forcen/infra-iac
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: forcen:a7bbea491c6f3d0a9e5c32c122652a16b7a4b63e
Branches Tags
forcen:main
..
compare: forcen:e2e7f4c51183868f4cb6c1d87d9c2b4c355a7346
Branches Tags
forcen:main

No commits in common. "a7bbea491c6f3d0a9e5c32c122652a16b7a4b63e" and "e2e7f4c51183868f4cb6c1d87d9c2b4c355a7346" have entirely different histories.
a7bbea491c ... e2e7f4c511

7 changed files with 42 additions and 1788 deletions
Download patch file Download diff file Expand all files Collapse all files

1649
files/collectd/collectd.conf
View file

File diff suppressed because it is too large Load diff

30
files/grafana/ssl/grafana.mforcen.dev.fullchain.pem Executable file → Normal file
View file

@ -1,8 +1,8 @@
-----BEGIN CERTIFICATE-----
MIIFzjCCA7agAwIBAgIUN+yqZtTpNBzmMppjPszb3oeZhSgwDQYJKoZIhvcNAQEL
MIIFzjCCA7agAwIBAgIUN+yqZtTpNBzmMppjPszb3oeZhSYwDQYJKoZIhvcNAQEL
BQAwazEUMBIGA1UEAwwLbWZvcmNlbi5kZXYxCzAJBgNVBAYTAkVTMQ8wDQYDVQQI
DAZNdXJjaWExFjAUBgNVBAoMDU1hbnVlbCBGb3JjZW4xHTAbBgkqhkiG9w0BCQEW
Dm1lQG1mb3JjZW4uZGV2MB4XDTI0MTIxMDE4MDk0MVoXDTI5MTIwOTE4MDk0MVow
Dm1lQG1mb3JjZW4uZGV2MB4XDTI0MTAxNDE4MTIyNFoXDTI5MTAxMzE4MTIyNFow
VDEcMBoGA1UEAwwTZ3JhZmFuYS5tZm9yY2VuLmRldjELMAkGA1UEBhMCRVMxDzAN
BgNVBAgMBk11cmNpYTEWMBQGA1UECgwNTWFudWVsIEZvcmNlbjCCAiIwDQYJKoZI
hvcNAQEBBQADggIPADCCAgoCggIBANgEZBb/5rdo2JFN6fxHCJu+6cb/f/Nr14tC
@ -18,19 +18,19 @@ tYMC3KNVYS1+PAjEEDDyi3l/CltRs+Dh/lVy2S+j4BVqQRLXU4dhwfWTFUrYFAPP
jOSZQxaHSUQDSe4mx0FrAEgFmmDV3mcPcew9DwJnYUEdK2x/cGunrzqw/OfLyaVe
1+BSZXZVAgMBAAGjgYAwfjAfBgNVHSMEGDAWgBRc4t76omnxreInvLtnc2S2TrNE
ZjAJBgNVHRMEAjAAMAsGA1UdDwQEAwIE8DAkBgNVHREEHTAbghNncmFmYW5hLm1m
