From 894a7e23eed7432d9a35dfb75e8f671a75da0661 Mon Sep 17 00:00:00 2001
From: Jean-Marie Mineau <jean-marie.mineau@protonmail.com>
Date: Fri, 24 Sep 2021 22:44:10 +0200
Subject: [PATCH] add mSSL auth for prometheus serveur

---
 roles/prometheus/tasks/main.yml            | 13 ++++++++++++-
 roles/prometheus/templates/web-config.yaml |  7 +++++++
 2 files changed, 19 insertions(+), 1 deletion(-)
 create mode 100644 roles/prometheus/templates/web-config.yaml

diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml
index 9f252f7..41e95fe 100644
--- a/roles/prometheus/tasks/main.yml
+++ b/roles/prometheus/tasks/main.yml
@@ -58,6 +58,15 @@
   notify: Restart prometheus
   no_log: true
 
+- name: Copy the web-config folder
+  template:
+    src: web-config.yaml
+    dest: /etc/prometheus/web-config.yaml
+    group: prometheus
+    owner: prometheus
+    mode: u=rw,g=r,o=r
+  notify: Restart prometheus
+
 - name: Setup the arguments for prometheus
   template:
     src: prometheus
@@ -69,4 +78,6 @@
   vars:
     args:
       - name: web.listen-address
-        value: "{{ lan_address }}:9090"
+       value: "{{ lan_address }}:9090"
+      - name: web.config
+        value: /etc/prometheus/web-config.yaml
diff --git a/roles/prometheus/templates/web-config.yaml b/roles/prometheus/templates/web-config.yaml
new file mode 100644
index 0000000..15147f6
--- /dev/null
+++ b/roles/prometheus/templates/web-config.yaml
@@ -0,0 +1,7 @@
+{{ ansible_managed | comment }}
+
+tls_server_config:
+  cert_file: "/etc/prometheus/prometheus-{{ lan_address }}.crt"
+  key_file: "/etc/prometheus/prometheus-{{ lan_address }}.key"
+  client_auth_type: "RequireAndVerifyClientCert"
+  client_ca_file: "/etc/prometheus/ca.crt"