From 9d49e05e1213360a60327d9a6453d923ca9caca2 Mon Sep 17 00:00:00 2001
From: phil <phil@systemausfall.org>
Date: Mon, 20 Nov 2023 11:47:05 +0100
Subject: [PATCH] Updates

---
 .vscode/settings.json       |  8 ++++++++
 README.md                   | 14 +++++++++-----
 defaults/main.yml           |  1 -
 handlers/main.yml           |  8 --------
 meta/main.yml               |  2 +-
 tasks/database.yml          |  8 ++++----
 tasks/grafana.yml           | 15 ++++-----------
 tasks/main.yml              | 12 ++++++++----
 tasks/packages.yml          |  8 ++++----
 tasks/webserver.yml         | 22 ++++++++--------------
 templates/apache2-site.conf | 10 +++++-----
 templates/grafana.ini       | 10 +++++-----
 12 files changed, 56 insertions(+), 62 deletions(-)
 create mode 100644 .vscode/settings.json

diff --git a/.vscode/settings.json b/.vscode/settings.json
new file mode 100644
index 0000000..fdae38c
--- /dev/null
+++ b/.vscode/settings.json
@@ -0,0 +1,8 @@
+{
+    "ansible.python.interpreterPath": "/bin/python3.11",
+    "files.associations": {
+        "*.j2": "ansible-jinja",
+        "*.yaml": "ansible",
+        "*.yml": "ansible"
+    },
+}
diff --git a/README.md b/README.md
index 43feffe..a974e0c 100644
--- a/README.md
+++ b/README.md
@@ -3,12 +3,16 @@ Grafana
 
 [Grafana](https://grafana.com) ist eine Redering-Enging für Zeitreihen.
 
+# Variablen
+Die folgenden Variablen müssen vor der Ausführung der Rolle gesetzt werden:
+
+| Variable | Wert | Bedeutung |
+|----------|------|--------------|
+| `grafana_domain` | string | Domainname der Grafana-Instanz |
+| `grafana_db_password` | string | Passwort des Datenbanknutzers |
+
 # Ausführen der Rolle
-- In der jeweiligen `host_vars`-Datei die Variablen in einer `grafana`-Map setzen:
-  | Variable | Wert | Beschreibung |
-  |----------|------|--------------|
-  | `domain` | string | Domainname der Grafana-Instanz |
-- Rolle ausführen:
+- Erstelle ein Playbook namen `grafana.yml` und führe die Rolle aus:
   ```Shell
   ansible-playbook playbooks/grafana.yml
   ```
diff --git a/defaults/main.yml b/defaults/main.yml
index ed95b8e..56f6d29 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,4 +1,3 @@
 ---
 grafana_db: grafana
 grafana_db_user: grafana
-grafana_db_password: "{{ lookup('password', '/tmp/grafana_database_pwd length=42 chars=ascii_letters,digits') }}"
diff --git a/handlers/main.yml b/handlers/main.yml
index 7c80396..7b4bc44 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -1,7 +1,4 @@
 ---
-- name: get certificate
-  ansible.builtin.command: dehydrated --cron -g
-
 - name: restart grafana
   ansible.builtin.service:
     name: grafana-server
@@ -11,8 +8,3 @@
   ansible.builtin.service:
     name: monit
     state: reloaded
-
-- name: reload fail2ban
-  ansible.builtin.service:
-    name: fail2ban
-    state: reloaded
diff --git a/meta/main.yml b/meta/main.yml
index 8e4798e..f6d3ccb 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -3,7 +3,7 @@ galaxy_info:
   description: Role to install Grafana
   company: Sense.Lab e.V.
   license: GPLv3
-  min_ansible_version: "2.9"
+  min_ansible_version: "2.14"
   platforms:
     - name: Debian
       versions:
diff --git a/tasks/database.yml b/tasks/database.yml
index aeb235b..8b82ef2 100644
--- a/tasks/database.yml
+++ b/tasks/database.yml
@@ -1,12 +1,12 @@
 ---
-- name: "database | Erstelle Datenbank"
-  ansible.builtin.mysql_db:
+- name: "Database | Erstelle Datenbank"
+  community.mysql.mysql_db:
     name: "{{ grafana_db }}"
     login_unix_socket: "{{ mysql_socket }}"
     login_user: root
 
