Move vars to defaults

playbooks/roles/lgtm_stack/defaults/main.yml

@@ -0,0 +1,173 @@
+---
+lgtm_stack_domain: "{{ all_services | service_get_domain(role_name) }}"
+lgtm_stack_mimir_domain: mimir.serguzim.me
+lgtm_stack_alloy_domain: alloy.serguzim.me
+lgtm_stack_loki_domain: "{{ all_services | service_get_domain('loki') }}"
+
+lgtm_stack_alloy_jobs: "{{ all_services | services_to_alloy() }}"
+
+
+lgtm_stack_svc:
+  domain: "{{ lgtm_stack_domain }}"
+  port: 3000
+  extra_svcs:
+    - domain: "{{ lgtm_stack_alloy_domain }}"
+      docker_host: lgtm_stack_alloy
+      port: 12345
+      caddy_extra: import vpn_only
+    - domain: "{{ lgtm_stack_mimir_domain }}"
+      docker_host: lgtm_stack_mimir
+      port: 9009
+      caddy_extra: import vpn_only
+  postgresql_collector:
+    host: "{{ postgres.host }}"
+    port: "{{ postgres.port }}"
+    user: "{{ opentofu.postgresql_metrics_collector.user }}"
+    pass: "{{ opentofu.postgresql_metrics_collector.pass }}"
+    database: "{{ opentofu.postgresql_metrics_collector.database }}"
+
+lgtm_stack_env:
+
+  GF_DEFAULT_INSTANCE_NAME: "{{ lgtm_stack_domain }}"
+  GF_SERVER_PROTOCOL: "http"
+  GF_SERVER_DOMAIN: "{{ lgtm_stack_domain }}"
+  GF_SERVER_ROOT_URL: "https://{{ lgtm_stack_domain }}/"
+
+  GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION: true
+  GF_SECURITY_ADMIN_USER: "{{ admin_email }}"
+  GF_SECURITY_SECRET_KEY: "{{ vault_lgtm_stack.grafana.secret_key }}"
+  GF_SECURITY_COOKIE_SECURE: true
+  GF_SECURITY_COOKIE_SAMESITE: "strict"
+
+  GF_PLUGINS_PLUGIN_ADMIN_ENABLED: true
+
+  GF_DATABASE_TYPE: "postgres"
+  GF_DATABASE_HOST: "{{ postgres.host }}"
+  GF_DATABASE_NAME: "{{ opentofu.postgresql_data.lgtm_stack.database }}"
+  GF_DATABASE_USER: "{{ opentofu.postgresql_data.lgtm_stack.user }}"
+  GF_DATABASE_PASSWORD: "{{ opentofu.postgresql_data.lgtm_stack.pass }}"
+  GF_DATABASE_SSL_MODE: "verify-full"
+
+  GF_USERS_ALLOW_SIGN_UP: false
+  GF_AUTH_DISABLE_LOGIN_FORM: true
+  GF_SIGNOUT_REDIRECT_URL: "https://{{ lgtm_stack_domain }}/"
+  GF_OAUTH_AUTO_LOGIN: true
+  GF_AUTH_ANONYMOUS_ENABLED: false
+  GF_AUTH_ANONYMOUS_ORG_NAME: "Main Org."
