add mSSL support for the prometheus server

roles/prometheus-node-exporter/tasks/main.yml

@@ -37,7 +37,7 @@
     group: prometheus
     key_mode: u=rw,g=,o=
     subject_alt_name: "IP:{{ lan_address }}"
-  notify: Restart prometheus-node-exporter
+# Need an equivalent to notify here
 
 - name: Copy the CA cert
   copy:

roles/prometheus/tasks/main.yml

@@ -19,6 +19,24 @@
     owner: prometheus
     mode: u=rwx,g=rx,o=rx
 
+- name: Generate certificate
+  include_role:
+    name: generate-cert
+  vars:
+    directory: /etc/prometheus/
+    cname: "prometheus-{{ lan_address }}"
+    owner: prometheus
+    group: prometheus
+    key_mode: u=rw,g=,o=
+    subject_alt_name: "IP:{{ lan_address }}"
+# Need an equivalent to notify here
+
+- name: Copy the CA cert
+  copy:
+    content: "{{ ca_cert }}"
+    dest: /etc/prometheus/ca.crt
+  notify: Restart prometheus
+
 - name: Setup the prometheus config
   template:
     src: prometheus.yml

roles/prometheus/templates/prometheus.yml

@@ -45,3 +45,8 @@ scrape_configs:
       - source_labels: [__param_target]
         target_label: __address__
         replacement: '$1:9100'
+    scheme: https
+    tls_config:
+      ca_file: '/etc/prometheus/ca.crt'
+      cert_file: '/etc/prometheus/prometheus-{{ lan_address }}.crt'
+      key_file: '/etc/prometheus/prometheus-{{ lan_address }}.key'