--- install_jumphost: ch-jump install: vm: memory: 8G numcpus: 8 autostart: yes disks: primary: /dev/sda scsi: sda: type: zfs name: root size: 10g sdb: type: zfs name: data size: 50g interfaces: - bridge: br-svc name: svc0 - bridge: br-iot name: iot0 - bridge: br-mgmt name: mgmt0 network: nameservers: "{{ network_zones.svc.dns }}" domain: "{{ host_domain }}" systemd_link: interfaces: "{{ install.interfaces }}" primary: &_network_primary_ name: svc0 address: "{{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets[inventory_hostname]) }}" gateway: "{{ network_zones.svc.gateway }}" static_routes: - destination: "{{ network_zones.lan.prefix }}" gateway: "{{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets['ch-gw-lan']) | ansible.utils.ipaddr('address') }}" interfaces: - *_network_primary_ - name: iot0 address: "{{ network_zones.iot.prefix | ansible.utils.ipaddr(network_zones.iot.offsets[inventory_hostname]) }}" - name: mgmt0 address: "{{ network_zones.mgmt.prefix | ansible.utils.ipaddr(network_zones.mgmt.offsets[inventory_hostname]) }}" lvm_groups: mondata: pvs: - /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-1 spreadspace_apt_repo_components: - prometheus prometheus_server_storage: type: lvm vg: mondata lv: prometheus size: 30G fs: ext4 prometheus_server_external_labels: environment: chaos-at-home monitor: "{{ inventory_hostname }}" prometheus_server_alertmanager: url: "127.0.0.1:9093" path_prefix: "/alertmanager/" basic_auth: username: server password: "{{ vault_prometheus_alertmanager_auth_user_passwords['server'] }}" prometheus_server_web_external_url: "http://{{ network.primary.address | ansible.utils.ipaddr('address') }}/prometheus/" prometheus_server_auth_users: server: "{{ vault_prometheus_server_auth_user_passwords['server'] }}" grafana: "{{ vault_prometheus_server_auth_user_passwords['grafana'] }}" admin: "{{ vault_prometheus_server_auth_user_passwords['admin'] }}" prometheus_server_selfscraping_auth: username: server password: "{{ vault_prometheus_server_auth_user_passwords['server'] }}" prometheus_exporters_extra: - blackbox - nut - ssl prometheus_exporter_blackbox_modules_extra: icmp: prober: icmp prometheus_job_multitarget_blackbox__probe: ch-mon: - instance: "ping-magentagw" target: 62.99.185.129 module: icmp - instance: "ping-quad9" target: 9.9.9.9 module: icmp - instance: "ping-google-dns" target: 8.8.8.8 module: icmp - instance: "ping-cloudflare-dns" target: 1.1.1.1 module: icmp - instance: "https-pan.chaos-at-home.org" target: "https://pan.chaos-at-home.org" module: http_tls_2xx - instance: "https-mimas.chaos-at-home.org" target: "https://mimas.chaos-at-home.org" module: http_tls_2xx - instance: "ssh-{{ inventory_hostname }}" target: "{{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}:{{ ansible_port | default(22) }}" module: ssh_banner prometheus_job_multitarget_ssl__probe: ch-mon: - instance: "sslcert-prometheus-{{ inventory_hostname }}" target: "/etc/ssl/prometheus/**/*.pem" module: file prometheus_alertmanager_smtp: smarthost: "{{ network_zones.lan.prefix | ansible.utils.ipaddr(network_zones.lan.offsets['ch-prometheus-legacy']) | ansible.utils.ipaddr('address') }}:25" from: "noreply@chaos-at-home.org" require_tls: no prometheus_alertmanager_web_external_url: "http://{{ network.primary.address | ansible.utils.ipaddr('address') }}/alertmanager/" prometheus_alertmanager_auth_users: server: "{{ vault_prometheus_alertmanager_auth_user_passwords['server'] }}" admin: "{{ vault_prometheus_alertmanager_auth_user_passwords['admin'] }}" prometheus_alertmanager_route: receiver: empty routes: - receiver: equinox-mail matchers: - 'alertname != PrometheusAlertmanagerE2eDeadManSwitch' group_by: - instance prometheus_alertmanager_receivers: - name: empty - name: equinox-mail email_configs: - to: equinox@chaos-at-home.org send_resolved: yes grafana_secret_key: "{{ vault_grafana_secret_key }}" grafana_datasources: - name: "Prometheus" type: "prometheus" access: "proxy" url: "http://127.0.0.1:9090/prometheus" basicAuth: true basicAuthUser: "grafana" isDefault: yes secureJsonData: basicAuthPassword: "{{ vault_prometheus_server_auth_user_passwords['grafana'] }}" jsonData: manageAlerts: no grafana_dashboards: - file: node-full datasource: "Prometheus" - file: openwrt datasource: "Prometheus" - file: chronyd datasource: "Prometheus" - file: environment-sensors datasource: "Prometheus" - file: blackbox datasource: "Prometheus"