#/bin/bash

NODE_EXPORTER_VERSION=1.5.0
NODE_EXPORTER_USER=node_exporter
NODE_EXPORTER_BIN_DIR=/usr/local/bin
NODE_EXPORTER_CONF_DIR=/etc/node_exporter
PROMETHEUS_USER=prometheus

## Install dependencies

apt install -y apache2-utils

## Create Node Exporter user

useradd --system --no-create-home --shell /usr/sbin/nologin --home-dir /nonexistent ${NODE_EXPORTER_USER}

## Download and unzip Node Exporter

wget https://github.com/prometheus/node_exporter/releases/download/v${NODE_EXPORTER_VERSION}/node_exporter-${NODE_EXPORTER_VERSION}.linux-amd64.tar.gz
tar -xf node_exporter-${NODE_EXPORTER_VERSION}.linux-amd64.tar.gz
cp node_exporter-${NODE_EXPORTER_VERSION}.linux-amd64/node_exporter ${NODE_EXPORTER_BIN_DIR}/
chown ${NODE_EXPORTER_USER}:${NODE_EXPORTER_USER} ${NODE_EXPORTER_BIN_DIR}/node_exporter
rm -rf node_exporter-${NODE_EXPORTER_VERSION}.linux-amd64*

## Create config directory

mkdir ${NODE_EXPORTER_CONF_DIR}

## Generate SSL certificate

openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 \
	-keyout ${NODE_EXPORTER_CONF_DIR}/tlsCertificate.key \
	-out ${NODE_EXPORTER_CONF_DIR}/tlsCertificate.crt \
	-subj "/C=ZA/ST=CT/L=SA/O=VPN/CN=localhost" \
	-addext "subjectAltName = DNS:localhost"

## Generate config file

ENCRYPT_PASSWORD=`htpasswd -bnBC 10 "" ${PROMETHEUS_PASSWORD} | tr -d ':\n'`

cat > ${NODE_EXPORTER_CONF_DIR}/config.yml << EOF 
tls_server_config:
  cert_file: tlsCertificate.crt
  key_file: tlsCertificate.key
basic_auth_users:
  ${PROMETHEUS_USER}: ${ENCRYPT_PASSWORD}

EOF

chown ${NODE_EXPORTER_USER}:${NODE_EXPORTER_USER} ${NODE_EXPORTER_CONF_DIR}/*

## Add service

cat > /etc/systemd/system/node_exporter.service << EOF
[Unit]
Description=Node Exporter
Wants=network-online.target
After=network-online.target
StartLimitIntervalSec=500
StartLimitBurst=5
[Service]
User=${NODE_EXPORTER_USER}
Group=${NODE_EXPORTER_USER}
Type=simple
Restart=on-failure
RestartSec=5s
ExecStart=${NODE_EXPORTER_BIN_DIR}/node_exporter --web.config.file=${NODE_EXPORTER_CONF_DIR}/config.yml
[Install]
WantedBy=multi-user.target
EOF

## Enable & start service

systemctl daemon-reload
systemctl enable node_exporter
systemctl restart node_exporter

## Open port from firewall

ufw allow 9100/tcp
ufw enable