-- name: "database | Erstelle Datenbank-Nutzer"
-  ansible.builtin.mysql_user:
+- name: "Database | Erstelle Datenbank-Nutzer"
+  community.mysql.mysql_user:
     name: "{{ grafana_db_user }}"
     password: "{{ grafana_db_password }}"
     priv: "{{ grafana_db }}.*:ALL"
diff --git a/tasks/grafana.yml b/tasks/grafana.yml
index b053eea..c23fbc5 100644
--- a/tasks/grafana.yml
+++ b/tasks/grafana.yml
@@ -1,26 +1,19 @@
 ---
-- name: grafana | Aktivere und starte Service"
+- name: "Grafana | Aktivere und starte Service"
   ansible.builtin.systemd:
     name: grafana-server
     enabled: true
     state: started
     daemon_reload: true
 
-- name: "grafana | Erzeuge Grafana-Konfiguration"
+- name: "Grafana | Erzeuge Grafana-Konfiguration"
   ansible.builtin.template:
     src: grafana.ini
     dest: /etc/grafana/grafana.ini
-    mode: 0640
+    mode: "0640"
   notify: restart grafana
 
-- name: "grafana | Installiere Image Renderer Module"
+- name: "Grafana | Installiere Image Renderer Module"
   ansible.builtin.command:
     cmd: grafana-cli plugins install grafana-image-renderer
     creates: /var/lib/grafana/plugins/grafana-image-renderer
-
-- name: "grafana | Aktiviere Monit-Ueberwachung"
-  ansible.builtin.copy:
-    src: "grafana.monit"
-    dest: "/etc/monit/conf-enabled/grafana"
-    mode: 0644
-  notify: reload monit
diff --git a/tasks/main.yml b/tasks/main.yml
index eff01da..890888c 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,12 +1,16 @@
 ---
-- import_tasks: packages.yml
+- name: Packages
+  ansible.builtin.import_tasks: packages.yml
   tags: packages
 
-- import_tasks: database.yml
+- name: Database
+  ansible.builtin.import_tasks: database.yml
   delegate_to: "{{ database_host }}"
 
-- import_tasks: grafana.yml
+- name: Grafana
+  ansible.builtin.import_tasks: grafana.yml
   tags: grafana
 
-- import_tasks: webserver.yml
+- name: Webserver
+  ansible.builtin.import_tasks: webserver.yml
   tags: webserver
diff --git a/tasks/packages.yml b/tasks/packages.yml
index 41b9250..a64f7b3 100644
--- a/tasks/packages.yml
+++ b/tasks/packages.yml
@@ -1,18 +1,18 @@
 ---
-- name: "packages | Fuege apt-key hinzu"
+- name: "Packages | Fuege apt-key hinzu"
   ansible.builtin.apt_key:
     url: https://packages.grafana.com/gpg.key
 
-- name: "packages | Fuege deb-Repository hinzu"
+- name: "Packages | Fuege deb-Repository hinzu"
   ansible.builtin.apt_repository:
     repo: deb https://packages.grafana.com/oss/deb stable main
     filename: grafana
 
-- name: "packages | Installiere Grafana"
+- name: "Packages | Installiere Grafana"
   ansible.builtin.apt:
     name: grafana
 
-- name: "packages | Installiere chromium"
+- name: "Packages | Installiere chromium"
   ansible.builtin.apt:
     name: chromium
     install_recommends: false
diff --git a/tasks/webserver.yml b/tasks/webserver.yml
index d7de552..7f654fa 100644
--- a/tasks/webserver.yml
+++ b/tasks/webserver.yml
@@ -1,12 +1,6 @@
 ---
-- name: "webserver | Erzeuge Letsencrypt-Zertifikat"
-  ansible.builtin.lineinfile:
-    path: /etc/dehydrated/domains.txt
-    line: "{{ grafana.domain }}"
-  notify: get certificate
-
-- name: "webserver | Aktiviere Apache-Modul"
-  ansible.builtin.apache2_module:
+- name: "Webserver | Aktiviere Apache-Modul"
+  community.general.apache2_module:
     name: "{{ item }}"
     state: present
   notify: restart apache2
@@ -14,14 +8,14 @@
     - proxy
     - proxy_http
 
