Merge branch 'main' into codex/enhance-docker-security-configurations
This commit is contained in:
beatz174-bit
@@ -31,6 +31,8 @@ services:
|
||||
prometheus:
|
||||
profiles: ["monitoring","all","prometheus"]
|
||||
image: prom/prometheus:latest
|
||||
# env_file:
|
||||
# - ${PROJECT_ROOT}/secrets/stack-secrets.env
|
||||
container_name: prometheus
|
||||
depends_on:
|
||||
# - alertmanager
|
||||
@@ -49,6 +51,7 @@ services:
|
||||
- ${PROJECT_ROOT}/monitoring/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml:ro
|
||||
- ${PROJECT_ROOT}/monitoring/prometheus/data:/prometheus
|
||||
- ${PROJECT_ROOT}/monitoring/prometheus/rules:/etc/prometheus/rules:ro
|
||||
- ${PROJECT_ROOT}/secrets/prometheus_kuma_basic_auth_password.txt:/run/secrets/prometheus_kuma_basic_auth_password:ro
|
||||
|
||||
restart: unless-stopped
|
||||
labels:
|
||||
@@ -80,7 +83,7 @@ services:
|
||||
# volumes:
|
||||
# - ./alertmanager/alertmanager.yml:/etc/alertmanager/alertmanager.yml:ro
|
||||
# restart: unless-stopped
|
||||
# networks:
|
||||
# secrets:
|
||||
# - edge
|
||||
# - traefik_reverse_proxy
|
||||
# healthcheck:
|
||||
@@ -128,14 +131,18 @@ services:
|
||||
image: influxdb:2.7
|
||||
container_name: influxdb
|
||||
restart: unless-stopped
|
||||
# env_file:
|
||||
# - ${PROJECT_ROOT}/secrets/stack-secrets.env
|
||||
volumes:
|
||||
- ${PROJECT_ROOT}/monitoring/influxdb:/var/lib/influxdb2
|
||||
environment:
|
||||
DOCKER_INFLUXDB_INIT_MODE: setup
|
||||
DOCKER_INFLUXDB_INIT_USERNAME: admin
|
||||
DOCKER_INFLUXDB_INIT_PASSWORD: adminpassword
|
||||
DOCKER_INFLUXDB_INIT_ORG: pbs
|
||||
DOCKER_INFLUXDB_INIT_BUCKET: telemetry
|
||||
DOCKER_INFLUXDB_INIT_MODE: ${INFLUXDB_INIT_MODE}
|
||||
DOCKER_INFLUXDB_INIT_USERNAME: ${INFLUXDB_INIT_USERNAME}
|
||||
DOCKER_INFLUXDB_INIT_PASSWORD_FILE: /run/secrets/influxdb_init_password
|
||||
DOCKER_INFLUXDB_INIT_ORG: ${INFLUXDB_INIT_ORG}
|
||||
DOCKER_INFLUXDB_INIT_BUCKET: ${INFLUXDB_INIT_BUCKET}
|
||||
secrets:
|
||||
- influxdb_init_password
|
||||
networks:
|
||||
# - edge
|
||||
# - traefik_reverse_proxy
|
||||
@@ -199,24 +206,24 @@ services:
|
||||
volumes:
|
||||
- ~/.docker/config.json:/root/.docker/config.json:ro
|
||||
- ${PROJECT_ROOT}/monitoring/docker-exporter/data:/data:rw
|
||||
- ${PROJECT_ROOT}:/compose
|
||||
- ${PROJECT_ROOT}/default-environment.env:/compose/default-environment.env:ro
|
||||
- ${PROJECT_ROOT}/default-network.yml:/compose/default-network.yml:ro
|
||||
- ${PROJECT_ROOT}/core/docker-compose.yml:/compose/core/docker-compose.yml:ro
|
||||
- ${PROJECT_ROOT}/monitoring/prometheus/docker-compose.yml:/compose/monitoring/prometheus/docker-compose.yml:ro
|
||||
- ${PROJECT_ROOT}/monitoring/gotify/docker-compose.yml:/compose/monitoring/gotify/docker-compose.yml:ro
|
||||
- ${PROJECT_ROOT}/monitoring/grafana/docker-compose.yml:/compose/monitoring/grafana/docker-compose.yml:ro
|
||||
- ${PROJECT_ROOT}/monitoring/portainer/docker-compose.yml:/compose/monitoring/portainer/docker-compose.yml:ro
|
||||
- ${PROJECT_ROOT}/monitoring/uptime-kuma/docker-compose.yml:/compose/monitoring/uptime-kuma/docker-compose.yml:>
|
||||
- ${PROJECT_ROOT}/apps/gitea/docker-compose.yml:/compose/apps/gitea/docker-compose.yml:ro
|
||||
- ${PROJECT_ROOT}/apps/gramps/docker-compose.yml:/compose/apps/gramps/docker-compose.yml:ro
|
||||
- ${PROJECT_ROOT}/apps/nextcloud/docker-compose.yml:/compose/apps/nextcloud/docker-compose.yml:ro
|
||||
- ${PROJECT_ROOT}/apps/passbolt/docker-compose.yml:/compose/apps/passbolt/docker-compose.yml:ro
|
||||
- ${PROJECT_ROOT}/apps/searxng/docker-compose.yml:/compose/apps/searxng/docker-compose.yml:ro
|
||||
- ${PROJECT_ROOT}/apps/shift-recorder/docker-compose.yml:/compose/apps/shift-recorder/docker-compose.yml:ro