+  GF_AUTH_ANONYMOUS_ORG_ROLE: "Viewer"
+  GF_AUTH_GENERIC_OAUTH_ENABLED: true
+  GF_AUTH_GENERIC_OAUTH_NAME: "auth.serguzim.me"
+  GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP: true
+  GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: "\
+    contains(groups, 'Grafana GrafanaAdmins') && 'GrafanaAdmin'
+    || contains(groups, 'Grafana Admins') && 'Admin'
+    || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'"
+  GF_AUTH_GENERIC_OAUTH_ALLOW_ASSIGN_GRAFANA_ADMIN: true
+  GF_AUTH_GENERIC_OAUTH_CLIENT_ID: "{{ opentofu.authentik_data.lgtm_stack.client_id }}"
+  GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: "{{ opentofu.authentik_data.lgtm_stack.client_secret }}"
+  GF_AUTH_GENERIC_OAUTH_SCOPES: "openid profile email"
+  GF_AUTH_GENERIC_OAUTH_AUTH_URL: "https://auth.serguzim.me/application/o/authorize/"
+  GF_AUTH_GENERIC_OAUTH_TOKEN_URL: "https://auth.serguzim.me/application/o/token/"
+  GF_AUTH_GENERIC_OAUTH_API_URL: "https://auth.serguzim.me/application/o/userinfo/"
+  GF_AUTH_SIGNOUT_REDIRECT_URL: "{{ (opentofu.authentik_data.lgtm_stack.base_url, 'end-session') | path_join }}/"
+  GF_AUTH_OAUTH_AUTO_LOGIN: true
+
+  GF_SMTP_ENABLED: true
+  GF_SMTP_HOST: "{{ mailer.host }}:{{ mailer.port }}"
+  GF_SMTP_USER: "{{ opentofu.mailcow_data.lgtm_stack.address }}"
+  GF_SMTP_PASSWORD: "{{ opentofu.mailcow_data.lgtm_stack.password }}"
+  GF_SMTP_FROM_ADDRESS: "{{ opentofu.mailcow_data.lgtm_stack.address }}"
+  GF_SMTP_FROM_NAME: "Monitoring"
+
+lgtm_stack_grafana_datasources:
+  apiVersion: 1
+
+  deleteDatasources:
+    - name: Mimir
+
+  datasources:
+    - name: Mimir
+      type: prometheus
+      access: proxy
+      orgId: 1
+      url: "https://{{ lgtm_stack_mimir_domain }}/prometheus"
+      version: 1
+      editable: true
+      jsonData:
+        timeInterval: 60s
+        prometheusType: Mimir
+
+lgtm_stack_mimir_yml:
+  multitenancy_enabled: false
+  target: all
+
+  common:
+    storage:
+      backend: s3
+      s3:
+        endpoint: "{{ opentofu.scaleway_data.mimir_blocks.api_endpoint | regex_replace('^https://', '') }}"
+        region: "{{ opentofu.scaleway_data.mimir_blocks.region }}"
+        access_key_id: "{{ opentofu.scaleway_data.mimir_blocks.access_key }}"
+        secret_access_key: "{{ opentofu.scaleway_data.mimir_blocks.secret_key }}"
+  blocks_storage:
+    s3:
+      bucket_name: "{{ opentofu.scaleway_data.mimir_blocks.name }}"
+  alertmanager_storage:
+    s3:
+      bucket_name: "{{ opentofu.scaleway_data.mimir_alertmanager.name }}"
+  ruler_storage:
+    s3:
+      bucket_name: "{{ opentofu.scaleway_data.mimir_ruler.name }}"
+
+  server:
+    http_listen_port: 9009
+
+    # Configure the server to allow messages up to 100MB.
+    grpc_server_max_recv_msg_size: 104857600
+    grpc_server_max_send_msg_size: 104857600
+    grpc_server_max_concurrent_streams: 1000
+
+  ingester:
+    ring:
+      replication_factor: 1
+
+lgtm_stack_compose:
+  watchtower: update
+  image: grafana/grafana-oss
+  volumes:
+    - ./datasources:/etc/grafana/provisioning/datasources
+    - grafana-data:/var/lib/grafana
+  file:
+    services:
+      alloy:
+        image: grafana/alloy:latest
+        restart: always
+        volumes:
+          - /var/run/docker.sock:/var/run/docker.sock
+          - ./config.alloy:/etc/alloy/config.alloy:ro
+        command:
+          - run
+          - /etc/alloy/config.alloy
+          - --storage.path=/var/lib/alloy/data
+          - --server.http.listen-addr=0.0.0.0:12345
+          - --stability.level=experimental
+        networks:
+          apps:
+            aliases:
+              - lgtm_stack_alloy
+          default:
+
+      mimir:
+        image: grafana/mimir:latest
+        restart: always
+        command:
+          - -config.file=/etc/mimir-config/mimir.yaml
+        volumes:
+          - ./mimir.yaml:/etc/mimir-config/mimir.yaml:ro
+        networks:
+          default:
+          apps:
+            aliases:
+              - lgtm_stack_mimir
+    volumes:
+      grafana-data: