unbound_exporter: Initial version of role

2025-01-19 16:15:24 +00:00 · 2025-01-19 16:15:24 +00:00 · ae491f8977
commit ae491f8977
parent d4bfc7586f
3 changed files with 52 additions and 0 deletions
--- a/roles/unbound_exporter/handlers/main.yml
+++ b/roles/unbound_exporter/handlers/main.yml
@ -0,0 +1,5 @@
+---
+- name: Restart unbound_exporter
+  ansible.builtin.service:
+    name: unbound_exporter
+    state: restarted
--- a/roles/unbound_exporter/tasks/main.yml
+++ b/roles/unbound_exporter/tasks/main.yml
@ -0,0 +1,36 @@
+---
+- name: Install packages
+  ansible.builtin.package:
+    name: unbound_exporter
+    state: installed
+
+- name: Add user to hostkey group
+  ansible.builtin.user:
+    name: _unboundexporter
+    groups: hostkey
+    append: true
+    create_home: false
+  notify: Restart unbound_exporter
+
+- name: Create config directory
+  ansible.builtin.file:
+    path: /etc/unbound_exporter
+    state: directory
+    mode: "0755"
+    owner: root
+    group: "{{ ansible_wheel }}"
+
+- name: Create web-config
+  ansible.builtin.template:
+    dest: /etc/unbound_exporter/web-config.yml
+    src: web-config.yml.j2
+    mode: "0644"
+    owner: root
+    group: "{{ ansible_wheel }}"
+  notify: Restart unbound_exporter
+
+- name: Enable service
+  ansible.builtin.service:
+    name: unbound_exporter
+    state: started
+    enabled: true
--- a/roles/unbound_exporter/templates/web-config.yml.j2
+++ b/roles/unbound_exporter/templates/web-config.yml.j2
@ -0,0 +1,11 @@
+---
+tls_server_config:
+  key_file: {{ tls_private }}/{{ inventory_hostname }}.key
+  cert_file: {{ tls_certs }}/{{ inventory_hostname }}.crt
+  client_ca_file: {{ tls_certs }}/ca.crt
+  client_auth_type: RequireAndVerifyClientCert
+  client_allowed_sans:
+{% for host in groups['prometheus'] %}
+    - {{ host }}
+{% endfor %}
+  min_version: TLS13