From af2f462c1c0ff753d48fee03d0512e8c3d4d3277 Mon Sep 17 00:00:00 2001 From: "Rasmus \"Pez\" Wejlgaard" Date: Sat, 25 Apr 2026 21:35:39 +0100 Subject: [PATCH] fix: prometheus retention and authelia fix (#73) * fix: prometheus retention time * also fix bug with authelia * linting issues * more linting --- ansible/playbooks/monitoring.yml | 7 +- ansible/roles/prometheus/defaults/main.yml | 2 + ansible/roles/prometheus/handlers/main.yml | 5 ++ ansible/roles/prometheus/tasks/main.yml | 7 ++ ansible/services/authelia/docker-compose.yml | 76 ++++++++++---------- 5 files changed, 53 insertions(+), 44 deletions(-) create mode 100644 ansible/roles/prometheus/defaults/main.yml create mode 100644 ansible/roles/prometheus/handlers/main.yml create mode 100644 ansible/roles/prometheus/tasks/main.yml diff --git a/ansible/playbooks/monitoring.yml b/ansible/playbooks/monitoring.yml index a11084c..64152fd 100644 --- a/ansible/playbooks/monitoring.yml +++ b/ansible/playbooks/monitoring.yml @@ -10,6 +10,8 @@ ansible.builtin.include_vars: file: "{{ playbook_dir }}/../group_vars/all/secrets.yaml" no_log: true + roles: + - prometheus tasks: - name: Deploy Prometheus config ansible.builtin.template: @@ -77,11 +79,6 @@ notify: Restart grafana handlers: - - name: Restart prometheus - ansible.builtin.service: - name: prometheus - state: restarted - - name: Restart grafana ansible.builtin.service: name: grafana diff --git a/ansible/roles/prometheus/defaults/main.yml b/ansible/roles/prometheus/defaults/main.yml new file mode 100644 index 0000000..16a3b9b --- /dev/null +++ b/ansible/roles/prometheus/defaults/main.yml @@ -0,0 +1,2 @@ +--- +prometheus_retention_time: "1y" diff --git a/ansible/roles/prometheus/handlers/main.yml b/ansible/roles/prometheus/handlers/main.yml new file mode 100644 index 0000000..690e0bd --- /dev/null +++ b/ansible/roles/prometheus/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: Restart prometheus + ansible.builtin.service: + name: prometheus + state: restarted diff --git a/ansible/roles/prometheus/tasks/main.yml b/ansible/roles/prometheus/tasks/main.yml new file mode 100644 index 0000000..5ef728c --- /dev/null +++ b/ansible/roles/prometheus/tasks/main.yml @@ -0,0 +1,7 @@ +--- +- name: Set Prometheus args in rc.conf (FreeBSD) + community.general.sysrc: + name: prometheus_args + value: "--storage.tsdb.retention.time={{ prometheus_retention_time }}" + when: ansible_facts["os_family"] == "FreeBSD" + notify: Restart prometheus diff --git a/ansible/services/authelia/docker-compose.yml b/ansible/services/authelia/docker-compose.yml index 36a261e..50b7e6d 100644 --- a/ansible/services/authelia/docker-compose.yml +++ b/ansible/services/authelia/docker-compose.yml @@ -6,22 +6,20 @@ services: authelia: - container_name: authelia - image: docker.io/authelia/authelia:latest - restart: unless-stopped + container_name: "authelia" + image: "docker.io/authelia/authelia:latest" + restart: "unless-stopped" ports: - - '127.0.0.1:9091:9091' + - "127.0.0.1:9091:9091" environment: - AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE: /secrets/JWT_SECRET - AUTHELIA_SESSION_SECRET_FILE: /secrets/SESSION_SECRET - AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE: /secrets/STORAGE_ENCRYPTION_KEY - AUTHELIA_STORAGE_MYSQL_PASSWORD_FILE: /secrets/MYSQL_PASSWORD - AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE: /secrets/LLDAP_ADMIN_PASSWORD - AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE: /secrets/SMTP_PASSWORD - TZ: UTC + AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE: "/secrets/JWT_SECRET" + AUTHELIA_SESSION_SECRET_FILE: "/secrets/SESSION_SECRET" + AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE: "/secrets/STORAGE_ENCRYPTION_KEY" + AUTHELIA_STORAGE_MYSQL_PASSWORD_FILE: "/secrets/MYSQL_PASSWORD" + TZ: "UTC" volumes: - - /root/authelia/config:/config - - /root/authelia/secrets:/secrets + - "/root/authelia/config:/config" + - "/root/authelia/secrets:/secrets" depends_on: mariadb: condition: service_healthy @@ -31,19 +29,19 @@ services: - authelia mariadb: - container_name: authelia-mariadb - image: docker.io/library/mariadb:11 - restart: unless-stopped + container_name: "authelia-mariadb" + image: "docker.io/library/mariadb:11" + restart: "unless-stopped" environment: - MYSQL_ROOT_PASSWORD_FILE: /run/secrets/MYSQL_ROOT_PASSWORD - MYSQL_DATABASE: authelia - MYSQL_USER: authelia - MYSQL_PASSWORD_FILE: /run/secrets/MYSQL_PASSWORD - TZ: UTC + MYSQL_ROOT_PASSWORD_FILE: "/run/secrets/MYSQL_ROOT_PASSWORD" + MYSQL_DATABASE: "authelia" + MYSQL_USER: "authelia" + MYSQL_PASSWORD_FILE: "/run/secrets/MYSQL_PASSWORD" + TZ: "UTC" volumes: - - /root/authelia/mariadb:/var/lib/mysql - - /root/authelia/secrets/MYSQL_ROOT_PASSWORD:/run/secrets/MYSQL_ROOT_PASSWORD:ro - - /root/authelia/secrets/MYSQL_PASSWORD:/run/secrets/MYSQL_PASSWORD:ro + - "/root/authelia/mariadb:/var/lib/mysql" + - "/root/authelia/secrets/MYSQL_ROOT_PASSWORD:/run/secrets/MYSQL_ROOT_PASSWORD:ro" + - "/root/authelia/secrets/MYSQL_PASSWORD:/run/secrets/MYSQL_PASSWORD:ro" networks: - authelia healthcheck: @@ -54,24 +52,24 @@ services: start_period: 30s lldap: - container_name: authelia-lldap - image: docker.io/lldap/lldap:latest - restart: unless-stopped + container_name: "authelia-lldap" + image: "docker.io/lldap/lldap:latest" + restart: "unless-stopped" ports: - - '17170:17170' # Web UI - - '3890:3890' # LDAP + - "17170:17170" + - "3890:3890" environment: - UID: '1000' - GID: '1000' - TZ: UTC - LLDAP_LDAP_BASE_DN: dc=pez,dc=sh - LLDAP_LDAP_USER_DN: admin - LLDAP_LDAP_USER_PASS_FILE: /secrets/LLDAP_ADMIN_PASSWORD - LLDAP_JWT_SECRET_FILE: /secrets/LLDAP_JWT_SECRET + UID: "1000" + GID: "1000" + TZ: "UTC" + LLDAP_LDAP_BASE_DN: "dc=pez,dc=sh" + LLDAP_LDAP_USER_DN: "admin" + LLDAP_LDAP_USER_PASS_FILE: "/secrets/LLDAP_ADMIN_PASSWORD" + LLDAP_JWT_SECRET_FILE: "/secrets/LLDAP_JWT_SECRET" volumes: - - /root/authelia/lldap:/data - - /root/authelia/secrets/LLDAP_ADMIN_PASSWORD:/secrets/LLDAP_ADMIN_PASSWORD:ro - - /root/authelia/secrets/LLDAP_JWT_SECRET:/secrets/LLDAP_JWT_SECRET:ro + - "/root/authelia/lldap:/data" + - "/root/authelia/secrets/LLDAP_ADMIN_PASSWORD:/secrets/LLDAP_ADMIN_PASSWORD:ro" + - "/root/authelia/secrets/LLDAP_JWT_SECRET:/secrets/LLDAP_JWT_SECRET:ro" networks: - authelia