fix lints and laters

.later.yaml

@@ -70,6 +70,7 @@ rules:
     - "LINT0007"
     - "LINT0008"
     - "ANSIBLE0013"
+    - "ANSIBLE0002"
 
   # List of rule ID's that should be displayed as a warning instead of an error. By default,
   # only rules whose version is higher than the current default version are marked as warnings.

host_vars/bkk03.yaml

@@ -336,3 +336,4 @@ lxc_nodes:
       - from_port: "{{ hostvars['wch13']['default_p2p_port_wss'] }}"
         to_host: "{{ hostvars['wch13']['container_ip'] }}:{{ hostvars['wch13']['default_p2p_port_wss'] }}"
         protocol: "tcp"
+...

host_vars/bkk04.yaml

@@ -566,3 +566,4 @@ lxc_nodes:
       - from_port: "{{ hostvars['enc14']['default_p2p_port_wss'] }}"
         to_host: "{{ hostvars['enc14']['container_ip'] }}:{{ hostvars['enc14']['default_p2p_port_wss'] }}"
         protocol: "tcp"
+...

host_vars/ibp.yaml

@@ -7,3 +7,4 @@ host_timezone: "Asia/Bangkok"
 netif: '{"net0":"name=eth0,gw={{ default_nat_network_forward_cidr.split("/")[0] }},ip={{ default_host_ip }}/24,bridge={{ default_nat_device }}"}'
 role: "monitor"
 pinned_service: False
+...

roles/setup_install_prometheus/files/prometheus.service

@@ -0,0 +1,18 @@
+[Unit]
+  Description=Prometheus Monitoring
+  Wants=network-online.target
+  After=network-online.target
+[Service]
+  User=prometheus
+  Group=prometheus
+  Type=simple
+  ExecStart=/usr/local/bin/prometheus \
+  --config.file /etc/prometheus/prometheus.yaml \
+  --storage.tsdb.path /var/lib/prometheus/ \
+  --web.console.templates=/etc/prometheus/consoles \
+  --web.console.libraries=/etc/prometheus/console_libraries \
+  --storage.tsdb.retention.time 60d \
+  --web.enable-admin-api
+  ExecReload=/bin/kill -HUP $MAINPID
+[Install]
+  WantedBy=multi-user.target

roles/setup_install_prometheus/files/prometheus.yaml

@@ -0,0 +1,102 @@
+---
+global:
+  scrape_interval: 15s
+  evaluation_interval: 15s
+
+scrape_configs:
+  - job_name: "prometheus"
+    scrape_interval: 5s
+    static_configs:
+      - targets: ["localhost:9090"]
+  - job_name: "node_exporter"
+    scrape_interval: 5s
+    static_configs:
+      - targets: ["localhost:9100"]
+
+  - job_name: turboflakes
+    metrics_path: /federate
+    honor_labels: true
+    scheme: https
+    params:
+      match[]:
+        - '{job="substrate"}'
+    static_configs:
+      - targets:
+          - ibp-prometheus.turboflakes.io:9095
+
+  - job_name: amforc
+    metrics_path: /federate
+    honor_labels: true
+    scheme: https
+    params:
+      match[]:
+        - '{job="substrate"}'
+    static_configs:
+      - targets:
+          - ibp-monitor.amforc.com:9090
+
+  - job_name: "metaspan"
+    scrape_interval: 15s
+    honor_labels: true
+    metrics_path: "/federate"
+    params:
+      "match[]":
+        - '{job="substrate"}'
+    static_configs:
+      - targets:
+          - "195.144.22.130:9090"
+
+  - job_name: "stakeplus"
+    scrape_interval: 15s
+    honor_labels: true
+    metrics_path: "/federate"
+    params:
+      "match[]":
+        - '{job="substrate"}'
+    static_configs:
+      - targets:
+          - "192.96.202.185:59090"
+
+  - job_name: "helikon"
+    scrape_interval: 15s
+    honor_labels: true
+    metrics_path: "/federate"
+    params:
+      "match[]":
+        - '{job="substrate"}'
+    static_configs:
+      - targets:
+          - "82.222.18.146:19300"
+
+  - job_name: "gatotech"
+    scrape_interval: 15s
+    honor_labels: true
+    metrics_path: "/federate"
+    params:
+      "match[]":
+        - '{job="substrate"}'
+    static_configs:
+      - targets:
+          - "138.59.133.248:9090"
+
+  - job_name: dwellir
+    metrics_path: /713173e6-ff3f-46ab-b245-b41da8f717d3/federate
+    honor_labels: true
+    scheme: https
+    params:
+      match[]:
+        - '{__name__=~"substrate.*"}'
+    static_configs:
+      - targets:
+          - ibp-metrics-ng.dwellir.com
+
+  - job_name: rotko
+    metrics_path: /federate
+    honor_labels: true
+    scheme: https
+    params:
+      match[]:
+        - '{__name__=~"substrate.*"}'
+    static_configs:
+      - targets:
+          - ibp-monitor.rotko.net

