diff --git a/core/authelia/docker-compose.yml b/core/authelia/docker-compose.yml new file mode 100644 index 0000000..23d4ed5 --- /dev/null +++ b/core/authelia/docker-compose.yml @@ -0,0 +1,30 @@ +services: + authelia: + profiles: ["core","all","traefik"] + image: authelia/authelia + restart: always + build: + context: ${PROJECT_ROOT}/core/authelia +# env_file: +# - ${PROJECT_ROOT}/secrets/stack-secrets.env +# environment: +# - AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET:${AUTHELIA_JWT_SECRET} +# - AUTHELIA_SESSION_SECRET:${AUTHELIA_SESSION_SECRET} +# - AUTHELIA_STORAGE_ENCRYPTION_KEY:${AUTHELIA_STORAGE_ENCRYPTION_KEY} + volumes: + - ${PROJECT_ROOT}/core/authelia:/config + networks: +# - reverse_proxy + - traefik + container_name: authelia + labels: + - traefik.enable=true + - traefik.http.routers.authelia.rule=Host(`auth.lan.ddnsgeek.com`) + - traefik.http.routers.authelia.entrypoints=websecure + - traefik.http.routers.authelia.tls=true + - traefik.http.routers.authelia.tls.certresolver=myresolver + - io.portainer.accesscontrol.public + - traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.lan.ddnsgeek.com/ + - traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true + - traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups + - traefik.http.middlewares.authelia.forwardauth.maxResponseBodySize=2097152 diff --git a/core/crowdsec/docker-compose.yml b/core/crowdsec/docker-compose.yml new file mode 100644 index 0000000..b198715 --- /dev/null +++ b/core/crowdsec/docker-compose.yml @@ -0,0 +1,23 @@ +services: + crowdsec: +# image: crowdsecurity/crowdsec:latest + profiles: ["core","all","traefik"] + build: ${PROJECT_ROOT}/core/crowdsec + container_name: crowdsec + restart: always + environment: + - COLLECTIONS=crowdsecurity/traefik +# - CROWDSEC_LAPI_KEY=${CROWDSEC_LAPI_KEY} + volumes: + - ${PROJECT_ROOT}/core/crowdsec/logs:/logs:ro + - ${PROJECT_ROOT}/core/crowdsec/data:/var/lib/crowdsec/data + - ${PROJECT_ROOT}/core/crowdsec/config:/etc/crowdsec + networks: +# - reverse_proxy + - traefik + healthcheck: + test: ["CMD-SHELL", "cscli metrics || exit 1"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 15s diff --git a/core/docker-compose.yml b/core/docker-compose.yml index a400401..ad189dd 100644 --- a/core/docker-compose.yml +++ b/core/docker-compose.yml @@ -1,132 +1 @@ -services: - traefik: - profiles: ["core","all","traefik"] - image: traefik:3 - container_name: traefik - restart: always - read_only: true - hostname: traefik.lan.ddnsgeek.com - depends_on: - - docker-socket-proxy - - error-pages - - authelia - - crowdsec - - ports: - - "80:80" - - "443:443" - - build: - context: ${PROJECT_ROOT}/core - # env_file: - # - ${PROJECT_ROOT}/secrets/stack-secrets.env - - volumes: - - ${PROJECT_ROOT}/core/traefik/data/letsencrypt:/letsencrypt - - ${PROJECT_ROOT}/core/traefik/data/logs:/logs - - ${PROJECT_ROOT}/core/traefik/dynamic.yml:/etc/traefik/dynamic.yml:ro - - ${PROJECT_ROOT}/core/traefik/traefik.yml:/etc/traefik/traefik.yml:ro - - ${PROJECT_ROOT}/core/traefik/data/plugins:/plugins-storage - - healthcheck: - test: traefik healthcheck --ping - - labels: - - "traefik.enable=true" - - "traefik.http.routers.traefik.rule=Host(`traefik.lan.ddnsgeek.com`)" - - "traefik.http.routers.traefik.service=api@internal" - - "traefik.http.routers.traefik.entrypoints=websecure" - - "traefik.http.routers.traefik.tls.certresolver=myresolver" - - "traefik.http.routers.traefik.middlewares=authelia" - - "io.portainer.accesscontrol.public" - - "traefik.docker.network=core_traefik" - - "traefik.http.routers.traefik.observability.tracing=true" - - networks: -# - reverse_proxy -# - prometheus_edge - - traefik - crowdsec: -# image: crowdsecurity/crowdsec:latest - profiles: ["core","all","traefik"] - build: ${PROJECT_ROOT}/core/crowdsec - container_name: crowdsec - restart: always - environment: - - COLLECTIONS=crowdsecurity/traefik -# - CROWDSEC_LAPI_KEY=${CROWDSEC_LAPI_KEY} - volumes: - - ${PROJECT_ROOT}/core/crowdsec/logs:/logs:ro - - ${PROJECT_ROOT}/core/crowdsec/data:/var/lib/crowdsec/data - - ${PROJECT_ROOT}/core/crowdsec/config:/etc/crowdsec - networks: -# - reverse_proxy - - traefik - healthcheck: - test: ["CMD-SHELL", "cscli metrics || exit 1"] - interval: 30s - timeout: 10s - retries: 3 - start_period: 15s - - error-pages: - profiles: ["core","all","traefik"] - image: tarampampam/error-pages:3 - restart: always - container_name: error-pages - read_only: true - environment: - TEMPLATE_NAME: ${ERROR_PAGES_TEMPLATE_NAME} - networks: -# - reverse_proxy - - traefik - hostname: error-pages - labels: - - "traefik.enable=true" - # use as "fallback" for any NON-registered services (with priority below normal) - - "traefik.http.routers.error-pages-router.rule=HostRegexp(`{host:.