|
||||
- ${PROJECT_ROOT}/apps/stockfill/docker-compose.yml:/compose/apps/stockfill/docker-compose.yml:ro
|
||||
- ${PROJECT_ROOT}/monitoring/node-red/docker-compose.yml:/compose/monitoring/node-red/docker-compose.yml:ro
|
||||
- ${PROJECT_ROOT}/core/test/docker-compose.yml:/compose/core/test/docker-compose.yml:ro
|
||||
- ${PROJECT_ROOT}:/compose:ro
|
||||
# - ${PROJECT_ROOT}/default-environment.env:/compose/default-environment.env:ro
|
||||
# - ${PROJECT_ROOT}/default-network.yml:/compose/default-network.yml:ro
|
||||
# - ${PROJECT_ROOT}/core/docker-compose.yml:/compose/core/docker-compose.yml:ro
|
||||
# - ${PROJECT_ROOT}/monitoring/prometheus/docker-compose.yml:/compose/monitoring/prometheus/docker-compose.yml:ro
|
||||
# - ${PROJECT_ROOT}/monitoring/gotify/docker-compose.yml:/compose/monitoring/gotify/docker-compose.yml:ro
|
||||
# - ${PROJECT_ROOT}/monitoring/grafana/docker-compose.yml:/compose/monitoring/grafana/docker-compose.yml:ro
|
||||
# - ${PROJECT_ROOT}/monitoring/portainer/docker-compose.yml:/compose/monitoring/portainer/docker-compose.yml:ro
|
||||
# - ${PROJECT_ROOT}/monitoring/uptime-kuma/docker-compose.yml:/compose/monitoring/uptime-kuma/docker-compose.yml:>
|
||||
# - ${PROJECT_ROOT}/apps/gitea/docker-compose.yml:/compose/apps/gitea/docker-compose.yml:ro
|
||||
# - ${PROJECT_ROOT}/apps/gramps/docker-compose.yml:/compose/apps/gramps/docker-compose.yml:ro
|
||||
# - ${PROJECT_ROOT}/apps/nextcloud/docker-compose.yml:/compose/apps/nextcloud/docker-compose.yml:ro
|
||||
# - ${PROJECT_ROOT}/apps/passbolt/docker-compose.yml:/compose/apps/passbolt/docker-compose.yml:ro
|
||||
# - ${PROJECT_ROOT}/apps/searxng/docker-compose.yml:/compose/apps/searxng/docker-compose.yml:ro
|
||||
# - ${PROJECT_ROOT}/apps/shift-recorder/docker-compose.yml:/compose/apps/shift-recorder/docker-compose.yml:ro
|
||||
# - ${PROJECT_ROOT}/apps/stockfill/docker-compose.yml:/compose/apps/stockfill/docker-compose.yml:ro
|
||||
# - ${PROJECT_ROOT}/monitoring/node-red/docker-compose.yml:/compose/monitoring/node-red/docker-compose.yml:ro
|
||||
# - ${PROJECT_ROOT}/core/test/docker-compose.yml:/compose/core/test/docker-compose.yml:ro
|
||||
|
||||
|
||||
# ports:
|
||||
@@ -240,12 +247,14 @@ services:
|
||||
profiles: ["monitoring","all","prometheus-exporters"]
|
||||
image: ekofr/pihole-exporter:latest
|
||||
container_name: pihole-exporter
|
||||
# env_file:
|
||||
# - ${PROJECT_ROOT}/secrets/stack-secrets.env
|
||||
environment:
|
||||
PIHOLE_HOSTNAME: pihole.sweet.home
|
||||
PIHOLE_PASSWORD: ""
|
||||
PORT: 9617
|
||||
PIHOLE_HOSTNAME: ${PIHOLE_HOSTNAME}
|
||||
PIHOLE_PASSWORD: ${PIHOLE_PASSWORD}
|
||||
PORT: ${PIHOLE_EXPORTER_PORT}
|
||||
ports:
|
||||
- "9617:9617"
|
||||
- "${PIHOLE_EXPORTER_PORT}:${PIHOLE_EXPORTER_PORT}"
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
# - edge
|
||||
@@ -262,3 +271,9 @@ services:
|
||||
# traefik_reverse_proxy:
|
||||
# external: true
|
||||
|
||||
|
||||
|
||||
|
||||
secrets:
|
||||
influxdb_init_password:
|
||||
file: ${PROJECT_ROOT}/secrets/influxdb_init_password.txt
|
||||
|
||||
@@ -63,6 +63,7 @@ scrape_configs:
|
||||
static_configs:
|
||||
- targets:
|
||||
- telegraf:9273
|
||||
- raspberrypi.tail13f623.ts.net:9273
|
||||
labels:
|
||||
role: docker
|
||||
|
||||
@@ -96,8 +97,8 @@ scrape_configs:
|
||||
|
||||
basic_auth:
|
||||
username: wayne.bennett@live.com
|
||||
password: '4vjCco?[%{=+,t`):C'
|
||||
|
||||
password_file: /run/secrets/prometheus_kuma_basic_auth_password
|
||||
# password: '4vjCco?[%{=+,t`):C'
|
||||
static_configs:
|
||||
- targets:
|
||||
- monitor-kuma:3001
|
||||
|
||||
Reference in New Issue
Block a user