diff --git a/intern/docker_grafana/tasks/main.yml b/intern/docker_grafana/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..8cd9271047cf0245d689d7cce10427edd3d62ad0
--- /dev/null
+++ b/intern/docker_grafana/tasks/main.yml
@@ -0,0 +1,28 @@
+
+
+- include_tasks: ../functions/get_secret.yml
+ with_items:
+ - { path: "{{ basedir }}/grafana_admin_pass", length: 12 }
+ - { path: "/srv/mqtt/influxdb_token", length: -1 }
+
+- name: create folder struct for grafana
+ file:
+ path: "{{ item }}"
+ state: "directory"
+ with_items:
+ - "{{ basedir }}"
+ - "{{ basedir }}/data/"
+
+- name: create config filess
+ template:
+ src: "{{ item }}"
+ dest: "{{ basedir }}/{{ item }}"
+ with_items:
+ - datasources.yml
+ - docker-compose.yml
+ - grafana.ini
+
+- name: start grafana docker
+ docker_compose:
+ project_src: "{{ basedir }}"
+ state: present
diff --git a/intern/docker_grafana/templates/datasources.yml b/intern/docker_grafana/templates/datasources.yml
new file mode 100644
index 0000000000000000000000000000000000000000..5e2ba6ca3bafdf3e6b7d0b6ef5299168a061ff59
--- /dev/null
+++ b/intern/docker_grafana/templates/datasources.yml
@@ -0,0 +1,28 @@
+
+apiVersion: 1
+
+datasources:
+
+ - name: MQTT_Flux
+ type: influxdb
+ access: proxy
+ url: http://{{ int_ip4 }}:{{ mqtt_influxdb_port }}
+ jsonData:
+ version: Flux
+ organization: mqtt
+ defaultBucket: mqtt
+ tlsSkipVerify: true
+ secureJsonData:
+ token: {{ influxdb_token }}
+
+ - name: MQTT_InfluxQL
+ type: influxdb
+ access: proxy
+ url: http://{{ int_ip4 }}:{{ mqtt_influxdb_port }}
+ # This database should be mapped to a bucket
+ database: mqtt
+ jsonData:
+ httpMode: GET
+ httpHeaderName1: 'Authorization'
+ secureJsonData:
+ httpHeaderValue1: 'Token {{ influxdb_token }}'
diff --git a/intern/docker_grafana/templates/docker-compose.yml b/intern/docker_grafana/templates/docker-compose.yml
new file mode 100644
index 0000000000000000000000000000000000000000..ac0d09c4b58f3ddf1506095b1f674c7b71ecbc08
--- /dev/null
+++ b/intern/docker_grafana/templates/docker-compose.yml
@@ -0,0 +1,27 @@
+version: "3"
+
+services:
+
+ app:
+
+ image: grafana/grafana:9.3.6
+ restart: always
+ volumes:
+ - "{{ basedir }}/grafana.ini:/etc/grafana/grafana.ini"
+ - "{{ basedir }}/datasources.yml:/etc/grafana/provisioning/datasources/datasources.yml"
+ - "{{ basedir }}/data/:/var/lib/grafana"
+ environment:
+ GF_SERVER_ROOT_URL: "https://{{ domain }}"
+ GF_SECURITY_ADMIN_PASSWORD: "{{ grafana_admin_pass }}"
+ labels:
+ - traefik.enable=true
+ - traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
+ - traefik.http.routers.{{ servicename }}.entrypoints=websecure
+ - traefik.http.services.{{ servicename }}.loadbalancer.server.port=3000
+ networks:
+ - default
+ - web
+
+networks:
+ web:
+ external: true
diff --git a/intern/docker_grafana/templates/grafana.ini b/intern/docker_grafana/templates/grafana.ini
new file mode 100644
index 0000000000000000000000000000000000000000..03f42535b405c59ff21f4a0010fd553bc031f5fd
--- /dev/null
+++ b/intern/docker_grafana/templates/grafana.ini
@@ -0,0 +1,144 @@
+##################### Grafana Configuration ##################################
+#
+# Everything has defaults so you only need to uncomment things you want to
+# change
+
+# possible values : production, development
+app_mode = production
+
+# instance name, defaults to HOSTNAME environment variable value or hostname if HOSTNAME var is empty
+instance_name = {{ inventory_hostname }}
+
+#
+#################################### Server ####################################
+[server]
+# Protocol (http, https, socket)
+;protocol = http
+
+# The ip address to bind to, empty will bind to all interfaces
+;http_addr =
+
+# The http port to use
+;http_port = 3000
+
+# The public facing domain name used to access grafana from a browser
+;domain = localhost
+
+# Redirect to correct domain if host header does not match domain
+# Prevents DNS rebinding attacks