roles/setup_install_prometheus/tasks/main.yaml

@@ -0,0 +1,47 @@
+---
+# tasks file for prometheus
+
+- name: Check latest version of Prometheus if not define from monitoring
+  ansible.builtin.shell:
+    cmd: |
+      set -o pipefail
+      curl -s https://api.github.com/repos/prometheus/prometheus/releases/latest | grep "tag_name" | awk '{print substr($2, 3, length($2)-4)}'
+  register: prometheus_latest
+  when: hostvars['monitor']['prometheus_latest_mon'] is not defined
+
+- name: Get latest version of Prometheus from monitoring
+  ansible.builtin.set_fact:
+    prometheus_latest: "{{ hostvars['monitor']['prometheus_latest_mon'] }}"
+  when: hostvars['monitor']['prometheus_latest_mon'] is defined
+
+- name: Check installed version of Prometheus
+  ansible.builtin.shell:
+    cmd: |
+      set -o pipefail
+      prometheus --version | grep prometheus | awk '{print substr($3, 0, length($3))}'
+  register: prometheus_installed
+
+- name: Import Prometheus tasks
+  ansible.builtin.import_tasks: "prometheus-tasks.yaml"
+  when: prometheus_latest.stdout != prometheus_installed.stdout
+
+- name: Copy file with owner and permissions
+  ansible.builtin.copy:
+    src: files/prometheus.yaml
+    dest: /etc/prometheus/prometheus.yaml
+    owner: prometheus
+    group: prometheus
+    mode: "0755"
+
+- name: Check Prometheus configuration
+  ansible.builtin.shell:
+    cmd: |
+      set -o pipefail
+      promtool check config /etc/prometheus/prometheus.yaml
+
+- name: Restart service
+  ansible.builtin.systemd:
+    name: prometheus
+    state: restarted
+    daemon_reload: yes
+...

