nathan/homelab
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Releases Wiki Activity
homelab/ansible/archive/roles/monitoring_stack/defaults/main.yml

117 lines
4.0 KiB
YAML
Raw Blame History

---
# roles/monitoring_stack/defaults/main.yml
# Watchtower monitoring stack configuration
# Environment-specific values should be defined in group_vars or inventory
# === DEPLOYMENT SETTINGS ===
stack_dir: "/opt/stacks/watchtower"
chester_user: "{{ (monitoring | default({})).get('stack_user', 'chester') }}"
# Focused rollout controls: deploy one service at a time when enabled.
monitoring_focus_mode: false
monitoring_focus_service: "prometheus"
# === NETWORK CONFIGURATION ===
heimdall_redis: "{{ (monitoring | default({})).get('heimdall_redis', '10.0.0.151:6379') }}"
watchtower_ip: "{{ (monitoring | default({})).get('watchtower_ip', '10.0.0.200') }}"
# === PROMETHEUS SETTINGS ===
prometheus_retention: "15d"
prometheus_scrape_interval: "15s"
prometheus_port: 9090
prometheus_host_port: 9091
# === GRAFANA SETTINGS ===
grafana_port: 3000
grafana_domain: "{{ (monitoring | default({})).get('grafana_domain', 'grafana.castaldifamily.com') }}"
grafana_admin_user: "admin"
# grafana_admin_password: MUST be defined in inventory (vault-encrypted recommended)
grafana_prometheus_datasource_name: "Prometheus"
grafana_prometheus_datasource_uid: "fffcnxoznd2bkc"
grafana_prometheus_url: "http://prometheus:9090"
grafana_loki_datasource_name: "Loki"
grafana_loki_datasource_uid: "loki-homelab"
grafana_loki_url: "http://loki:3100"
grafana_dashboards_folder: "Homelab"
# === LOKI SETTINGS (Log Aggregation) ===
loki_port: 3100
loki_retention: "168h" # 7 days
# === BLACKBOX SETTINGS (Endpoint / Network Probing) ===
blackbox_port: 9115
blackbox_exporter_image: "prom/blackbox-exporter:latest"
# Targets probed from Watchtower for network and service reachability.
# Scheme examples:
# - ICMP: 10.0.0.2
# - TCP: 10.0.0.151:443
# - HTTP: https://grafana.castaldifamily.com
monitoring_probe_targets:
- name: omada-er7212pc-gateway
module: icmp
target: "10.0.0.2"
- name: edge-traefik-https
module: tcp_connect
target: "10.0.0.151:443"
- name: watchtower-http-prometheus
module: http_2xx
target: "http://{{ watchtower_ip }}:{{ prometheus_host_port }}/-/ready"
# === PROXMOX CLUSTER REACHABILITY ===
- name: pve01-icmp
module: icmp
target: "10.0.0.201"
- name: pve02-icmp
module: icmp
target: "10.0.0.202"
- name: pve03-icmp
module: icmp
target: "10.0.0.203"
- name: pve01-web
module: http_2xx
target: "https://10.0.0.201:8006"
- name: pve02-web
module: http_2xx
target: "https://10.0.0.202:8006"
- name: pve03-web
module: http_2xx
target: "https://10.0.0.203:8006"
# === PROXMOX API EXPORTER SETTINGS ===
pve_exporter_port: 9221
pve_exporter_config_dir: "{{ stack_dir }}/pve-exporter-config"
pve_exporter_token_name: "monitoring"
# Resolved in playbook pre_tasks from vault_vars.vault_pve_exporter_token
# (or PVE_EXPORTER_TOKEN environment variable fallback).
pve_exporter_token: ""
pve_exporter_verify_ssl: false
# === UPTIME-KUMA SETTINGS ===
uptime_kuma_port: 3001
uptime_domain: "{{ (monitoring | default({})).get('uptime_domain', 'status.castaldifamily.com') }}"
# === DOZZLE SETTINGS ===
dozzle_port: 8080
dozzle_domain: "{{ (monitoring | default({})).get('dozzle_domain', 'logs.castaldifamily.com') }}"
dozzle_agent_port: 7007
monitoring_enable_dozzle: true
# Temporary operating mode: Authentik is offline, so keep outpost disabled.
monitoring_enable_authentik_outpost: false
# Keep Dozzle externally reachable while Authentik is unavailable.
dozzle_expose_via_traefik: true
# === SECURITY: Authentik Integration ===
authentik_host: "{{ (monitoring | default({})).get('authentik_host', 'https://sso.castaldifamily.com') }}"
authentik_outpost_port: 9000
authentik_outpost_dozzle_token: "" # Set via group_vars or environment variable
# === PORTAINER SETTINGS ===
portainer_http_port: 9000
portainer_https_port: 9443
portainer_edge_port: 8000
portainer_domain: "{{ (monitoring | default({})).get('portainer_domain', 'portainer.castaldifamily.com') }}"
# === PRO-TIP: Scrape Target Discovery ===
# We'll dynamically generate Prometheus targets from Ansible inventory
# This eliminates manual IP management and enables auto-scaling
Reference in New Issue View Git Blame Copy Permalink