#!/bin/bash

# First argument: Client identifier

KEY_DIR=~/openvpn-ca/keys
OUTPUT_DIR=~/client-configs/files
BASE_CONFIG=~/client-configs/base.conf

cat ${BASE_CONFIG} \
    <(echo -e '<ca>') \
    ${KEY_DIR}/ca.crt \
    <(echo -e '</ca>\n<cert>') \
    ${KEY_DIR}/${1}.crt \
    <(echo -e '</cert>\n<key>') \
    ${KEY_DIR}/${1}.key \
    <(echo -e '</key>\n<tls-auth>') \
    ${KEY_DIR}/ta.key \
    <(echo -e '</tls-auth>') \
    > ${OUTPUT_DIR}/${1}.ovpn

global:
  scrape_interval: 10s
  scrape_timeout: 10s
remote_write:
  - queue_config:
      max_samples_per_send: 10000
      max_shards: 30
    url: {{ remote_write_url }}

rule_files:
{% for rulefile in (lookup('fileglob', '*.rules')).split(',') %}
- /etc/prometheus/{{ rulefile | basename }}
{% endfor %}

alerting:
 alertmanagers:
   - static_configs:
     - targets:
{% for host in groups[alertmanager_group] %}
       - {{ hostvars[host]['ansible_default_ipv4']['address'] }}:9093
{% endfor %}

{% set service_list=[] %}
{%- for k,v in consul_services.json.items() %}
{{ service_list.append(v.Service) }}
{%- endfor %}
scrape_configs:
{% for service in service_list | unique %}
- job_name: {{ service }}
  consul_sd_configs:
{% for tag in ['env1','env2','env3'] %}
  - server: {{ consul_url | replace("http://", "") }}
    tags: [ {{ tag }} ]
    services: [ {{ service }} ]
{% endfor %}
{% endfor %}

- name: Fetch consul services
  uri:
    url: "{{ consul_url }}/v1/agent/services?filter=prometheus+in+Tags"
    body: json
  register: consul_services
  changed_when: false
  check_mode: no

A consistent developer workflow to build, deploy, and release applications across any platform.

Simple and secure remote access — to any system anywhere based on trusted identity.

receivers:
- name: deadmansswitch
  webhook_configs:
  - url: https://api.opsgenie.com/v2/heartbeats/${name}/ping
    send_resolved: true
    http_config:
      basic_auth:
        password: ${opsgenie_api_key}
route:
  group_by:
  - job
  group_interval: 5m
  group_wait: 10s
  receiver: default
  repeat_interval: 1m
  routes:
  - receiver: deadmansswitch
    match:
      severity: DeadMansSwitch
    repeat_interval: 1m

...
rule_files:
- /etc/prometheus/prometheus.rules 
...

groups:
- name: prometheus.alerts.rules
  rules: 
  - alert: PrometheusAlertmanagerE2eDeadManSwitch
    expr: vector(1)
    for: 5m
    labels:
      severity: DeadMansSwitch
    annotations:
      summary: "Prometheus AlertManager E2E dead man switch (instance {{ $labels.instance }})"
      description: "Prometheus DeadManSwitch is an always-firing alert. It's used as an end-to-end test of Prometheus through the Alertmanager.\n  VALUE = {{ $value }}\n  LABELS: {{ $labels }}"