hosts: all
  roles:
    - iptables # Not required but recommended (only allow ports 22,80,443)
    - caddy
    - oauthproxy
    - prometheus
    - grafana
  vars:
    caddy_site_address: "https://monitoring.example.com"

    oauthproxy_config: "{{ playbook_dir }}/files/oauthproxy/oauth2-proxy.cfg"

    prometheus_config: "{{ playbook_dir }}/files/prometheus/prometheus.yml"
    prometheus_web_external_url: "https://monitoring.example.com/prometheus/"

    install_blackbox_exporter: true
    install_alertmanager: true

    # Note: if alertmanager has a path prefix (as in this example,
    # "/alertmanager"), it needs to be set accordingly in the Prometheus
    # config file.
    alertmanager_web_external_url: "https://monitoring.example.com/alertmanager/"
    alertmanager_rules_config: "{{ playbook_dir }}/files/prometheus/alert_rules.yml"
    alertmanager_config: "{{ playbook_dir }}/files/prometheus/alertmanager.yml"

    grafana_web_external_url: "https://monitoring.example.com/grafana/"
    grafana_admin_user: "demo"
    grafana_dashboards_dir: "{{ playbook_dir }}/files/grafana/dashboards"

http_address = "127.0.0.1:4180"

upstreams = [
  "file:///var/lib/oauthproxy/www-index/#/",
  "http://127.0.0.1:9090/prometheus/",
  "http://127.0.0.1:3000/grafana/",
  "http://127.0.0.1:9093/alertmanager/",
]

email_domains = "*"

pass_user_headers = "true"

# See https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/oauth_provider
# for a list of supported providers and config options
provider = "github"

client_id = "aaa"
client_secret = "bbb"

github_org = "ccc"

# Make sure to create and set a cookie secret
# python -c 'import os,base64; print(base64.urlsafe_b64encode(os.urandom(32)).decode())'
cookie_secret = ""
cookie_secure = "true"

# The OAuth2 Proxy default is "168h0m0s", you might want to reduce the
# cookie lifetime
cookie_expire = "24h0m0s"

# https://github.com/oauth2-proxy/oauth2-proxy/issues/1724
scope = "user:email"