b3JjZW4uZGV2hwSsHAAEMB0GA1UdDgQWBBRpRofRPDWKKdyVtKdwb6l8S6Ls9DAN
BgkqhkiG9w0BAQsFAAOCAgEAdrSAeFjgsh8m1z/kxzE2MlkA3YLPfkUWuZdpdhci
kbIHjS8puPHZjfzUYEc/M1hF+IWekIDQZmqAq2OLKbmHYTPI2mIaS8oD98R8OZW+
GPZpgei2y7A3ro3V2okyo4LQUnDAXK6WcyAE4ZzZDYTjjwbK8xjluZqS6kgQL18k
xS19xIVlmUMQslLhyyPBsCboddbgJaTNoGMuu+ZCLsX4gBtT6Degt12gxlJQeqW/
2vQdE8jyb3/MxcQhUhVTZggiie/Pm17RmsyoGRw4wpGFzZkl7hiOaUFCRB8md/+C
mj4i5oPxXZdrXbP0VYgzGmU+wrt3QpgqInKUJvOYq1lEOfpe6VPAGH/uRj/MnSH3
Z2piBOSmj/mDrqoUYiyR9FO9xBdpV3QUv4cctH1jbkaICJezX6QwdPwRsMPFt7My
SMcEZ9AiRiWJFUvcMN9vVtXSACwT1HG8Q1ZexTXifgUpzHV/hmpAB/fIVfn8dOCp
a6lv96sR/kOIgR7JwB3uIN8ZudXnLw2rwO2W4QMga07ZqsF62odsQ7K6hJZpOYjy
KWrhpriDQ70j2wiRZzwZzkf2EoOillHbqtX0fdLSh8VoPx9ww4UPjP84WtvHM9iW
SZgJjy2wqovKRj4ozJIl6r+EYydXEQuNHiK4QoMtOEX9TvHTvOQ0sbXO+eWc9Qnm
dKQ=
b3JjZW4uZGV2hwTAqGTIMB0GA1UdDgQWBBRpRofRPDWKKdyVtKdwb6l8S6Ls9DAN
BgkqhkiG9w0BAQsFAAOCAgEAuUakdo8k5ymg74WS/cEng2ThSGKd6/R9ph3l6zkV
yczJw5lVUHuzvRznBxVNSWNoWpzWrj5eXTI60PXZnWAD6QWGf608HDurOlHYIwl/
0v36RVVS4Ds/NP4XR59qbyI/SCt7/TtxipBgEY1SScmoPVLMQzmvc74gkkDwgBI3
01/3sunNpdtm9U5EOBkt7kvyx0duz2vYhNGGtowPrkB3nkTQ6zoLhDxnYHA2qzCW
2isLm+r/grWsScc050XLeLHTSHtk6++EHvsef5Js5EaJQ8ZC3iGR/WlVjq2CJkEg
FzjOnvQuw+NhycbLWzpXhPTa2vFNgQdZ13Ui1qJ9hPCx4U0kFw/op5p0VfzTviLe
pYe3zmrVS2ZYiurQ5rUQ5zuMjF3XPhFAmpRczq1mp63zvCh0pd7+IZwz8LHuLjhX
sBMkXtFSOJLLhcwS14UnpYL+4AcpAHY/gK6acEtw0njTenddv4RiOvszRybKWeYj
3euoLevE2FVFFTpcnvtfyEPgjvglqLBx+UDL49naJ6cFv9inqtRdef6Qo/88+VNz
eWnY0LIBRv48krXT4BjXd8oKrLV3FmMC3MbzTD7CBVF9/J2VpN77xIXPL79bv1HJ
yCjK7RVh3qcU0/JHvUkJiGt5516qAtu5wfDWHVspafDiXYQ5hQaOYpu6JTYFP8/8
vJM=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFwTCCA6mgAwIBAgIUI2lRzQ83h1wud9kyxtu+QmrjjW8wDQYJKoZIhvcNAQEL

