107,10 @@ server {
     tcp_nodelay on;
   }
 
+  location /node-exporter {
+    proxy_pass http://127.0.0.1:9100/metrics;
+  }
+
   error_page 500 501 502 503 504 /500.html;
 }
 

diff --git a/roles/nodeexporter/defaults/main.yml b/roles/nodeexporter/defaults/main.yml
@@ -1,3 +1,3 @@
 ---
-node_exporter_version: "0.17.0"
-node_exporter_sha256: "d2e00d805dbfdc67e7291ce2d2ff151f758dd7401dd993411ff3818d0e231489"
+node_exporter_version: "1.3.1"
+node_exporter_sha256: "68f3802c2dd3980667e4ba65ea2e1fb03f4a4ba026cca375f15a0390ff850949"
diff --git a/roles/nodeexporter/templates/prometheus-node-exporter.service.j2 b/roles/nodeexporter/templates/prometheus-node-exporter.service.j2
@@ -7,7 +7,7 @@ After=network-online.target
 DynamicUser=yes
 ProtectHome=yes
 Type=simple
-ExecStart=/opt/prometheus/bin/node_exporter --web.listen-address=192.168.123.2:9100
+ExecStart=/opt/prometheus/bin/node_exporter --web.listen-address=127.0.0.1:9100
 
 [Install]
 WantedBy=multi-user.target
diff --git a/roles/wireguard/defaults/main.yml b/roles/wireguard/defaults/main.yml
@@ -1,2 +0,0 @@
----
-wireguard_listen_port: "51820"

diff --git a/roles/wireguard/handlers/main.yml b/roles/wireguard/handlers/main.yml
@@ -8,3 +8,8 @@
   service:
     name: wg-quick@wg0
     enabled: yes
+
+- name: disable wireguard
+  service:
+    name: wg-quick@wg0
+    enabled: no
diff --git a/roles/wireguard/tasks/main.yml b/roles/wireguard/tasks/main.yml
@@ -1,26 +1,20 @@
 ---
-- name: Install additional packages (Ubuntu)
+- name: uninstall wireguard (Ubuntu)
   when: ansible_distribution == 'Ubuntu'
   apt:
     pkg:
       - linux-headers-generic
       - wireguard-tools
       - wireguard-dkms
-    state: present
-  notify:
-    - restart wireguard
-    - enable wireguard
+    state: absent
 
-- name: create configuration file
-  template:
-    src: wg0.conf.j2
+- name: delete configuration file
+  file:
     dest: /etc/wireguard/wg0.conf
-    owner: root
-    mode: 0600 # contains private key
-  notify:
-    - restart wireguard
+    state: absent
 
-- name: Allow traffic though wireguard in firewall
+- name: remove allow traffic though wireguard in firewall
   ufw:
     rule: allow
     from_ip: '192.168.123.1'
+    delete: yes
diff --git a/roles/wireguard/templates/wg0.conf.j2 b/roles/wireguard/templates/wg0.conf.j2
@@ -1,12 +0,0 @@
-{{ ansible_managed | comment }}
-
-[Interface]
-Address = 192.168.123.2/32
-PrivateKey = {{ wireguard_private_key }}
-ListenPort = {{ wireguard_listen_port }} # Netzwerport
-
-# Client 1
-[Peer]
-Endpoint = {{ wireguard_endpoint_address }}
-PublicKey = {{ wireguard_endpoint_public_key }}
-AllowedIPs = 192.168.123.1/32