From c25dfa6210076d0d783b63bea6f71e26d98e0e57 Mon Sep 17 00:00:00 2001
From: s3lph <account-gitlab-ideynizv@kernelpanic.lol>
Date: Sat, 9 Oct 2021 03:17:05 +0200
Subject: [PATCH] Remove hardcoded blackbox module definitions

---
 roles/prometheus/tasks/blackbox.yml           |  11 +
 roles/prometheus/templates/blackbox.yml       | 220 +-----------------
 roles/prometheus/templates/prometheus-job.yml |   2 +-
 3 files changed, 16 insertions(+), 217 deletions(-)

diff --git a/roles/prometheus/tasks/blackbox.yml b/roles/prometheus/tasks/blackbox.yml
index 563ed51..adb4bad 100644
--- a/roles/prometheus/tasks/blackbox.yml
+++ b/roles/prometheus/tasks/blackbox.yml
@@ -1,5 +1,14 @@
 ---
 
+- name: initialize list of blackbox modules
+  set_fact:
+    _blackbox_modules: []
+
+- name: build list of blackbox modules
+  set_fact:
+    _blackbox_modules: "{{ _blackbox_modules.update(item) }}"
+  loop: "{{ hostvars[inventory_hostname] | dict2items | selectattr('key', 'match', '^prometheus_job_.+$') | map(attribute='value') | map(attribute='blackbox') | map(attribute='modules') | filter('present') | dict }}"
+
 - name: render blackbox exporter configuration
   template:
     src: blackbox.yml
@@ -7,4 +16,6 @@
     owner: root
     group: root
     mode: 0644
+  vars:
+    blackbox_modules: "{{ _blackbox_modules }}"
   notify: restart blackbox exporter
diff --git a/roles/prometheus/templates/blackbox.yml b/roles/prometheus/templates/blackbox.yml
index d53df08..cd06e39 100644
--- a/roles/prometheus/templates/blackbox.yml
+++ b/roles/prometheus/templates/blackbox.yml
@@ -2,221 +2,9 @@
 {{ ansible_managed | comment }}
 
 modules:
+{% for module in blackbox_modules | dict2items %}
 
-  http_2xx:
-    prober: http
-    http:
-      valid_status_codes:
-      - 200
-      - 204  # No content is ok, often returned by some APIs
-      {% if blackbox_prefer_ipv4 -%}
-      preferred_ip_protocol: ip4
-      {% endif -%}
-      tls_config:
-        insecure_skip_verify: true
+  {{ module.key }}:
+    {{ module.value | indent(4) }}
 
