diff options
-rw-r--r-- | inventory/host_vars/ch-mon.yml | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/inventory/host_vars/ch-mon.yml b/inventory/host_vars/ch-mon.yml index 5d9ddfba..f21bd9b2 100644 --- a/inventory/host_vars/ch-mon.yml +++ b/inventory/host_vars/ch-mon.yml @@ -108,6 +108,9 @@ prometheus_job_multitarget_blackbox__probe: - instance: "ssh-{{ inventory_hostname }}" target: "{{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}:{{ ansible_port | default(22) }}" module: ssh_banner + - instance: "https-mon.chaos-at-home.org" + target: "https://{{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}" + module: http_tls_2xx prometheus_job_multitarget_ssl__probe: ch-mon: @@ -204,3 +207,35 @@ grafana_admin_password: "{{ vault_grafana_admin_password }}" monitoring_landingpage_hostnames: - "mon.chaos-at-home.org" monitoring_landingpage_title: "chaos@home Monitoring Host" +monitoring_landingpage_tls: + certificate_provider: ownca + certificate_config: + mode: "0750" + owner: root + group: www-data + ca: + key_content: "{{ chaos_at_home_internal_ca_key }}" + cert_content: "{{ chaos_at_home_internal_ca_cert }}" + key: + mode: "0640" + owner: root + group: www-data + type: RSA + size: 4096 + cert: + mode: "0644" + owner: root + group: www-data + common_name: "{{ host_name }}" + san_extra: "{{ ['IP:'] | product(ansible_all_ipv4_addresses) | map('join') | list }}" + key_usage: + - digitalSignature + - keyAgreement + key_usage_critical: yes + extended_key_usage: + - serverAuth + extended_key_usage_critical: yes + create_subject_key_identifier: yes + not_before: +0h + not_after: +365d + renew_margin: +70d |