added missing files

infra/monitoring/vault-agent/agent.hcl

@@ -0,0 +1,31 @@
+exit_after_auth = false
+pid_file        = "/tmp/vault-agent.pid"
+
+vault {
+  address = "http://vault:8200"
+}
+
+auto_auth {
+  method "approle" {
+    mount_path = "auth/approle"
+    config = {
+      role_id_file_path   = "/etc/vault/role_id"
+      secret_id_file_path = "/etc/vault/secret_id"
+      remove_secret_id_file_after_reading = false
+    }
+  }
+  sink "file" { config = { path = "/vault/secrets/.vault-token" } }
+}
+
+template {
+  source      = "/etc/vault/templates/grafana.env.ctmpl"
+  destination = "/vault/secrets/grafana.env"
+  perms       = "0644"
+  command     = "chown 472:472 /vault/secrets/grafana.env"
+}
+
+template {
+  source      = "/etc/vault/templates/alertmanager.yml.ctmpl"
+  destination = "/vault/alertmanager/alertmanager.yml"
+  perms       = "0644"
+}

infra/monitoring/vault-agent/templates/alertmanager.yml.ctmpl

@@ -0,0 +1,18 @@
+route:
+  receiver: 'telegram'
+  group_by: ['alertname', 'instance']
+  group_wait: 30s
+  group_interval: 5m
+  repeat_interval: 3h
+
+receivers:
+  - name: 'telegram'
+    telegram_configs:
+      - bot_token: '{{ with secret "kv/data/monitoring/telegram" }}{{ .Data.data.token }}{{ end }}'
+        chat_id: {{ with secret "kv/data/monitoring/telegram" }}{{ .Data.data.admin_chat_id }}{{ end }}   # put your numeric chat id here, or also render from Vault if you want
+        message: |
+          🚨 *{{ "{{ .Status | toUpper }}" }}* — {{ "{{ .CommonLabels.alertname }}" }}
+          *Instance:* {{ "{{ .CommonLabels.instance }}" }}
+          *Summary:* {{ "{{ .CommonAnnotations.summary }}" }}
+          *Description:* {{ "{{ .CommonAnnotations.description }}" }}
+        parse_mode: 'Markdown'

infra/monitoring/vault-agent/templates/grafana.env.ctmpl

@@ -0,0 +1,4 @@
+GF_SECURITY_ADMIN_USER="{{ with secret "kv/data/monitoring/grafana" }}{{ .Data.data.username }}{{ end }}"
+GF_SECURITY_ADMIN_PASSWORD="{{ with secret "kv/data/monitoring/grafana" }}{{ .Data.data.password }}{{ end }}"
+GF_AUTH_ANONYMOUS_ENABLED="false"
+GF_USERS_ALLOW_SIGN_UP="false"