--- # roles/monitoring_stack/defaults/main.yml # Watchtower monitoring stack configuration # Environment-specific values should be defined in group_vars or inventory # === DEPLOYMENT SETTINGS === stack_dir: "/opt/stacks/watchtower" chester_user: "{{ (monitoring | default({})).get('stack_user', 'chester') }}" # Focused rollout controls: deploy one service at a time when enabled. monitoring_focus_mode: false monitoring_focus_service: "prometheus" # === NETWORK CONFIGURATION === heimdall_redis: "{{ (monitoring | default({})).get('heimdall_redis', '10.0.0.151:6379') }}" watchtower_ip: "{{ (monitoring | default({})).get('watchtower_ip', '10.0.0.200') }}" # === PROMETHEUS SETTINGS === prometheus_retention: "15d" prometheus_scrape_interval: "15s" prometheus_port: 9090 prometheus_host_port: 9091 # === GRAFANA SETTINGS === grafana_port: 3000 grafana_domain: "{{ (monitoring | default({})).get('grafana_domain', 'grafana.castaldifamily.com') }}" grafana_admin_user: "admin" # grafana_admin_password: MUST be defined in inventory (vault-encrypted recommended) grafana_prometheus_datasource_name: "Prometheus" grafana_prometheus_datasource_uid: "fffcnxoznd2bkc" grafana_prometheus_url: "http://prometheus:9090" grafana_loki_datasource_name: "Loki" grafana_loki_datasource_uid: "loki-homelab" grafana_loki_url: "http://loki:3100" grafana_dashboards_folder: "Homelab" # === LOKI SETTINGS (Log Aggregation) === loki_port: 3100 loki_retention: "168h" # 7 days # === BLACKBOX SETTINGS (Endpoint / Network Probing) === blackbox_port: 9115 blackbox_exporter_image: "prom/blackbox-exporter:latest" # Targets probed from Watchtower for network and service reachability. # Scheme examples: # - ICMP: 10.0.0.2 # - TCP: 10.0.0.151:443 # - HTTP: https://grafana.castaldifamily.com monitoring_probe_targets: - name: omada-er7212pc-gateway module: icmp target: "10.0.0.2" - name: edge-traefik-https module: tcp_connect target: "10.0.0.151:443" - name: watchtower-http-prometheus module: http_2xx target: "http://{{ watchtower_ip }}:{{ prometheus_host_port }}/-/ready" # === PROXMOX CLUSTER REACHABILITY === - name: pve01-icmp module: icmp target: "10.0.0.201" - name: pve02-icmp module: icmp target: "10.0.0.202" - name: pve03-icmp module: icmp target: "10.0.0.203" - name: pve01-web module: http_2xx target: "https://10.0.0.201:8006" - name: pve02-web module: http_2xx target: "https://10.0.0.202:8006" - name: pve03-web module: http_2xx target: "https://10.0.0.203:8006" # === PROXMOX API EXPORTER SETTINGS === pve_exporter_port: 9221 pve_exporter_config_dir: "{{ stack_dir }}/pve-exporter-config" pve_exporter_token_name: "monitoring" # Resolved in playbook pre_tasks from vault_vars.vault_pve_exporter_token # (or PVE_EXPORTER_TOKEN environment variable fallback). pve_exporter_token: "" pve_exporter_verify_ssl: false # === UPTIME-KUMA SETTINGS === uptime_kuma_port: 3001 uptime_domain: "{{ (monitoring | default({})).get('uptime_domain', 'status.castaldifamily.com') }}" # === DOZZLE SETTINGS === dozzle_port: 8080 dozzle_domain: "{{ (monitoring | default({})).get('dozzle_domain', 'logs.castaldifamily.com') }}" dozzle_agent_port: 7007 monitoring_enable_dozzle: true # Temporary operating mode: Authentik is offline, so keep outpost disabled. monitoring_enable_authentik_outpost: false # Keep Dozzle externally reachable while Authentik is unavailable. dozzle_expose_via_traefik: true # === SECURITY: Authentik Integration === authentik_host: "{{ (monitoring | default({})).get('authentik_host', 'https://sso.castaldifamily.com') }}" authentik_outpost_port: 9000 authentik_outpost_dozzle_token: "" # Set via group_vars or environment variable # === PORTAINER SETTINGS === portainer_http_port: 9000 portainer_https_port: 9443 portainer_edge_port: 8000 portainer_domain: "{{ (monitoring | default({})).get('portainer_domain', 'portainer.castaldifamily.com') }}" # === PRO-TIP: Scrape Target Discovery === # We'll dynamically generate Prometheus targets from Ansible inventory # This eliminates manual IP management and enables auto-scaling