# since this host likely has access to sensitive networks,
# restrict the destinations where monitoring daemons can connect
- name: Set up outbound firewall rules
  copy:
    dest: "/etc/nftables.d/{{ item }}.nft"
    src: "{{ item }}.nft"
  loop:
    - prometheus
    - telegraf
  notify: reload nftables

- name: Configure telegraf to expose SNMP data as prometheus metrics
  template:
    dest: "/etc/telegraf.conf.d/{{ item }}.conf"
    src: "{{ item }}.conf.j2"
  loop:
    - output
    - snmp
  notify: restart telegraf

- name: Configure prometheus to pull SNMP data
  copy:
    dest: "/etc/prometheus/conf.d/snmp.yml"
    src: "prometheus-snmp.yml"
  notify: reload prometheus

- name: Configure prometheus to pull custom data
  template:
    dest: "/etc/prometheus/conf.d/{{ item.name }}.yml"
    src: "prometheus-job.yml.j2"
  loop: "{{ prometheus_hosts }}"
  loop_control:
    label: "{{ item.name }}"
  notify: reload prometheus