{% set country = salt['grains.get']('country') %}

firewalld:
  zones:
    internal:
      services:
        - prometheus-nginx_exporter

nginx:
  lookup:
    server_available: /etc/nginx/vhosts.d
    server_enabled: /etc/nginx/vhosts.d
  server:
    config:
      events:
        worker_connections: 1024
        use: epoll
      http:
        gzip: 'on'
        server_tokens: 'off'
        include:
          - mime.types
          - conf.d/*.conf
          - vhosts.d/*.conf
        set_real_ip_from:
          {%- if country == 'us' %}
          - 192.168.67.1
          - 192.168.67.2
          - 192.168.67.3
          {%- elif country == 'cz' %}
          - 2a07:de40:b27e:1204::11
          - 2a07:de40:b27e:1204::12
          {%- endif %}
        real_ip_header: X-Forwarded-For
        real_ip_recursive: 'on'
      worker_processes: auto
  servers:
    managed:
      status.conf:
        config:
          - server:
              - listen:
                  - unix:/run/nginx/status.sock
              - location = /:
                  - stub_status: ''
        enabled: true

prometheus:
  wanted:
    component:
      - nginx_exporter
  pkg:
    component:
      nginx_exporter:
        name: prometheus-nginx_exporter
        service:
          name: prometheus-nginx_exporter.socket