nutomic/yerbamate-ml
1
0
Fork 0
Code Issues 2 Pull requests Releases Wiki Activity

Add authorisation for influxdb endpoint

Browse source
This commit is contained in:
Felix Ableitner 2020-10-21 12:29:29 +02:00
parent d193e06657
commit 781f8447dd
7 changed files with 18 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
files/docker-compose.yml
View file

@ -64,8 +64,7 @@ services:
ports: ports:
- 127.0.0.1:8086:8086 - 127.0.0.1:8086:8086
environment: environment:
- INFLUXDB_WRITE_USER=telegraf - INFLUXDB_REPORTING_DISABLED=true
- INFLUXDB_WRITE_USER_PASSWORD=${INFLUXDB_WRITE_USER_PASSWORD}
volumes: volumes:
- ./volumes/influxdb:/var/lib/influxdb - ./volumes/influxdb:/var/lib/influxdb
- ./influxdb.conf:/etc/influxdb/influxdb.conf:ro - ./influxdb.conf:/etc/influxdb/influxdb.conf:ro

9
group_vars/prod.yml
View file

@ -6,7 +6,7 @@ letsencrypt_contact_email: !vault |
36633466366138323334386337383262353934323337343932633837663136616437326331366431 36633466366138323334386337383262353934323337343932633837663136616437326331366431
3261333962353964300a363535383130336164623862326165626466393334666638323964663834 3261333962353964300a363535383130336164623862326165626466393334666638323964663834
3635 3635
influxdb_password: !vault | influxdb_auth_password: !vault |
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
61616638303232373339653737303566613430663763313864633365313166383163323033636364 61616638303232373339653737303566613430663763313864633365313166383163323033636364
3163313737323662343934323866633734633530646638610a666662663761363533373539316631 3163313737323662343934323866633734633530646638610a666662663761363533373539316631
@ -27,10 +27,3 @@ weblate_postgres_password: !vault |
66353238623038366230323239303634613963643635626632353739636564396430386565623466 66353238623038366230323239303634613963643635626632353739636564396430386565623466
6562383763396235340a313463643239333662393430613465363965666466303461663066386533 6562383763396235340a313463643239333662393430613465363965666466303461663066386533
61323161323732396533373062663762383031336330653336376533633633393035 61323161323732396533373062663762383031336330653336376533633633393035
telegraf_influxdb_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
61343966363633306163646530646361613833663831623139376135396436623835333363663236
3235613761363138313236636164646131383234313532370a626234643530373339646133313332
36623563623434323336663262323939326534643834666465333863386231616439636132316436
3833303337393633320a313766336236303264376333373535353832646262666634383062303935
62393230366331396435313162636136333832623939666663623131343761633031

20
playbooks/gitea.yml
View file

@ -41,20 +41,27 @@
- name: install dependencies - name: install dependencies
apt: apt:
pkg: ['docker-compose', 'docker.io', 'certbot', 'nginx', 'python-certbot-nginx'] pkg: ['docker-compose', 'docker.io', 'certbot', 'nginx', 'python-certbot-nginx', 'python-passlib']
- name: enable and start docker service - name: enable and start docker service
systemd: systemd:
name: docker name: docker
enabled: yes enabled: yes
state: started state: started
- name: start docker-compose - name: start docker-compose
docker_compose: docker_compose:
project_src: /gitea/ project_src: /gitea/
state: present state: present
stopped: yes pull: yes
services: nginx
- name: Create htpasswd file for influxdb reporting endpoint
community.general.htpasswd:
path: /gitea/influxdb_htpasswd
name: telegraf
password: '{{ influxdb_auth_password }}'
owner: root
group: www-data
mode: 0640
- name: request letsencrypt certificates - name: request letsencrypt certificates
shell: | shell: |
@ -62,11 +69,6 @@
certbot certonly --nginx --agree-tos -d 'weblate.{{ domain }}' -m '{{ letsencrypt_contact_email }}' -n certbot certonly --nginx --agree-tos -d 'weblate.{{ domain }}' -m '{{ letsencrypt_contact_email }}' -n
certbot certonly --nginx --agree-tos -d 'grafana.{{ domain }}' -m '{{ letsencrypt_contact_email }}' -n certbot certonly --nginx --agree-tos -d 'grafana.{{ domain }}' -m '{{ letsencrypt_contact_email }}' -n
- name: start docker-compose
docker_compose:
project_src: /gitea/
state: present
pull: yes
- name: reload nginx config and certs - name: reload nginx config and certs
shell: nginx -s reload shell: nginx -s reload

1
templates/env
View file

@ -2,4 +2,3 @@ GITEA_HOSTNAME={{ domain }}
WEBLATE_HOSTNAME=weblate.{{ domain }} WEBLATE_HOSTNAME=weblate.{{ domain }}
WEBLATE_ADMIN_PASSWORD={{ weblate_admin_password }} WEBLATE_ADMIN_PASSWORD={{ weblate_admin_password }}
WEBLATE_POSTGRES_PASSWORD={{ weblate_postgres_password }} WEBLATE_POSTGRES_PASSWORD={{ weblate_postgres_password }}
INFLUXDB_WRITE_USER_PASSWORD={{ influxdb_password }}

2
templates/gitea.conf
View file

@ -4,6 +4,8 @@ geoip_country /usr/share/GeoIP/GeoIP.dat;
map $geoip_country_code $allowed_country { map $geoip_country_code $allowed_country {
default yes; default yes;
CN no; CN no;
RU no;
IN no;
} }
server { server {

2
templates/grafana.conf
View file

@ -48,6 +48,8 @@ server {
} }
location /telegraf-input/ { location /telegraf-input/ {
auth_basic "telegraf input";
auth_basic_user_file /gitea/influxdb_htpasswd;
proxy_pass http://127.0.0.1:8086/; proxy_pass http://127.0.0.1:8086/;
} }
} }

2
templates/telegraf.conf.j2
View file

@ -149,7 +149,7 @@ database = "yerbamate-dev"
## HTTP Basic Auth ## HTTP Basic Auth
username = "telegraf" username = "telegraf"
password = "{{ telegraf_influxdb_password }}" password = "{{ influxdb_auth_password }}"
## HTTP User-Agent ## HTTP User-Agent
# user_agent = "telegraf" # user_agent = "telegraf"