infrastructure/roles/prometheus_exporters/templates/blackbox.yml.j2

#jinja2: lstrip_blocks: True
modules:
  http_prometheus:
    prober: http
    timeout: 5s
    http:
      headers:
        User-Agent: "blackbox-monitoring"
  tls_connect:
    prober: tcp
    timeout: 5s
    tcp:
      tls: true
  smtp_starttls:
    prober: tcp
    timeout: 5s
    tcp:
      query_response:
        - expect: "^220 ([^ ]+) ESMTP (.+)$"
        - send: "EHLO prober\r"
        - expect: "^250-STARTTLS"
        - send: "STARTTLS\r"
        - expect: "^220"
        - starttls: true
        - send: "EHLO prober\r"
        - expect: "^250"
        - send: "QUIT\r"
  {% for domain in geo_domains %}
  {% set hosts = geo_options[domain]['hosts'] | default(groups['geo_mirrors']) %}
  geo_dns_{{ domain }}_a:
    prober: dns
    timeout: 5s
    dns:
      query_name: {{ domain }}
      query_type: A
      preferred_ip_protocol: ip4
      validate_answer_rrs:
        fail_if_not_matches_regexp:
          - {{ domain | replace('.', '\.') }}\.\t.*\tIN\tA\t({{ hosts | map('extract', hostvars, ['ipv4_address']) | join('|') | replace('.', '\.') }})
  geo_dns_{{ domain }}_aaaa:
    prober: dns
    timeout: 5s
    dns:
      query_name: {{ domain }}
      query_type: AAAA
      preferred_ip_protocol: ip6
      validate_answer_rrs:
        fail_if_not_matches_regexp:
          - {{ domain | replace('.', '\.') }}\.\t.*\tIN\tAAAA\t({{ hosts | map('extract', hostvars, ['ipv6_address']) | join('|') }})
  geo_dns_{{ domain }}_https:
    prober: dns
    timeout: 5s
    dns:
      query_name: {{ domain }}
      query_type: HTTPS
      validate_answer_rrs:
        fail_if_not_matches_regexp:
          - {{ domain | replace('.', '\.') }}\.\t.*\tIN\tHTTPS\t1 \. alpn="h2,h3" ipv4hint="({{ hosts | map('extract', hostvars, ['ipv4_address']) | join('|') | replace('.', '\.') }})" ipv6hint="({{ hosts | map('extract', hostvars, ['ipv6_address']) | join('|') }})"
  {% endfor %}