From 867d42baae170b65349d942760e35a02c65a7f80 Mon Sep 17 00:00:00 2001
From: Jelle van der Waa <jelle@archlinux.org>
Date: Fri, 14 May 2021 00:18:16 +0200
Subject: [PATCH] Add vault_prometheus for the prometheus mirror

---
 group_vars/all/vault_prometheus.yml          | 10 ++++++++++
 host_vars/dashboards.archlinux.org           |  1 +
 roles/prometheus/tasks/main.yml              |  2 +-
 roles/prometheus/templates/web-config.yml.j2 |  2 +-
 4 files changed, 13 insertions(+), 2 deletions(-)
 create mode 100644 group_vars/all/vault_prometheus.yml

diff --git a/group_vars/all/vault_prometheus.yml b/group_vars/all/vault_prometheus.yml
new file mode 100644
index 000000000..5b7f90fbc
--- /dev/null
+++ b/group_vars/all/vault_prometheus.yml
@@ -0,0 +1,10 @@
+$ANSIBLE_VAULT;1.1;AES256
+64353665663138643230363535333331343335646139346637333532323235643932643630313563
+3630393339386665613962633065373837613432396438360a376236343439323266316232333931
+65626539613130373032666539386433633731373330646431666535643235396363323563646666
+6234623837653030310a663438383933306239346130616666646236383061316638636230623032
+64663638323936376437333038646364333833666463623534333234373863633235633066613530
+64363961376539353833323039353565363565623064376130363839633735663437633033646362
+32336633353235623732343831343530363464306633626139356561643239313661363265656134
+31333334343263393366323639396538656237626266383335643964626234613363356537323736
+3565
diff --git a/host_vars/dashboards.archlinux.org b/host_vars/dashboards.archlinux.org
index 827585ee1..03f71d93b 100644
--- a/host_vars/dashboards.archlinux.org
+++ b/host_vars/dashboards.archlinux.org
@@ -1,3 +1,4 @@
 ---
 filesystem: btrfs
 ipv4_address: 157.90.255.107
+prometheus_domain: dashboards.archlinux.org
diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml
index 8d6092391..0cbf67b19 100644
--- a/roles/prometheus/tasks/main.yml
+++ b/roles/prometheus/tasks/main.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: install prometheus server
-  pacman: name=prometheus state=present
+  pacman: name=prometheus,python-passlib,python-bcrypt state=present
 
 - name: install cert renewal hook
   template: src=letsencrypt.hook.d.j2 dest=/etc/letsencrypt/renewal-hooks/deploy/prometheus owner=root group=root mode=0755
diff --git a/roles/prometheus/templates/web-config.yml.j2 b/roles/prometheus/templates/web-config.yml.j2
index 2c25c8fc0..1c304aa46 100644
--- a/roles/prometheus/templates/web-config.yml.j2
+++ b/roles/prometheus/templates/web-config.yml.j2
@@ -5,4 +5,4 @@ tls_server_config:
 # Usernames and passwords required to connect to Prometheus.
 # Passwords are hashed with bcrypt: https://github.com/prometheus/exporter-toolkit/blob/46630604b0f1c5d64fbd3eb3010d91af38dc798b/docs/web-configuration.md#about-bcrypt
 basic_auth_users:
-  {{ vault_prometheus_user }}: {{ vault_prometheus_passwd_hashed }}
+  {{ vault_prometheus_user }}: {{ vault_prometheus_passwd | password_hash('bcrypt') }}
-- 
GitLab