aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--roles/kibana-nginx/README.md3
-rw-r--r--roles/kibana-nginx/meta/main.yml4
-rw-r--r--roles/kibana-nginx/tasks/main.yml26
-rw-r--r--roles/kibana/README.md3
-rw-r--r--roles/kibana/tasks/main.yml53
-rw-r--r--roles/kibana/vars/main/vars.yml3
-rw-r--r--roles/kibana/vars/main/vault.yml8
7 files changed, 100 insertions, 0 deletions
diff --git a/roles/kibana-nginx/README.md b/roles/kibana-nginx/README.md
new file mode 100644
index 0000000..23f8ffc
--- /dev/null
+++ b/roles/kibana-nginx/README.md
@@ -0,0 +1,3 @@
+# Role "kibana-nginx"
+
+This role installs the configuration for NGINX reverse proxying to Kibana.
diff --git a/roles/kibana-nginx/meta/main.yml b/roles/kibana-nginx/meta/main.yml
new file mode 100644
index 0000000..fe0bcd5
--- /dev/null
+++ b/roles/kibana-nginx/meta/main.yml
@@ -0,0 +1,4 @@
+---
+dependencies:
+ - nginx
+ - nginx-cloudflare-mtls
diff --git a/roles/kibana-nginx/tasks/main.yml b/roles/kibana-nginx/tasks/main.yml
new file mode 100644
index 0000000..ae34b94
--- /dev/null
+++ b/roles/kibana-nginx/tasks/main.yml
@@ -0,0 +1,26 @@
+- name: Install Kibana NGINX config
+ copy:
+ dest: /etc/nginx/sites-enabled/kibana
+ mode: 0644
+ group: root
+ owner: root
+ content: |
+ # Managed by Ansible
+ server {
+ listen 443 ssl http2;
+ server_name kibana.pydis.wtf;
+
+ ssl_certificate /etc/letsencrypt/live/pydis.wtf/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/pydis.wtf/privkey.pem;
+ ssl_client_certificate {{ nginx_cloudflare_mtls_certificate_path }};
+ ssl_verify_client on;
+
+ location / {
+ include proxy_params;
+ proxy_pass http://localhost:5601;
+ }
+ }
+ notify:
+ - reload the nginx service
+ tags:
+ - role::kibana-nginx
diff --git a/roles/kibana/README.md b/roles/kibana/README.md
new file mode 100644
index 0000000..b3f1188
--- /dev/null
+++ b/roles/kibana/README.md
@@ -0,0 +1,3 @@
+# Role "kibana"
+
+The Kibana role deploys Kibana, a visualisation software for Elasticsearch.
diff --git a/roles/kibana/tasks/main.yml b/roles/kibana/tasks/main.yml
new file mode 100644
index 0000000..1d89194
--- /dev/null
+++ b/roles/kibana/tasks/main.yml
@@ -0,0 +1,53 @@
+---
+- name: Install GPG
+ package:
+ name: gpg
+ state: present
+ tags:
+ - role::kibana
+
+- name: Install Elasticsearch signing key
+ shell: >-
+ wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch |
+ gpg --yes --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg
+ args:
+ creates: /usr/share/keyrings/elasticsearch-keyring.gpg
+ tags:
+ - role::kibana
+
+- name: Add Elasticsearch repository to apt
+ copy:
+ content: >-
+ deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg]
+ https://artifacts.elastic.co/packages/8.x/apt stable main
+ dest: /etc/apt/sources.list.d/elastic-8.x.list
+ owner: root
+ group: root
+ mode: 0644
+ tags:
+ - role::kibana
+ register: add_kibana_repo
+
+- name: Install Kibana
+ apt:
+ pkg: kibana
+ state: present
+ update_cache: "{{ add_kibana_repo.changed }}"
+ tags:
+ - role::kibana
+
+- name: Configure Kibana base URL
+ lineinfile:
+ path: /etc/kibana/kibana.yml
+ state: present
+ line: "server.publicBaseUrl: {{ kibana_public_url }}"
+ tags:
+ - role::kibana
+
+- name: Start and enable Kibana
+ service:
+ name: kibana
+ state: started
+ enabled: true
+ tags:
+ - role::kibana
diff --git a/roles/kibana/vars/main/vars.yml b/roles/kibana/vars/main/vars.yml
new file mode 100644
index 0000000..6c91ac0
--- /dev/null
+++ b/roles/kibana/vars/main/vars.yml
@@ -0,0 +1,3 @@
+kibana_elastic_username: "pydis"
+kibana_elastic_password: "{{ encrypted_kibana_elastic_password }}"
+kibana_public_url: "https://kibana.pydis.wtf"
diff --git a/roles/kibana/vars/main/vault.yml b/roles/kibana/vars/main/vault.yml
new file mode 100644
index 0000000..cc3f7ef
--- /dev/null
+++ b/roles/kibana/vars/main/vault.yml
@@ -0,0 +1,8 @@
+$ANSIBLE_VAULT;1.1;AES256
+39393931323735373539653161363535623031303435633030353239643464303066333536623161
+3537666562346136646663393066323137663034373866610a316331353166366135383164656535
+39323866336534383730383436303863643963353333383933356634336466636337663766393639
+6330313161633865310a396564343161626236366639616635333537613639663464356265333333
+62643932343962653236396430383139333333316132623362626239346662393131396332393136
+62633934303531373139303530653236323136646537303035653061386539613839346365316332
+323334663539356430326131373335623861
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-31 11:19:32 +0000