30
files/keycloak/sso.mforcen.dev.fullchain.pem
View file

@ -1,8 +1,8 @@
-----BEGIN CERTIFICATE-----
MIIF1zCCA7+gAwIBAgIUN+yqZtTpNBzmMppjPszb3oeZhScwDQYJKoZIhvcNAQEL
MIIF1zCCA7+gAwIBAgIUN+yqZtTpNBzmMppjPszb3oeZhSUwDQYJKoZIhvcNAQEL
BQAwazEUMBIGA1UEAwwLbWZvcmNlbi5kZXYxCzAJBgNVBAYTAkVTMQ8wDQYDVQQI
DAZNdXJjaWExFjAUBgNVBAoMDU1hbnVlbCBGb3JjZW4xHTAbBgkqhkiG9w0BCQEW
Dm1lQG1mb3JjZW4uZGV2MB4XDTI0MTIxMDE3NTk1MFoXDTI5MTIwOTE3NTk1MFow
Dm1lQG1mb3JjZW4uZGV2MB4XDTI0MTAxMzE3MTAxMFoXDTI2MTAxMzE3MTAxMFow
UDEYMBYGA1UEAwwPc3NvLm1mb3JjZW4uZGV2MQswCQYDVQQGEwJFUzEPMA0GA1UE
CAwGTXVyY2lhMRYwFAYDVQQKDA1NYW51ZWwgRm9yY2VuMIICIjANBgkqhkiG9w0B
AQEFAAOCAg8AMIICCgKCAgEA5mbumObZY9DKdCSclItvrHzFiYwcn2YHZQWEQudY
@ -18,19 +18,19 @@ jEsFqQYbCIS5gTBeyhjbbBH3hz7e0sPVRrhL+vDtZ6retYVtClM/zR8eXP/EC4zi
yQ6c7SzqX2IY0NM3pSuAcLmN2SEr1XRoFNrXiJLeQG34QtFPPExA0mMrc2zq8jds
ZCUCAwEAAaOBjTCBijAfBgNVHSMEGDAWgBRc4t76omnxreInvLtnc2S2TrNEZjAJ
BgNVHRMEAjAAMAsGA1UdDwQEAwIE8DAwBgNVHREEKTAngg9zc28ubWZvcmNlbi5k
ZXaCDmluZnJhLWtleWNsb2FrhwSsHAADMB0GA1UdDgQWBBSmfY+Ys9/OM0QqABZH
x9Hfad/QsDANBgkqhkiG9w0BAQsFAAOCAgEATyR6lPEjC1O/GUDMlklYrc7UZuIh
8wvMSN0AtJ2zlSZd3x+Q6Tt9fPBceaBsR0/LvTe/TVqiW9ycPn3CCPG4jJy71eES
HkMrsrzWWXjJ7mDkC9MkKf1WA/KMJAW2EkfLdWIplRZK709+4f/VeAo3Ki6nlnAJ
1EU1IPcqAQAQVRlWygJ51oTGP26by7h5snM2wZoAPDii/QVe1rF/r9jlm/iUIcWP
FrNVZURYAVyzxwbG2ECy3skiTr7bPXW7PmtVD6Y72RPCy3JgyLz+fiXFlAKgDonN
66SlJqW9u0DKEu5sjwOsIoR5mGokEE+HqkqG2erM72FAyXVqdok0+WcStOX8q+1p
pzqqbFCBdMzX8nVx/9FhWll1jcl6fsFnZ5XpKDcONHfA7b/K0IpndcqgSgK3fYpn
HbjnDTOjBi9qa2aYpTenOfCxSoMjBYmRiETcbMyxOoqCLDZtx7tysmzTEutfPN2S
RwAbS+RSypl3PBa9Fd7Az7mr35xE8E4yIBA+2sZaV2FSZlTTNplqbuDZ4Omm6Aw3
x44IrKyMD6WLciozzvYr0dnhbRagNM86QKIVXNExTUesTU6hbqrM9oq7IqgPW+aH
dxaoaAeBYDSG1aboTEZAdX7Ly2rXQiJQyV/SkosqPv8Bb+cuknQg//ofwA1MAswr
bTIMSaz7pwpA6HE=
ZXaCDmluZnJhLWtleWNsb2FrhwTAqGTIMB0GA1UdDgQWBBSmfY+Ys9/OM0QqABZH
x9Hfad/QsDANBgkqhkiG9w0BAQsFAAOCAgEAj5/YbTeF0jUjSDIo4OwqKy9ahefr
eiCjsjDwUBn7QgL/FYC4BCQw0y7WSLsHJxEHu2KSEs5GdVayTZY80e1eKEBKtg1u
ZALP7fpBWUsLx7jEq1gLaxuHK2Tdbbt7gTcEKJuSCEQkBYwHiE4SiLvF4kgyBhdt
9k6lWMAMIkyUsoqW35FibL+4DRCFT88gxPlInXeap7U457DPiTR+YQcDoMOasfKw
uLk6kxPdAj9+/C4jR44JNwizl9dOwhLeXPg9IZxO1FcRUt3Q7OMQ7al3EeDOz8pB
iON74z5Za9FX6QHP1Psxg/74v6wbOoAiatJ5zR5VZ3oZDPwWMcmC8Omh15f9HRR6
+RUrsC2YW+9Zkj6fCheZfbi/vAica8n8t6PXRpHZ+8+xUCLOeREekjSVkIaacBkr
wxfGmn6wCibnGVBp6MY8bZg5SudmRC8qPhMGsTtWD2MX6i5I1kxDfRKdMum3+nuL
YN4ZGaDldpp7Y9vB1o3KcY6aDycKvMwqbfYXPHxRi8gbHxtaRpBTHYoJikBnIoTs
bwJEIVq28XjmmcLDKkeHN4LCnKOJ/F7t5tqQpieIVr/mOJxahznSybRAQHYUup7H
ePYfbP6zL0ZfDZ67UZPFiPfBWxpQny8KhouBF04oNJ5PDEC4ifHVWOoekYsEpk2e
m1LzzWJ0yOhABpY=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFwTCCA6mgAwIBAgIUI2lRzQ83h1wud9kyxtu+QmrjjW8wDQYJKoZIhvcNAQEL

