---
hiera_include:
  - profiles::nginx::simpleproxy

profiles::sql::postgresdb::cluster_name: "patroni-shared-%{facts.environment}"
profiles::sql::postgresdb::dbname: grafana
profiles::sql::postgresdb::dbuser: grafana
profiles::metrics::grafana::db_host: "master.%{hiera('profiles::sql::postgresdb::cluster_name')}.service.%{facts.country}-%{facts.region}.consul"
profiles::metrics::grafana::db_port: 5432
profiles::metrics::grafana::db_name: "%{hiera('profiles::sql::postgresdb::dbname')}"
profiles::metrics::grafana::db_user: "%{hiera('profiles::sql::postgresdb::dbuser')}"
profiles::metrics::grafana::db_pass: "%{hiera('profiles::sql::postgresdb::dbpass')}"
profiles::metrics::grafana::pgsql_backend: true

# additional altnames
profiles::pki::vault::alt_names:
  - grafana.unkin.net
  - grafana.service.consul
  - grafana.query.consul
  - "grafana.service.%{facts.country}-%{facts.region}.consul"

profiles::ssh::sign::principals:
  - grafana.unkin.net
  - grafana.service.consul
  - grafana.query.consul

consul::services:
  grafana:
    service_name: 'grafana'
    tags:
      - 'grafana'
    address: "%{facts.networking.ip}"
    port: 443
    checks:
      - id: 'Grafana_https_check'
        name: 'Grafana HTTPS Check'
        http: "https://%{facts.networking.fqdn}:443"
        method: 'GET'
        tls_skip_verify: true
        interval: '10s'
        timeout: '1s'
profiles::consul::client::node_rules:
  - resource: service
    segment: grafana
    disposition: write

# manage a simple nginx reverse proxy
profiles::nginx::simpleproxy::nginx_vhost: 'grafana.query.consul'
profiles::nginx::simpleproxy::nginx_aliases:
  - grafana.unkin.net
  - grafana.service.consul
  - grafana.query.consul
  - "grafana.service.%{facts.country}-%{facts.region}.consul"
profiles::nginx::simpleproxy::proxy_port: 8080
profiles::nginx::simpleproxy::proxy_path: '/'