+;enforce_domain = false
+
+# The full public facing url you use in browser, used for redirects and emails
+# If you use reverse proxy and sub path specify full url (with sub path)
+;root_url = http://localhost:3000
+
+# Log web requests
+;router_logging = false
+
+# the path relative working path
+;static_root_path = public
+
+# enable gzip
+;enable_gzip = false
+
+# https certs & key file
+;cert_file =
+;cert_key =
+
+# Unix socket path
+;socket =
+
+
+#################################### Security ####################################
+[security]
+# default admin user, created on startup
+;admin_user = admin
+
+# default admin password, can be changed before first start of grafana, or in profile settings
+;admin_password = admin
+
+# used for signing
+;secret_key = SW2YcwTIb9zpOOhoPsMm
+
+# Auto-login remember days
+;login_remember_days = 7
+;cookie_username = grafana_user
+;cookie_remember_name = grafana_remember
+
+# Set to true if you host Grafana behind HTTPS. Default is false.
+cookie_secure = true
+
+# Sets the SameSite cookie attribute and prevents the browser from sending this
+# cookie along with cross-site requests. The main goal is mitigate the risk of
+# cross-origin information leakage. It also provides some protection against cross-site
+# request forgery attacks (CSRF), read more here. Valid values are lax, strict and none.
+# Default is lax.
+cookie_samesite = none
+
+# disable gravatar profile images
+;disable_gravatar = false
+
+# data source proxy whitelist (ip_or_domain:port separated by spaces)
+;data_source_proxy_whitelist =
+
+# Allow Embedding
+allow_embedding = true
+
+[snapshots]
+# snapshot sharing options
+;external_enabled = true
+;external_snapshot_url = https://snapshots-origin.raintank.io
+;external_snapshot_name = Publish to snapshot.raintank.io
+
+# remove expired snapshot
+;snapshot_remove_expired = true
+
+# remove snapshots after 90 days
+;snapshot_TTL_days = 90
+
+#################################### Users ####################################
+[users]
+# disable user signup / registration
+allow_sign_up = false
+
+# Allow non admin users to create organizations
+allow_org_create = false
+
+# Set to true to automatically assign new users to the default organization (id 1)
+auto_assign_org = true
+
+# Default role new users will be automatically assigned (if disabled above is set to true)
+auto_assign_org_role = Viewer
+
+# Background text for the user field on the login page
+login_hint = Fallback account
+
+# Default UI theme ("dark" or "light")
+default_theme = dark
+
+[auth]
+# Set to true to disable (hide) the login form, useful if you use OAuth, defaults to false
+;disable_login_form = false
+disable_login_form = false
+
+# Auto Login via OAuth
+# oauth_auto_login = true
+
+# Set to true to disable the signout link in the side menu. useful if you use auth.proxy, defaults to false
+;disable_signout_menu = false
+
+#################################### Anonymous Auth ##########################
+[auth.anonymous]
+# enable anonymous access
+enabled = true
+
+# specify organization name that should be used for unauthenticated users
+org_name = Main Org.
+
+#################################### Alerting ############################
+[alerting]
+# Disable alerting engine & UI features
+enabled = false
+# Makes it possible to turn off alert rule execution but alerting UI is visible
+execute_alerts = false
+
diff --git a/site.yml b/site.yml
index 44b2b3072ccd3ff49897b879da6f0dc9eb41c0d9..d7fba519895541fee1b1afde5ab1617782cafa1a 100644
--- a/site.yml
+++ b/site.yml
@@ -69,6 +69,13 @@
basedir: /srv/esphome-dev,
domain: "esphome-dev.warpzone.lan"
}
+ - {
+ role: intern/docker_grafana, tags: grafana,
+ servicename: grafana,
+ basedir: /srv/grafana,
+ domain: "grafana.warpzone.lan",
+ mqtt_influxdb_port: 18086
+ }
- {
role: intern/docker_heimdall, tags: heimdall,
servicename: heimdall,