From 5cce38ec5ce439b66d7a2d29c5f6c4cd06046f23 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Sat, 22 Apr 2023 17:52:28 +0200
Subject: add ch-gw-* to promethues monitoring

---
 chaos-at-home/ch-gw-lan.yml         |  3 +++
 inventory/host_vars/ch-gw-c3voc.yml | 19 +++++++++++++++++++
 inventory/host_vars/ch-gw-lan.yml   | 11 +++++++++++
 inventory/hosts.ini                 |  2 ++
 4 files changed, 35 insertions(+)

diff --git a/chaos-at-home/ch-gw-lan.yml b/chaos-at-home/ch-gw-lan.yml
index e845c385..a230165f 100644
--- a/chaos-at-home/ch-gw-lan.yml
+++ b/chaos-at-home/ch-gw-lan.yml
@@ -7,6 +7,9 @@
   - role: core/sshd/base
   - role: core/zsh
   - role: core/ntp
+  - role: apt-repo/spreadspace
+  - role: nginx/base
+  - role: monitoring/prometheus/exporter
   - role: network/dhcp-server
   - role: network/nftables/base
   post_tasks:
diff --git a/inventory/host_vars/ch-gw-c3voc.yml b/inventory/host_vars/ch-gw-c3voc.yml
index ec85f56c..3da27bf7 100644
--- a/inventory/host_vars/ch-gw-c3voc.yml
+++ b/inventory/host_vars/ch-gw-c3voc.yml
@@ -42,6 +42,9 @@ openwrt_packages_add:
   - iperf3
   - mtr
   - iptraf-ng
+  - prometheus-node-exporter-lua
+  - prometheus-node-exporter-lua-netstat
+  - prometheus-node-exporter-lua-openwrt
 
 openwrt_mixin:
   /etc/dropbear/authorized_keys:
@@ -88,6 +91,7 @@ openwrt_mixin:
           ip protocol icmp accept
           ip6 nexthdr ipv6-icmp accept
           tcp dport { {{ ansible_port }} } accept
+          ip saddr {{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets[prometheus_server]) | ansible.utils.ipaddr('address') }} tcp dport 9100 accept
         }
 
         chain input_c3voc {
@@ -147,6 +151,17 @@ openwrt_uci:
         RootPasswordAuth: 'off'
         Port: '{{ ansible_port | default(22) }}'
 
+  uhttpd:
+    - name: uhttpd main
+      options:
+        enabled: '0'
+
+  prometheus-node-exporter-lua:
+    - name: prometheus-node-exporter-lua 'main'
+      options:
+        listen_interface: 'svc'
+        listen_port: '9100'
+
   network:
     - name: globals 'globals'
       options:
@@ -181,3 +196,7 @@ openwrt_uci:
         target: "{{ network_zones.lan.prefix | ansible.utils.ipaddr('network') }}"
         netmask: "{{ network_zones.lan.prefix | ansible.utils.ipaddr('netmask') }}"
         gateway: "{{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets['ch-gw-lan']) | ansible.utils.ipaddr('address') }}"
+
+prometheus_scrape_endpoint: "{{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}:9100"
+prometheus_exporters_default:
+  - openwrt
diff --git a/inventory/host_vars/ch-gw-lan.yml b/inventory/host_vars/ch-gw-lan.yml
index 769539b9..11bc30e0 100644
--- a/inventory/host_vars/ch-gw-lan.yml
+++ b/inventory/host_vars/ch-gw-lan.yml
@@ -42,6 +42,17 @@ base_sysctl_config_user:
   net.ipv4.ip_forward: 1
 
 
+spreadspace_apt_repo_components:
+  - prometheus
+
+
+prometheus_job_multitarget_blackbox__probe:
+  ch-mon:
+  - instance: "ssh-{{ inventory_hostname }}"
+    target: "{{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}:{{ ansible_port | default(22) }}"
+    module: ssh_banner
+
+
 dhcp_server_interfaces:
   lan0:
     prefix: "{{ network_zones.lan.prefix }}"
diff --git a/inventory/hosts.ini b/inventory/hosts.ini
index b6c57d83..c4d9211b 100644
--- a/inventory/hosts.ini
+++ b/inventory/hosts.ini
@@ -460,6 +460,8 @@ vmhost-ele-helene-guests
 ch-mon
 [promzone-chaos-at-home]
 ch-router
+ch-gw-lan
+ch-gw-c3voc
 ch-phoebe
 ch-prometheus
 ch-epimetheus
-- 
cgit v1.2.3