Erstelle Grafana-Rolle

templates/apache2-site.conf

@@ -0,0 +1,26 @@
+<VirtualHost *:80>
+    ServerName {{ grafana.domain }}
+    Redirect permanent / https://{{ grafana.domain }}/
+</VirtualHost>
+
+<IfModule mod_ssl.c>
+    <VirtualHost *:443>
+        ServerName {{ grafana.domain }}
+        Protocols h2 http/1.1
+        DocumentRoot /var/www/html
+        IncludeOptional /etc/apache2/conf-available/add-headers.conf
+
+        ErrorLog ${APACHE_LOG_DIR}/grafana.error.log
+        #CustomLog ${APACHE_LOG_DIR}/grafana.access.log combined
+        LogLevel Error
+
+        SSLEngine On
+        SSLCertificateFile /var/lib/dehydrated/certs/{{ grafana.domain }}/fullchain.pem
+        SSLCertificateKeyFile /var/lib/dehydrated/certs/{{ grafana.domain }}/privkey.pem
+
+        ProxyPreserveHost On
+        ProxyPass /.well-known !
+        ProxyPass / http://127.0.0.1:3000/
+        ProxyPassReverse / http://127.0.0.1:3000/
+    </VirtualHost>
+</IfModule>

templates/grafana.ini

@@ -0,0 +1,27 @@
+# {{ ansible_managed }}
+
+[server]
+domain = {{ grafana.domain }}
+
+[database]
+type = mysql
+host = 127.0.0.1:3306
+name = {{ grafana_db }}
+user = {{ grafana_db_user }}
+password = {{ grafana_db_password }}
+
+[security]
+disable_gravatar = true
+cookie_secure = true
+cookie_samesite = strict
+strict_transport_security = true
+strict_transport_security_max_age_seconds = 86400
+strict_transport_security_preload = true
+strict_transport_security_subdomains = true
+x_content_type_options = true
+x_xss_protection = true
+content_security_policy = true
+content_security_policy_template = """script-src 'unsafe-eval' 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data:;base-uri 'self';connect-src 'self' grafana.com;manifest-src 'self';media-src 'none';form-action 'self';"""
+
+[auth.anonymous]
+enabled = false