resize lotus-land-story, tweak ufw

lotus-land-story/main.yml

@@ -95,13 +95,32 @@
           GRANT SELECT ON prometheus.pg_stat_activity TO prometheus;
       when: "'prometheus' not in postgres_info.roles"
 
-- import_playbook: golink.yml     # noqa: name[play]
+- import_playbook: golink.yml      # noqa: name[play]
-- import_playbook: grafana.yml    # noqa: name[play]
+- import_playbook: grafana.yml     # noqa: name[play]
-- import_playbook: loki.yml       # noqa: name[play]
+- import_playbook: loki.yml        # noqa: name[play]
-- import_playbook: miniflux.yml   # noqa: name[play]
+- import_playbook: miniflux.yml    # noqa: name[play]
-- import_playbook: woodpecker.yml # noqa: name[play]
+- import_playbook: woodpecker.yml  # noqa: name[play]
 - import_playbook: firefly-iii.yml # noqa: name[play]
 
-- import_playbook: caddy.yml      # noqa: name[play]
+- import_playbook: caddy.yml       # noqa: name[play]
+
+- name: Set up ufw
+  hosts: lotus-land-story
+  tasks:
+
+    - name: Get docker network for ufw
+      community.docker.docker_network:
+        name: lotus_land_story
+      register: docker_network
+
+    - name: Allow access from docker network
+      community.general.ufw:
+        rule: allow
+        from_ip: "{{ docker_network.network.IPAM.Config[0].Subnet }}"
+      notify: Reload ufw
+
+  handlers:
+    - name: Import restarts
+      ansible.builtin.import_tasks: restarts.yml
 
 # vim: ft=yaml.ansible

lotus-land-story/postgres.yml

@@ -33,28 +33,12 @@
         from_ip: 127.0.0.1
       notify: Reload ufw
 
-    - name: Allow access from docker
-      notify: Reload ufw
-      block:
-
-        - name: Get docker network
-          community.docker.docker_network:
-            name: lotus_land_story
-          register: docker_network
-        - name: Allow access from docker network
-          community.general.ufw:
-            rule: allow
-            port: 5432
-            proto: tcp
-            from_ip: "{{ docker_network.network.IPAM.Config[0].Subnet }}"
-          notify: Reload ufw
-
     # https://pgtune.leopard.in.ua/
     #   DB Version: 15
     #   OS Type: linux
     #   DB Type: web
-    #   Total Memory (RAM): 2 GB
+    #   Total Memory (RAM): 4 GB
-    #   CPUs num: 1
+    #   CPUs num: 2
     #   Data Storage: ssd
     - name: Tune postgres
       ansible.builtin.lineinfile:
@@ -66,15 +50,15 @@
       vars:
         configs:
           max_connections: 200
-          shared_buffers: 512MB
+          shared_buffers: 1GB
-          effective_cache_size: 1536MB
+          effective_cache_size: 3GB
-          maintenance_work_mem: 128MB
+          maintenance_work_mem: 256MB
           checkpoint_completion_target: 0.9
           wal_buffers: 16MB
           default_statistics_target: 100
           random_page_cost: 1.1
           effective_io_concurrency: 200
-          work_mem: 1310kB
+          work_mem: 2621kB
           min_wal_size: 1GB
           max_wal_size: 4GB
       notify: Restart postgres

lotus-land-story/prometheus.yml

@@ -61,6 +61,7 @@
         command:
           - --config.file=/etc/prometheus/prometheus.yml
           - --storage.tsdb.retention.size=5GB
+          - --log.format=json
         restart: true
         user: "{{ prometheus_user.uid }}"
         groups: "{{ prometheus_user.group }}"

lotus-land-story/templates/prometheus.yml

@@ -42,7 +42,12 @@ scrape_configs:
     static_configs:
       - targets: ['woodpecker-server:8000']
 
-  - job_name: linode
+  # - job_name: linode
-    linode_sd_configs:
+  #   linode_sd_configs:
-      - authorization:
+  #     - authorization:
-          credentials: {{ prometheus.linode_api_token }}
+  #         credentials: {{ prometheus.linode_api_token }}
+  #   relabel_configs:
+  #     # Use the public IPv6 address and port 9100 to scrape the target.
+  #     - source_labels: [__meta_linode_public_ipv6]
+  #       target_label: __address__
+  #       replacement: "[$1]:9100"