-- name: "webserver | Kopiere Grafana-Seitenkonfiguration"
+- name: "Webserver | Kopiere Grafana-Seitenkonfiguration"
   ansible.builtin.template:
     src: apache2-site.conf
-    dest: "/etc/apache2/sites-available/{{ grafana.domain }}.conf"
-    mode: 0644
+    dest: "/etc/apache2/sites-available/{{ grafana_domain }}.conf"
+    mode: "0644"
 
-- name: "webserver | Aktiviere Grafana-Seitenkonfiguration"
+- name: "Webserver | Aktiviere Grafana-Seitenkonfiguration"
   ansible.builtin.command:
-    cmd: "a2ensite {{ grafana.domain }}"
-    creates: "/etc/apache2/site-enabled/{{ grafana.domain }}.conf"
+    cmd: "a2ensite {{ grafana_domain }}"
+    creates: "/etc/apache2/site-enabled/{{ grafana_domain }}.conf"
   notify: reload apache2
diff --git a/templates/apache2-site.conf b/templates/apache2-site.conf
index cdc4354..d8bfaa9 100644
--- a/templates/apache2-site.conf
+++ b/templates/apache2-site.conf
@@ -1,11 +1,11 @@
 <VirtualHost *:80>
-    ServerName {{ grafana.domain }}
-    Redirect permanent / https://{{ grafana.domain }}/
+    ServerName {{ grafana_domain }}
+    Redirect permanent / https://{{ grafana_domain }}/
 </VirtualHost>
 
 <IfModule mod_ssl.c>
     <VirtualHost *:443>
-        ServerName {{ grafana.domain }}
+        ServerName {{ grafana_domain }}
         Protocols h2 http/1.1
         DocumentRoot /var/www/html
         IncludeOptional /etc/apache2/conf-available/add-headers.conf
@@ -15,8 +15,8 @@
         LogLevel Error
 
         SSLEngine On
-        SSLCertificateFile /var/lib/dehydrated/certs/{{ grafana.domain }}/fullchain.pem
-        SSLCertificateKeyFile /var/lib/dehydrated/certs/{{ grafana.domain }}/privkey.pem
+        SSLCertificateFile /var/lib/dehydrated/certs/{{ grafana_domain }}/fullchain.pem
+        SSLCertificateKeyFile /var/lib/dehydrated/certs/{{ grafana_domain }}/privkey.pem
 
         ProxyPreserveHost On
         ProxyPass /.well-known !
diff --git a/templates/grafana.ini b/templates/grafana.ini
index 1b972a3..55cc644 100644
--- a/templates/grafana.ini
+++ b/templates/grafana.ini
@@ -2,13 +2,13 @@
 
 [server]
 protocoll = https
-domain = {{ grafana.domain }}
+domain = {{ grafana_domain }}
 enforce_domain = true
-root_url = https://{{ grafana.domain }}
+root_url = https://{{ grafana_domain }}
 
 [database]
 type = mysql
-host = 127.0.0.1:3306
+host = {{ database_host }}:3306
 name = {{ grafana_db }}
 user = {{ grafana_db_user }}
 password = {{ grafana_db_password }}
@@ -48,11 +48,10 @@ rendering_language = de-DE
 signout_redirect_url = {{ grafana_auth_signout_redirect_url }}
 oauth_auto_login = false
 
+{% if grafana_auth_generic_oauth_enabled is defined and grafana_auth_generic_oauth_enabled %}
 [auth.generic_oauth]
 name = {{ grafana_auth_generic_oauth_name }}
-{% if grafana_auth_generic_oauth_enabled is defined and grafana_auth_generic_oauth_enabled %}
 enabled = true
-{% endif %}
 client_id = {{ grafana_auth_generic_oauth_client_id }}
 client_secret = {{ grafana_auth_generic_oauth_client_secret }}
 scopes = openid email profile
@@ -60,3 +59,4 @@ auth_url = {{ grafana_auth_generic_oauth_auth_url }}
 token_url = {{ grafana_auth_generic_oauth_token_url }}
 api_url = {{ grafana_auth_generic_oauth_api_url }}
 role_attribute_path = {{ grafana_auth_generic_oauth_role_attribute_path }}
+{% endif %}