25
files/prometheus/compose.yml
View file

@ -1,25 +0,0 @@
services:
prometheus:
image: prom/prometheus
container_name: infra-prometheus
restart: unless-stopped
logging:
driver: local
networks:
infra-network:
ipv4_address: 172.28.0.5
aliases:
- prom.mforcen.dev
volumes:
- type: bind
source: /opt/infra/prometheus/prometheus.yml
target: /etc/prometheus/prometheus.yml
- type: volume
source: prom-data
target: /prometheus
volumes:
prom-data:
networks:
infra-network:
external: true

32
files/prometheus/prometheus.yml
View file

@ -1,32 +0,0 @@
# my global config
global:
scrape_interval: 60s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
evaluation_interval: 60s # Evaluate rules every 15 seconds. The default is every 1 minute.
# scrape_timeout is set to the global default (10s).
# Alertmanager configuration
#alerting:
# alertmanagers:
# - static_configs:
# - targets:
# - alertmanager:9093
# Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
#rule_files:
# - "first_rules.yml"
# - "second_rules.yml"
# A scrape configuration containing exactly one endpoint to scrape:
# Here it's Prometheus itself.
scrape_configs:
# The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
- job_name: "prometheus"
# metrics_path defaults to '/metrics'
# scheme defaults to 'http'.
static_configs:
- targets: ["localhost:9090"]
- job_name: "host"
static_configs:
- targets: ["172.28.0.1:9103"]

40
install-metrics.yml
View file

@ -1,40 +0,0 @@
---
- name: installing metrics storage
hosts: server
gather_facts: false
tasks:
- name: Create prometheus directory if it does not exist
ansible.builtin.file:
path: /opt/infra/prometheus
state: directory
mode: '0755'
- name: Create prometheus config file
ansible.builtin.copy:
src: prometheus/prometheus.yml
dest: /opt/infra/prometheus/prometheus.yml
- name: Install collectd
ansible.builtin.apt:
name: collectd
state: present
update_cache: yes
become: true
- name: Install collectd config file
ansible.builtin.copy:
src: collectd/collectd.conf
dest: /etc/collectd/collectd.conf
become: true
- name: Restart collectd service
ansible.builtin.systemd_service:
name: collectd.service
state: restarted
become: true
- name: Create prometheus compose file
ansible.builtin.copy:
src: prometheus/compose.yml
dest: /opt/infra/prometheus/compose.yml
- name: Deploy prometheus compose file
community.docker.docker_compose_v2:
project_src: /opt/infra/prometheus
files:
- compose.yml

24
templates/compose.yml
View file

@ -44,12 +44,12 @@ services:
- database
labels:
- traefik.enable=true
- traefik.http.routers.keycloak.rule=Host(`sso.mforcen.dev`)
- traefik.http.routers.keycloak.entrypoints=websecure
- traefik.http.routers.keycloak.service=keycloak
- traefik.http.routers.keycloak.tls=true
- traefik.http.services.keycloak.loadbalancer.server.port=443
- traefik.http.services.keycloak.loadbalancer.server.scheme=https
- traefik.tcp.routers.keycloak.rule=HostSNI(`sso.mforcen.dev`)
- traefik.tcp.routers.keycloak.entrypoints=websecure
- traefik.tcp.routers.keycloak.service=keycloak
- traefik.tcp.routers.keycloak.tls=true
- traefik.tcp.routers.keycloak.tls.passthrough=true
- traefik.tcp.services.keycloak.loadbalancer.server.port=443
grafana:
container_name: infra-grafana
@ -96,12 +96,12 @@ services:
GF_AUTH_GENERIC_OAUTH_API_URL: https://sso.mforcen.dev/realms/infra/protocol/openid-connect/userinfo
labels:
- traefik.enable=true
- traefik.http.routers.grafana.rule=Host(`grafana.mforcen.dev`)
- traefik.http.routers.grafana.entrypoints=websecure
- traefik.http.routers.grafana.service=grafana
- traefik.http.routers.grafana.tls=true
- traefik.http.services.grafana.loadbalancer.server.port=443
- traefik.http.services.grafana.loadbalancer.server.scheme=https
- traefik.tcp.routers.grafana.rule=HostSNI(`grafana.mforcen.dev`)
- traefik.tcp.routers.grafana.entrypoints=websecure
- traefik.tcp.routers.grafana.service=grafana
- traefik.tcp.routers.grafana.tls=true
- traefik.tcp.routers.grafana.tls.passthrough=true
- traefik.tcp.services.grafana.loadbalancer.server.port=443
volumes:
psql-data: