wiseflat · wiseflat · Dec 23, 2025 · Dec 23, 2025 · Dec 23, 2025 · Dec 23, 2025
diff --git a/ansible/playbooks/paas/main.yml b/ansible/playbooks/paas/main.yml
@@ -16,10 +16,27 @@
       ansible.builtin.file:
         path: /etc/ansible/facts.d
         state: directory
-        owner: "root"
-        group: "root"
+        owner: root
+        group: root
         mode: '0755'
 
+    - name: Save Public IP as local fact
+      when: fact_instance.location == 'frontends'
+      block:
+        - name: Get ipinfo.io (if backend instance, delegate_to the first frontend)
+          ansible.builtin.uri:
+            url: https://ipinfo.io
+            http_agent: curl/7.81.0
+          register: register_uri
+          check_mode: false
+
+        - name: Set ipinfo local_fact
+          ansible.builtin.copy:
+            content: |
+              {{ register_uri.json | to_nice_json }}
+            dest: /etc/ansible/facts.d/ipinfo.fact
+            mode: '0644'
+
     - name: Install mandatories packages
       ansible.builtin.apt:
         pkg:

diff --git a/ansible/playbooks/paas/metrology.yml b/ansible/playbooks/paas/metrology.yml
@@ -42,7 +42,6 @@
         - mongodb_exporter
         - blackbox_exporter
         - nginx_exporter
-        - scan_exporter
         - dns_exporter
         - script_exporter
         - nvidia_gpu_exporter

diff --git a/ansible/playbooks/paas/roles/blackbox_exporter/templates/default.j2 b/ansible/playbooks/paas/roles/blackbox_exporter/templates/default.j2
@@ -1,2 +1,2 @@
 ARGS="--config.file=/etc/blackbox_exporter/config.yaml \
---web.listen-address=127.0.0.1:9115"
+--web.listen-address={% if hostvars[inventory_hostname].nomad_mode == 'single' %}127.0.0.1{% else %}{{ hostvars[inventory_hostname]['ansible_' + nomad_iface]['ipv4']['address'] }}{% endif %}:9115"
diff --git a/ansible/playbooks/paas/roles/dns_exporter/templates/default.j2 b/ansible/playbooks/paas/roles/dns_exporter/templates/default.j2
@@ -1 +1 @@
-ARGS="-L 127.0.0.1 -c /etc/dns_exporter/config.yml"
+ARGS="-L {% if hostvars[inventory_hostname].nomad_mode == 'single' %}127.0.0.1{% else %}{{ hostvars[inventory_hostname]['ansible_' + nomad_iface]['ipv4']['address'] }}{% endif %} -c /etc/dns_exporter/config.yml"
diff --git a/ansible/playbooks/paas/roles/node_exporter/templates/default.j2 b/ansible/playbooks/paas/roles/node_exporter/templates/default.j2
@@ -1,5 +1,5 @@
 ARGS="--log.level=info \
---web.listen-address={{ hostvars[inventory_hostname]['ansible_' + nomad_iface]['ipv4']['address'] }}:9100 \
+--web.listen-address={% if hostvars[inventory_hostname].nomad_mode == 'single' %}127.0.0.1{% else %}{{ hostvars[inventory_hostname]['ansible_' + nomad_iface]['ipv4']['address'] }}{% endif %}:9100 \
 --web.telemetry-path=/metrics \
 --collector.diskstats.ignored-devices='^(ram|loop|fd|(h|s|v|xv)d[a-z]|nbd|nvme[0-9]+n[0-9]+p|md|dm-)[0-9]+$' \
 --collector.filesystem.mount-points-exclude='^/(dev(/shm)?|proc|run(/.+)?|sys|var/tmp|(var/lib|home)/(docker|kubelet)/.+)($|/)' \

diff --git a/ansible/playbooks/paas/roles/prometheus/templates/config.j2 b/ansible/playbooks/paas/roles/prometheus/templates/config.j2
@@ -66,12 +66,19 @@ scrape_configs:
         regex: "^(__tmp_keep_me)$"
 
     static_configs:
-{% for item in groups['infrastructure'] | default([]) if item.split('.')[4] == prometheus_project  %}
+{% if hostvars[inventory_hostname].nomad_mode == 'single' %}
+      - targets: ['127.0.0.1:9100']
+        labels:
+          instance: "{{ inventory_hostname }}"
+          project: "{{ prometheus_project }}"
+{% elif hostvars[inventory_hostname].nomad_mode == 'cluster' %}
+{% for item in groups['infrastructure'] | default([]) if item.split('.')[4] == prometheus_project and item != inventory_hostname %}
       - targets: ['{{ hostvars[item]['ansible_' + hostvars[item].nomad_iface]['ipv4']['address'] }}:9100']
         labels:
           instance: "{{ item }}"
           project: "{{ prometheus_project }}"
 {% endfor %}
+{% endif %}
     scrape_interval: 60s
     scrape_timeout: 59s
 
@@ -91,7 +98,7 @@ scrape_configs:
     params:
       script: [speedtest]
     static_configs:
-      - targets: ['127.0.0.1:9469']
+      - targets: ['{% if hostvars[inventory_hostname].nomad_mode == 'single' %}127.0.0.1{% else %}{{ hostvars[inventory_hostname]['ansible_' + nomad_iface]['ipv4']['address'] }}{% endif %}:9469']
         labels:
           instance: "{{ inventory_hostname }}"
           project: "{{ prometheus_project }}"
@@ -104,7 +111,7 @@ scrape_configs:
         regex: "^(go_|prometheus_|promhttp_).*"
         source_labels: [__name__]
     static_configs:
-      - targets: ['127.0.0.1:9469']
+      - targets: ['{% if hostvars[inventory_hostname].nomad_mode == 'single' %}127.0.0.1{% else %}{{ hostvars[inventory_hostname]['ansible_' + nomad_iface]['ipv4']['address'] }}{% endif %}:9469']
         labels:
           instance: "{{ inventory_hostname }}"
           project: "{{ prometheus_project }}"
@@ -115,7 +122,7 @@ scrape_configs:
         regex: "^(go_|prometheus_|promhttp_).*"
         source_labels: [__name__]
     static_configs:
-      - targets: ['127.0.0.1:15353']
+      - targets: ['{% if hostvars[inventory_hostname].nomad_mode == 'single' %}127.0.0.1{% else %}{{ hostvars[inventory_hostname]['ansible_' + nomad_iface]['ipv4']['address'] }}{% endif %}:15353']
         labels:
           instance: "{{ inventory_hostname }}"
           project: "{{ prometheus_project }}"
@@ -135,7 +142,7 @@ scrape_configs:
       - source_labels: ["__address__"]
         target_label: "instance"
       - target_label: "__address__"
-        replacement: "127.0.0.1:15353"
+        replacement: "{% if hostvars[inventory_hostname].nomad_mode == 'single' %}127.0.0.1{% else %}{{ hostvars[inventory_hostname]['ansible_' + nomad_iface]['ipv4']['address'] }}{% endif %}:15353"
       - target_label: "monitor"
         replacement: "{{ inventory_hostname }}"
     static_configs:
@@ -150,18 +157,27 @@ scrape_configs:
         regex: "^(go_|prometheus_|promhttp_).*"
         source_labels: [__name__]
     static_configs:
+{% if hostvars[inventory_hostname].nomad_mode == 'single' %}
       - targets: ['127.0.0.1:9323']
         labels:
           instance: "{{ inventory_hostname }}"
           project: "{{ prometheus_project }}"
+{% elif hostvars[inventory_hostname].nomad_mode == 'cluster' %}
+{% for item in groups['infrastructure'] | default([]) if item.split('.')[4] == prometheus_project and item != inventory_hostname %}
+      - targets: ['{{ hostvars[item]['ansible_' + hostvars[item].nomad_iface]['ipv4']['address'] }}:9323']
+        labels:
+          instance: "{{ item }}"
+          project: "{{ prometheus_project }}"
+{% endfor %}
+{% endif %}
 
   - job_name: "scan_exporter"
     metric_relabel_configs:
       - action: drop
         regex: "^(go_|prometheus_|promhttp_).*"
         source_labels: [__name__]
     static_configs:
-      - targets: ['127.0.0.1:2112']
+      - targets: ['{% if hostvars[inventory_hostname].nomad_mode == 'single' %}127.0.0.1{% else %}{{ hostvars[inventory_hostname]['ansible_' + nomad_iface]['ipv4']['address'] }}{% endif %}:2112']
         labels:
           instance: "{{ inventory_hostname }}"
           project: "{{ prometheus_project }}"
@@ -178,13 +194,19 @@ scrape_configs:
     tls_config:
       insecure_skip_verify: true
     static_configs:
-{% for item in groups['infrastructure'] | default([]) if item.split('.')[4] == prometheus_project %}
+{% if hostvars[inventory_hostname].nomad_mode == 'single' %}
+      - targets: ['127.0.0.1:9558']
+        labels:
+          instance: "{{ inventory_hostname }}"
+          project: "{{ prometheus_project }}"
+{% elif hostvars[inventory_hostname].nomad_mode == 'cluster' %}
+{% for item in groups['infrastructure'] | default([]) if item.split('.')[4] == prometheus_project and item != inventory_hostname %}
       - targets: ['{{ hostvars[item]['ansible_' + hostvars[item].nomad_iface]['ipv4']['address'] }}:9558']
         labels:
           instance: "{{ item }}"
           project: "{{ prometheus_project }}"
 {% endfor %}
-
+{% endif %}
   - job_name: "nvidia_gpu_exporter"
     metric_relabel_configs:
       - action: drop
@@ -194,13 +216,19 @@ scrape_configs:
       format: ['prometheus']
     metrics_path: /metrics
     static_configs:
-{% for item in groups['infrastructure'] | default([]) if item.split('.')[4] == prometheus_project %}
+{% if hostvars[inventory_hostname].nomad_mode == 'single' %}
+      - targets: ['127.0.0.1:9835']
+        labels:
+          instance: "{{ inventory_hostname }}"
+          project: "{{ prometheus_project }}"
+{% elif hostvars[inventory_hostname].nomad_mode == 'cluster' %}
+{% for item in groups['infrastructure'] | default([]) if item.split('.')[4] == prometheus_project and item != inventory_hostname %}
       - targets: ['{{ hostvars[item]['ansible_' + hostvars[item].nomad_iface]['ipv4']['address'] }}:9835']
         labels:
           instance: "{{ item }}"
           project: "{{ prometheus_project }}"
 {% endfor %}
-
+{% endif %}
   - job_name: "nomad_exporter"
     metric_relabel_configs:
       - action: drop
@@ -214,13 +242,19 @@ scrape_configs:
     tls_config:
       insecure_skip_verify: true
     static_configs:
-{% for item in groups['infrastructure'] | default([]) if item.split('.')[4] == prometheus_project %}
+{% if hostvars[inventory_hostname].nomad_mode == 'single' %}
+      - targets: ['127.0.0.1:4646']
+        labels:
+          instance: "{{ inventory_hostname }}"
+          project: "{{ prometheus_project }}"
+{% elif hostvars[inventory_hostname].nomad_mode == 'cluster' %}
+{% for item in groups['infrastructure'] | default([]) if item.split('.')[4] == prometheus_project and item != inventory_hostname %}
       - targets: ['{{ hostvars[item]['ansible_' + hostvars[item].nomad_iface]['ipv4']['address'] }}:4646']
         labels:
           instance: "{{ item }}"
           project: "{{ prometheus_project }}"
 {% endfor %}
-
+{% endif %}
   - job_name: 'mimir_exporter'
     nomad_sd_configs:
       - server: "https://{{ nomad_primary_master_address | default(hostvars[inventory_hostname]['ansible_' + hostvars[inventory_hostname].nomad_iface]['ipv4']['address']) }}:4646"
@@ -246,16 +280,22 @@ scrape_configs:
     tls_config:
       insecure_skip_verify: true
     static_configs:
-{% for item in groups['infrastructure'] | default([]) if item.split('.')[4] == prometheus_project %}
+{% if hostvars[inventory_hostname].nomad_mode == 'single' %}
+      - targets: ['127.0.0.1:9080']
+        labels:
+          instance: "{{ inventory_hostname }}"
+          project: "{{ prometheus_project }}"
+{% elif hostvars[inventory_hostname].nomad_mode == 'cluster' %}
+{% for item in groups['infrastructure'] | default([]) if item.split('.')[4] == prometheus_project and item != inventory_hostname %}
       - targets: ['{{ hostvars[item]['ansible_' + hostvars[item].nomad_iface]['ipv4']['address'] }}:9080']
         labels:
           instance: "{{ item }}"
           project: "{{ prometheus_project }}"
 {% endfor %}
-
+{% endif %}
   - job_name: 'blackbox'
     static_configs:
-      - targets: ['127.0.0.1:9115']
+      - targets: ['{% if hostvars[inventory_hostname].nomad_mode == 'single' %}127.0.0.1{% else %}{{ hostvars[inventory_hostname]['ansible_' + nomad_iface]['ipv4']['address'] }}{% endif %}:9115']
         labels:
           instance: "{{ inventory_hostname }}"
           project: "{{ prometheus_project }}"

diff --git a/ansible/playbooks/paas/roles/promtail/templates/config.yaml.j2 b/ansible/playbooks/paas/roles/promtail/templates/config.yaml.j2
@@ -1,5 +1,6 @@
 server:
-  http_listen_address: {{ hostvars[inventory_hostname]['ansible_' + nomad_iface]['ipv4']['address'] }}
+  http_listen_address: {% if hostvars[inventory_hostname].nomad_mode == 'single' %}127.0.0.1{% else %}{{ hostvars[inventory_hostname]['ansible_' + nomad_iface]['ipv4']['address'] }}{% endif %}
+
   http_listen_port: 9080
   grpc_listen_port: 0
   log_level: warn

diff --git a/ansible/playbooks/paas/roles/scan_exporter/tasks/uninstall.yml b/ansible/playbooks/paas/roles/scan_exporter/tasks/uninstall.yml
@@ -0,0 +1,20 @@
+---
+- name: Scan_exporter | Stopped scan_exporter
+  ansible.builtin.service:
+    name: scan_exporter
+    state: stopped
+    enabled: false
+  ignore_errors: true
+
+- name: Scan_exporter | Remove configuration
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: absent
+  loop:
+    - path: /etc/default/scan_exporter
+    - path: /etc/scan_exporter/config.yml
+    - path: /etc/systemd/system/scan_exporter.service
+
+- name: Scan_exporter | Daemon reload
+  ansible.builtin.systemd_service:
+    daemon_reload: true
diff --git a/ansible/playbooks/paas/roles/scan_exporter/templates/config.yml.j2 b/ansible/playbooks/paas/roles/scan_exporter/templates/config.yml.j2
@@ -10,7 +10,7 @@ tcp_period: 6h
 targets: []
 {% else %}
 targets:
-{% for host in groups['infrastructure'] if (fact_instance.location in ['frontends', 'frontends_vrack'] and host != inventory_hostname) %}
+{% for host in groups['infrastructure'] if (host.split(".")[1] == 'frontends' and host != inventory_hostname) %}
   - name: "{{ host }}"
     ip: "{{ hostvars[host].ansible_local.ipinfo.ip }}"
     queries_per_sec: 500

diff --git a/ansible/playbooks/paas/roles/scan_exporter/templates/default.j2 b/ansible/playbooks/paas/roles/scan_exporter/templates/default.j2
@@ -1 +1 @@
-ARGS="-metric.addr 127.0.0.1:2112 -config /etc/scan_exporter/config.yml"
+ARGS="-metric.addr {% if hostvars[inventory_hostname].nomad_mode == 'single' %}127.0.0.1{% else %}{{ hostvars[inventory_hostname]['ansible_' + nomad_iface]['ipv4']['address'] }}{% endif %}:2112 -config /etc/scan_exporter/config.yml"
diff --git a/ansible/playbooks/paas/roles/script_exporter/templates/default.j2 b/ansible/playbooks/paas/roles/script_exporter/templates/default.j2
@@ -1 +1 @@
-ARGS="--config.files=/etc/script_exporter/config.yml"
+ARGS="--config.files=/etc/script_exporter/config.yml --web.listen-address={% if hostvars[inventory_hostname].nomad_mode == 'single' %}127.0.0.1{% else %}{{ hostvars[inventory_hostname]['ansible_' + nomad_iface]['ipv4']['address'] }}{% endif %}:9469"
diff --git a/ansible/playbooks/paas/roles/systemd_exporter/templates/default.j2 b/ansible/playbooks/paas/roles/systemd_exporter/templates/default.j2
@@ -1,2 +1,2 @@
-ARGS="--web.listen-address={{ hostvars[inventory_hostname]['ansible_' + nomad_iface]['ipv4']['address'] }}:9558 \
+ARGS="--web.listen-address={% if hostvars[inventory_hostname].nomad_mode == 'single' %}127.0.0.1{% else %}{{ hostvars[inventory_hostname]['ansible_' + nomad_iface]['ipv4']['address'] }}{% endif %}:9558 \
 --systemd.collector.unit-include=docker.service|promtail.service|coredns.service|prometheus.service|blackbox_exporter.service|node_exporter.service|scan_exporter.service"
diff --git a/ansible/playbooks/paas/scan_exporter.yml b/ansible/playbooks/paas/scan_exporter.yml
@@ -0,0 +1,10 @@
+---
+- name: Uninstall scan_exporter
+  any_errors_fatal: true
+  hosts: "{{ hosts_limit | default('infrastructure') }}"
+  gather_facts: true
+  become: true
+  pre_tasks:
+    - name: Uninstall scan_exporter
+      ansible.builtin.include_role:
+        name: scan_exporter
diff --git a/ansible/playbooks/saas/image.yml b/ansible/playbooks/saas/image.yml
@@ -69,6 +69,7 @@
           schema: catalogs_create
           data:
             name: "{{ image_definition.name }}"
+            forkable: "{{ image_definition.forkable | default(false) }}"
             version: "{{ image_version }}"
         force_basic_auth: true
         status_code: 200

diff --git a/ansible/playbooks/saas/mimirtools.yml b/ansible/playbooks/saas/mimirtools.yml
@@ -23,6 +23,10 @@
         state: directory
         mode: '0755'
 
+    - name: Get alertmanager configuration
+      set_fact:
+        alertmanager: "{{ lookup('simple-stack-ui', type='secret', key=endpoint, subkey='alertmanager', missing='warn') | from_json }}"
+
   tasks:
     - name: Deploy configuration
       ansible.builtin.include_role:

diff --git a/ansible/playbooks/saas/operate.yml b/ansible/playbooks/saas/operate.yml
@@ -7,6 +7,9 @@
     - name: catalog
       prompt: Catalog item
       private: false
+    - name: project
+      prompt: project name
+      private: false
     - name: domain
       prompt: Domain name
       private: false

diff --git a/ansible/playbooks/saas/roles/adguard/templates/nomad.hcl b/ansible/playbooks/saas/roles/adguard/templates/nomad.hcl
@@ -45,7 +45,7 @@ job "{{ domain }}" {
       driver = "docker"
 
       config {
-        image = "{{ software }}:{{ softwares.adguard.version }}"
+        image = "{{ docker_private_registry.url }}/adguard:{{ softwares.adguard.version }}"
         network_mode = "host"
         privileged = "true"
         volumes = [

diff --git a/ansible/playbooks/saas/roles/freqtrade/README.md b/ansible/playbooks/saas/roles/freqtrade/README.md
@@ -0,0 +1,21 @@
+# Role: `freqtrade`
+
+## How to use this Ansible role?
+
+1. Create your private user_data repository
+
+2. Configure your software variable on UI
+
+```
+strategy: MyCustomStrategy
+config: myconfig
+```
+
+3. Configure your secret yaml configuration 
+
+```
+git_user_data:
+  repo: http://mydomain.com/muser/myrepo.git
+  version: latest
+  token: s3cret!
+```
diff --git a/ansible/playbooks/saas/roles/freqtrade/defaults/main.yml b/ansible/playbooks/saas/roles/freqtrade/defaults/main.yml
@@ -0,0 +1 @@
+---
diff --git a/ansible/playbooks/saas/roles/freqtrade/tasks/backup.yml b/ansible/playbooks/saas/roles/freqtrade/tasks/backup.yml
@@ -0,0 +1 @@
+---
diff --git a/ansible/playbooks/saas/roles/freqtrade/tasks/build.yml b/ansible/playbooks/saas/roles/freqtrade/tasks/build.yml
@@ -0,0 +1,12 @@
+---
+- name: Include upstream variables
+  ansible.builtin.include_vars: upstream.yml
+
+- name: Set custom variables
+  ansible.builtin.set_fact:
+    image_version: "{{ latest_version }}"
+    image_definition: "{{ image }}"
+
+- name: End playbook if no new version
+  ansible.builtin.meta: end_host
+  when: softwares[catalog_image_name] is defined and softwares[catalog_image_name].version == image_version
diff --git a/ansible/playbooks/saas/roles/freqtrade/tasks/destroy.yml b/ansible/playbooks/saas/roles/freqtrade/tasks/destroy.yml
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		ARGS="-L 127.0.0.1 -c /etc/dns_exporter/config.yml"
		ARGS="-L {% if hostvars[inventory_hostname].nomad_mode == 'single' %}127.0.0.1{% else %}{{ hostvars[inventory_hostname]['ansible_' + nomad_iface]['ipv4']['address'] }}{% endif %} -c /etc/dns_exporter/config.yml"
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		ARGS="-metric.addr 127.0.0.1:2112 -config /etc/scan_exporter/config.yml"
		ARGS="-metric.addr {% if hostvars[inventory_hostname].nomad_mode == 'single' %}127.0.0.1{% else %}{{ hostvars[inventory_hostname]['ansible_' + nomad_iface]['ipv4']['address'] }}{% endif %}:2112 -config /etc/scan_exporter/config.yml"
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		ARGS="--config.files=/etc/script_exporter/config.yml"
		ARGS="--config.files=/etc/script_exporter/config.yml --web.listen-address={% if hostvars[inventory_hostname].nomad_mode == 'single' %}127.0.0.1{% else %}{{ hostvars[inventory_hostname]['ansible_' + nomad_iface]['ipv4']['address'] }}{% endif %}:9469"