-  # A simple ICMP probe, used for network equipment, such as switches
-  icmp:
-    prober: icmp
-
-  # Check that the address returns a 401 Unautorized when queried without user credentials
-  http_auth_required:
-    prober: http
-    http:
-      valid_status_codes:
-      - 401
-      {% if blackbox_prefer_ipv4 -%}
-      preferred_ip_protocol: ip4
-      {% endif -%}
-      tls_config:
-        insecure_skip_verify: true
-
-  http_modified:
-    prober: http
-    http:
-      valid_status_codes:
-      - 200
-      {% if blackbox_prefer_ipv4 -%}
-      preferred_ip_protocol: ip4
-      {% endif -%}
-      tls_config:
-        insecure_skip_verify: true
-
-  ssh:
-    prober: tcp
-    timeout: 2s
-    tcp:
-      {% if blackbox_prefer_ipv4 -%}
-      preferred_ip_protocol: ip4
-      {% endif -%}
-      query_response:
-        - expect: "^SSH-2.0.*"
-
-  tls:
-    prober: tcp
-    timeout: 2s
-    tcp:
-      {% if blackbox_prefer_ipv4 -%}
-      preferred_ip_protocol: ip4
-      {% endif -%}
-      tls: true
-
-  znc:
-    prober: tcp
-    timeout: 2s
-    tcp:
-      {% if blackbox_prefer_ipv4 -%}
-      preferred_ip_protocol: ip4
-      {% endif -%}
-      tls: true
-      query_response:
-        - send: "PASS :{{ blackbox_znc_pass }}\r\n"
-        - send: "NICK {{ blackbox_znc_nick }}\r\n"
-        - send: "USER {{ blackbox_znc_nick }} * * :{{ blackbox_znc_fullname }}\r\n"
-        - expect: "^:.* 464 {{ blackbox_znc_nick }} :.*$"
-
-  irc:
-    prober: tcp
-    timeout: 2s
-    tcp:
-      {% if blackbox_prefer_ipv4 -%}
-      preferred_ip_protocol: ip4
-      {% endif -%}
-      query_response:
-        - send: "NICK {{ blackbox_irc_nick }}\r\n"
-        - send: "USER {{ blackbox_irc_nick }} * * :{{ blackbox_irc_fullname }}\r\n"
-        - expect: "^:.* {{ blackbox_irc_nick }} :.*$"
-
-  ircs:
-    prober: tcp
-    timeout: 2s
-    tcp:
-      {% if blackbox_prefer_ipv4 -%}
-      preferred_ip_protocol: ip4
-      {% endif -%}
-      tls: true
-      {% if blackbox_ircs_tlsname is defined -%}
-      tls_config:
-        server_name: "{{ blackbox_ircs_tlsname }}"
-      {% endif -%}
-      query_response:
-        - send: "NICK {{ blackbox_ircs_nick }}\r\n"
-        - send: "USER {{ blackbox_ircs_nick }} * * :{{ blackbox_ircs_fullname }}\r\n"
-        - expect: "^:.* {{ blackbox_ircs_nick }} :.*$"
-
-  smtp:
-    prober: tcp
-    timeout: 2s
-    tcp:
-      {% if blackbox_prefer_ipv4 -%}
-      preferred_ip_protocol: ip4
-      {% endif -%}
-      query_response:
-        - expect: "^220 .*SMTP .*$"
-        - send: "HELO {{ blackbox_smtp_name }}"
-        - expect: "^250 .*$"
-        - send: "QUIT"
-
-  smtp_starttls:
-    prober: tcp
-    timeout: 2s
-    tcp:
-      {% if blackbox_prefer_ipv4 -%}
-      preferred_ip_protocol: ip4
-      {% endif -%}
-      query_response:
-        - expect: "^220 .*SMTP .*$"
-        - send: "STARTTLS"
-        - expect: "^220.*TLS.*"
-        - starttls: true
-        - send: "HELO {{ blackbox_smtp_name }}"
-        - expect: "^250 .*$"
-        - send: "QUIT"
-
-  smtps:
-    prober: tcp
-    timeout: 2s
-    tcp:
-      {% if blackbox_prefer_ipv4 -%}
-      preferred_ip_protocol: ip4
-      {% endif -%}
-      tls: true
-      query_response:
-        - expect: "^220 .*SMTP .*$"
-        - send: "HELO {{ blackbox_smtp_name }}"
-        - expect: "^250 .*$"
-        - send: "QUIT"
-
-  imap:
-    prober: tcp
-    timeout: 2s
-    tcp:
-      {% if blackbox_prefer_ipv4 -%}
-      preferred_ip_protocol: ip4
-      {% endif -%}
-      query_response:
-        - expect: "^\\* OK .*$"
-
-  imaps:
-    prober: tcp
-    timeout: 2s
-    tcp:
-      {% if blackbox_prefer_ipv4 -%}
-      preferred_ip_protocol: ip4
-      {% endif -%}
-      tls: true
-      query_response:
-        - expect: "^\\* OK .*$"
-
-  managesieve:
-    prober: tcp
-    timeout: 2s
-    tcp:
-      {% if blackbox_prefer_ipv4 -%}
-      preferred_ip_protocol: ip4
-      {% endif -%}
-      query_response:
-        - expect: ".*SIEVE*"
-        - expect: "^OK .*$"
-
-  managesieve_starttls:
-    prober: tcp
-    timeout: 2s
-    tcp:
-      {% if blackbox_prefer_ipv4 -%}
-      preferred_ip_protocol: ip4
-      {% endif -%}
-      query_response:
-        - expect: ".*SIEVE*"
-        - expect: "^OK .*$"
-        - send: "STARTTLS"
-        - expect: "^OK .*TLS.*$"
-        - starttls: yes
-        - expect: "^OK .*TLS.*$"
-
-  nextcloud_installed:
-    prober: http
-    http:
-      valid_status_codes:
-      - 200
-      {% if blackbox_prefer_ipv4 -%}
-      preferred_ip_protocol: ip4
-      {% endif -%}
-      tls_config:
-        insecure_skip_verify: true
-      fail_if_body_not_matches_regexp:
-        - "\"installed\":true"
-
-  nextcloud_maintenance:
-    prober: http
-    http:
-      valid_status_codes:
-      - 200
-      {% if blackbox_prefer_ipv4 -%}
-      preferred_ip_protocol: ip4
-      {% endif -%}
-      tls_config:
-        insecure_skip_verify: true
-      fail_if_body_not_matches_regexp:
-        - "\"maintenance\":false"
-        - "\"needsDbUpgrade\":false"
+{% endfor %}
diff --git a/roles/prometheus/templates/prometheus-job.yml b/roles/prometheus/templates/prometheus-job.yml
index db894a8..13c27f6 100644
--- a/roles/prometheus/templates/prometheus-job.yml
+++ b/roles/prometheus/templates/prometheus-job.yml
@@ -16,7 +16,7 @@
       replacement: localhost:9115
   params:
     module:
-      {% for module in job.blackbox.modules -%}
+      {% for module in job.blackbox.modules.keys() -%}
       - {{ module }}
       {%- endfor %}
   {% endif %}