summaryrefslogtreecommitdiff
path: root/roles/monitoring/prometheus/exporter/base/templates
diff options
context:
space:
mode:
Diffstat (limited to 'roles/monitoring/prometheus/exporter/base/templates')
-rw-r--r--roles/monitoring/prometheus/exporter/base/templates/nginx-vhost.j219
-rw-r--r--roles/monitoring/prometheus/exporter/base/templates/service.j232
2 files changed, 19 insertions, 32 deletions
diff --git a/roles/monitoring/prometheus/exporter/base/templates/nginx-vhost.j2 b/roles/monitoring/prometheus/exporter/base/templates/nginx-vhost.j2
new file mode 100644
index 00000000..70e65b29
--- /dev/null
+++ b/roles/monitoring/prometheus/exporter/base/templates/nginx-vhost.j2
@@ -0,0 +1,19 @@
+server {
+ listen {{ prometheus_exporter_listen }} ssl;
+ server_name _;
+
+ ssl_certificate /etc/ssl/prometheus/exporter/crt.pem;
+ ssl_certificate_key /etc/ssl/prometheus/exporter/key.pem;
+ ssl_client_certificate /etc/ssl/prometheus/ca-crt.pem;
+ ssl_verify_client on;
+
+ root /nonexistent;
+
+ location = / {
+ return 404 'please specify the exporter you want to reach!';
+ }
+
+ include snippets/proxy-nobuff.conf;
+
+ include /etc/prometheus/exporter/*.locations;
+}
diff --git a/roles/monitoring/prometheus/exporter/base/templates/service.j2 b/roles/monitoring/prometheus/exporter/base/templates/service.j2
deleted file mode 100644
index 3d44744a..00000000
--- a/roles/monitoring/prometheus/exporter/base/templates/service.j2
+++ /dev/null
@@ -1,32 +0,0 @@
-[Unit]
-Description=Prometheus exporter proxy
-
-[Service]
-Restart=always
-User=prometheus-exporter
-ExecStart=/usr/bin/prometheus-exporter-exporter -config.dirs=/etc/prometheus/exporter/exporter -config.file="" -web.listen-address="" -web.tls.listen-address="{{ prometheus_exporter_listen }}" -web.tls.cert="/etc/ssl/prometheus/exporter/crt.pem" -web.tls.key="/etc/ssl/prometheus/exporter/key.pem" --web.tls.ca="/etc/ssl/prometheus/ca-crt.pem" -web.tls.verify
-{# TODO: implement reloading once the exporter_exporter supports this #}
-
-# systemd hardening-options
-AmbientCapabilities=
-CapabilityBoundingSet=
-DeviceAllow=/dev/null rw
-DevicePolicy=strict
-LockPersonality=true
-MemoryDenyWriteExecute=true
-NoNewPrivileges=true
-PrivateDevices=true
-PrivateTmp=true
-PrivateUsers=true
-ProtectControlGroups=true
-ProtectHome=true
-ProtectKernelModules=true
-ProtectKernelTunables=true
-ProtectSystem=strict
-RemoveIPC=true
-RestrictNamespaces=true
-RestrictRealtime=true
-SystemCallArchitectures=native
-
-[Install]
-WantedBy=multi-user.target
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-03 00:35:05 +0000