roles/setup_install_prometheus/tasks/prometheus-tasks.yaml

@@ -0,0 +1,77 @@
+---
+# Reworked tasks for Prometheus setup
+
+- name: Fetch the latest version of Prometheus
+  ansible.builtin.shell:
+    cmd: |
+      set -o pipefail
+      wget $(curl -s https://api.github.com/repos/prometheus/prometheus/releases/latest | grep "tag_name" | awk '{print "https://github.com/prometheus/prometheus/releases/download/" substr($2, 2, length($2)-3) "/prometheus-" substr($2, 3, length($2)-4) ".linux-amd64.tar.gz"}')
+      tar xvf prometheus-*.tar.gz
+
+- name: Move Prometheus binaries to the desired location
+  ansible.builtin.shell:
+    cmd: |
+      mv ./prometheus-*.linux-amd64/prometheus /usr/local/bin/
+      mv ./prometheus-*.linux-amd64/promtool /usr/local/bin/
+      cp -r ./prometheus-*.linux-amd64/consoles /etc/prometheus
+      cp -r ./prometheus-*.linux-amd64/console_libraries /etc/prometheus
+
+- name: Ensure Prometheus group exists
+  ansible.builtin.group:
+    name: prometheus
+    state: present
+
+- name: Ensure Prometheus user exists and is a member of the Prometheus group
+  ansible.builtin.user:
+    name: prometheus
+    state: present
+    group: prometheus
+
+- name: Create necessary Prometheus directories
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    owner: prometheus
+    group: prometheus
+    mode: "0755"
+  loop:
+    - /etc/prometheus/
+    - /var/lib/prometheus/
+
+- name: Clean up downloaded Prometheus packages
+  ansible.builtin.shell:
+    cmd: rm -rf ./prometheus*
+
+- name: Deploy Prometheus configuration
+  ansible.builtin.copy:
+    src: files/prometheus.yml
+    dest: /etc/prometheus/prometheus.yml
+    owner: prometheus
+    group: prometheus
+    mode: "0755"
+
+- name: Validate Prometheus configuration
+  ansible.builtin.shell:
+    cmd: promtool check config /etc/prometheus/prometheus.yml
+
+- name: Manage Prometheus service
+  block:
+    - name: Check if Prometheus service is already set up
+      ansible.builtin.stat:
+        path: /etc/systemd/system/prometheus.service
+      register: servicestatus
+
+    - name: Set up Prometheus service
+      ansible.builtin.template:
+        src: files/prometheus.service
+        dest: /etc/systemd/system/prometheus.service
+        mode: "0644"
+      when: not servicestatus.stat.exists
+
+    - name: Handle Prometheus service state
+      ansible.builtin.systemd:
+        name: prometheus
+        daemon_reload: yes
+        enabled: yes
+        state: "{{ 'started' if not servicestatus.stat.exists else 'restarted' }}"
+...

roles/setup_install_wireguard/defaults/main.yaml

@@ -0,0 +1,21 @@
+---
+wg_dir: /etc/wireguard
+wg_port: 51820
+wg_address: 10.10.1.1/16
+wg_hostname: "{{ inventory_hostname }}"
+wg_peers: []
+# - name: peer1
+#   allowed_ip: "10.10.0.1/16"
+#   publickey: "asdasdasdadsasdasd"
+# - name: peer2
+#   allowed_ip: "10.10.0.1/16"
+#   publickey: "000000000000000000"
+#   keepalive: 30
+# - name: peer3
+#   allowed_ip: "10.10.0.1/16"
+#   publickey: "111111111111111111"
+wg_server_ip: "{{ wg_address | ansible.utils.ipaddr('network') | ansible.utils.ipmath(1) }}"
+wg_interface_addr: "{{ ansible_default_ipv4.address | default(ansible_all_ipv4_addresses[0]) }}/{{ ansible_default_ipv4.netmask }}"
+wg_peers_allowed_ips: '{{ ([(_wg_interface_addr | ansible.utils.ipaddr(''network/prefix''))] + (wireguard_additional_routes | default([]))) | join(", ") }}'
+wg_pskkey: romeblockchainlabs
+...

roles/setup_install_wireguard/handlers/main.yaml

@@ -0,0 +1,14 @@
+# handlers/main.yaml
+---
+- name: Restart Wireguard
+  ansible.builtin.systemd:
+    name: wg-quick@wg0
+    state: restarted
+    daemon_reload: yes
+
+- name: Start Wireguard
+  ansible.builtin.systemd:
+    name: wg-quick@wg0
+    state: started
+    daemon_reload: yes
+...

roles/setup_install_wireguard/meta/main.yaml

@@ -0,0 +1,26 @@
+---
+galaxy_info:
+  author: Rotko Networks <[email protected]>
+  role_name: wireguard
+  description: Installs Wireguard with systemd integration
+  license: Apache-2.0
+  min_ansible_version: 2.5
+  platforms:
+    - name: Ubuntu
+      versions:
+        - bionic
+        - focal
+        - jammy
+    - name: Debian
+      versions:
+        - buster
+        - bullseye
+        - bookworm
+  galaxy_tags:
+    - networking
+    - security
+    - linux
+    - vpn
+    - wireguard
+  dependencies: []
+...