+}`)" - # should say that all of your services work on https - - "traefik.http.routers.error-pages-router.entrypoints=web" - - "traefik.http.routers.error-pages-router.middlewares=error-pages-middleware" - # "errors" middleware settings - - "traefik.http.middlewares.error-pages-middleware.errors.status=400-599" - - "traefik.http.middlewares.error-pages-middleware.errors.service=error-pages-service" - - "traefik.http.middlewares.error-pages-middleware.errors.query=/{status}.html" - # define service properties - - "traefik.http.services.error-pages-service.loadbalancer.server.port=8080" - - "io.portainer.accesscontrol.public" - - authelia: - profiles: ["core","all","traefik"] - image: authelia/authelia - restart: always - build: - context: ${PROJECT_ROOT}/core/authelia -# env_file: -# - ${PROJECT_ROOT}/secrets/stack-secrets.env -# environment: -# - AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET:${AUTHELIA_JWT_SECRET} -# - AUTHELIA_SESSION_SECRET:${AUTHELIA_SESSION_SECRET} -# - AUTHELIA_STORAGE_ENCRYPTION_KEY:${AUTHELIA_STORAGE_ENCRYPTION_KEY} - volumes: - - ${PROJECT_ROOT}/core/authelia:/config - networks: -# - reverse_proxy - - traefik - container_name: authelia - labels: - - traefik.enable=true - - traefik.http.routers.authelia.rule=Host(`auth.lan.ddnsgeek.com`) - - traefik.http.routers.authelia.entrypoints=websecure - - traefik.http.routers.authelia.tls=true - - traefik.http.routers.authelia.tls.certresolver=myresolver - - io.portainer.accesscontrol.public - - traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.lan.ddnsgeek.com/ - - traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true - - traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups - - traefik.http.middlewares.authelia.forwardauth.maxResponseBodySize=2097152 -#networks: -# reverse_proxy: -# driver: bridge -# prometheus_edge: -# external: true +services: {} diff --git a/core/error-pages/docker-compose.yml b/core/error-pages/docker-compose.yml new file mode 100644 index 0000000..3d6b629 --- /dev/null +++ b/core/error-pages/docker-compose.yml @@ -0,0 +1,27 @@ +services: + error-pages: + profiles: ["core","all","traefik"] + image: tarampampam/error-pages:3 + restart: always + container_name: error-pages + read_only: true + environment: + TEMPLATE_NAME: ${ERROR_PAGES_TEMPLATE_NAME} + networks: +# - reverse_proxy + - traefik + hostname: error-pages + labels: + - "traefik.enable=true" + # use as "fallback" for any NON-registered services (with priority below normal) + - "traefik.http.routers.error-pages-router.rule=HostRegexp(`{host:.+}`)" + # should say that all of your services work on https + - "traefik.http.routers.error-pages-router.entrypoints=web" + - "traefik.http.routers.error-pages-router.middlewares=error-pages-middleware" + # "errors" middleware settings + - "traefik.http.middlewares.error-pages-middleware.errors.status=400-599" + - "traefik.http.middlewares.error-pages-middleware.errors.service=error-pages-service" + - "traefik.http.middlewares.error-pages-middleware.errors.query=/{status}.html" + # define service properties + - "traefik.http.services.error-pages-service.loadbalancer.server.port=8080" + - "io.portainer.accesscontrol.public" diff --git a/core/traefik/docker-compose.yml b/core/traefik/docker-compose.yml new file mode 100644 index 0000000..aff9dc5 --- /dev/null +++ b/core/traefik/docker-compose.yml @@ -0,0 +1,48 @@ +services: + traefik: + profiles: ["core","all","traefik"] + image: traefik:3 + container_name: traefik + restart: always + read_only: true + hostname: traefik.lan.ddnsgeek.com + depends_on: + - docker-socket-proxy + - error-pages + - authelia + - crowdsec + + ports: + - "80:80" + - "443:443" + + build: + context: ${PROJECT_ROOT}/core + # env_file: + # - ${PROJECT_ROOT}/secrets/stack-secrets.env + + volumes: + - ${PROJECT_ROOT}/core/traefik/data/letsencrypt:/letsencrypt + - ${PROJECT_ROOT}/core/traefik/data/logs:/logs + - ${PROJECT_ROOT}/core/traefik/dynamic.yml:/etc/traefik/dynamic.yml:ro + - ${PROJECT_ROOT}/core/traefik/traefik.yml:/etc/traefik/traefik.yml:ro + - ${PROJECT_ROOT}/core/traefik/data/plugins:/plugins-storage + + healthcheck: + test: traefik healthcheck --ping + + labels: + - "traefik.enable=true" + - "traefik.http.routers.traefik.rule=Host(`traefik.lan.ddnsgeek.com`)" + - "traefik.http.routers.traefik.service=api@internal" + - "traefik.http.routers.traefik.entrypoints=websecure" + - "traefik.http.routers.traefik.tls.certresolver=myresolver" + - "traefik.http.routers.traefik.middlewares=authelia" + - "io.portainer.accesscontrol.public" + - "traefik.docker.network=core_traefik" + - "traefik.http.routers.traefik.observability.tracing=true" + + networks: +# - reverse_proxy +# - prometheus_edge + - traefik diff --git a/monitoring/docker-exporter/docker-compose.yml b/monitoring/docker-exporter/docker-compose.yml new file mode 100644 index 0000000..844c101 --- /dev/null +++ b/monitoring/docker-exporter/docker-compose.yml @@ -0,0 +1,55 @@ +services: + docker-update-exporter: + profiles: ["monitoring","all","prometheus-exporters"] + build: + context: ${PROJECT_ROOT}/monitoring/docker-exporter + container_name: docker-update-exporter +# volumes: +# - /var/run/docker.sock:/var/run/docker.sock +# - ${PROJECT_ROOT}/monitoring/docker-exporter/data:/data:rw +# - ${PROJECT_ROOT}/services-up.sh:/app/services-up.sh:ro + environment: + LOG_LEVEL: ${DOCKER_EXPORTER_LOG_LEVEL} + DOCKER_HOST: ${DOCKER_SOCKET_PROXY_HOST} + depends_on: + - docker-socket-proxy + + volumes: + - ~/.docker/config.json:/root/.docker/config.json:ro + - ${PROJECT_ROOT}/monitoring/docker-exporter/data:/data:rw + - ${PROJECT_ROOT}:/compose:ro +# - ${PROJECT_ROOT}/default-environment.env:/compose/default-environment.env:ro +# - ${PROJECT_ROOT}/default-network.yml:/compose/default-network.yml:ro +# - ${PROJECT_ROOT}/core/docker-compose.yml:/compose/core/docker-compose.yml:ro +# - ${PROJECT_ROOT}/monitoring/prometheus/docker-compose.yml:/compose/monitoring/prometheus/docker-compose.yml:ro +# - ${PROJECT_ROOT}/monitoring/gotify/docker-compose.yml:/compose/monitoring/gotify/docker-compose.yml:ro +# - ${PROJECT_ROOT}/monitoring/grafana/docker-compose.yml:/compose/monitoring/grafana/docker-compose.yml:ro +# - ${PROJECT_ROOT}/monitoring/portainer/docker-compose.yml:/compose/monitoring/portainer/docker-compose.yml:ro +# - ${PROJECT_ROOT}/monitoring/uptime-kuma/docker-compose.yml:/compose/monitoring/uptime-kuma/docker-compose.yml:> +# - ${PROJECT_ROOT}/apps/gitea/docker-compose.yml:/compose/apps/gitea/docker-compose.yml:ro +# - ${PROJECT_ROOT}/apps/gramps/docker-compose.yml:/compose/apps/gramps/docker-compose.yml:ro +# - ${PROJECT_ROOT}/apps/nextcloud/docker-compose.yml:/compose/apps/nextcloud/docker-compose.yml:ro +# - ${PROJECT_ROOT}/apps/passbolt/docker-compose.yml:/compose/apps/passbolt/docker-compose.yml:ro +# - ${PROJECT_ROOT}/apps/searxng/docker-compose.yml:/compose/apps/searxng/docker-compose.yml:ro +# - ${PROJECT_ROOT}/apps/shift-recorder/docker-compose.yml:/compose/apps/shift-recorder/docker-compose.yml:ro +# - ${PROJECT_ROOT}/apps/stockfill/docker-compose.yml:/compose/apps/stockfill/docker-compose.yml:ro +# - ${PROJECT_ROOT}/monitoring/node-red/docker-compose.yml:/compose/monitoring/node-red/docker-compose.yml:ro +# - ${PROJECT_ROOT}/core/test/docker-compose.yml:/compose/core/test/docker-compose.yml:ro + + +# ports: +# - "9105:9105" + restart: unless-stopped + cap_drop: + - ALL + security_opt: + - no-new-privileges:true + networks: +# - edge + - monitor + healthcheck: + test: ["CMD", "python", "-c", "import urllib.request; urllib.request.urlopen('http://localhost:9105/metrics')"] + interval: 30s + timeout: 5s + retries: 3 + start_period: 10s diff --git a/monitoring/docker-socket-proxy/docker-compose.yml b/monitoring/docker-socket-proxy/docker-compose.yml new file mode 100644 index 0000000..51f113e --- /dev/null +++ b/monitoring/docker-socket-proxy/docker-compose.yml @@ -0,0 +1,47 @@ +services: + docker-socket-proxy: + profiles: ["monitoring","all","prometheus","prometheus-exporters"] + image: tecnativa/docker-socket-proxy:latest + container_name: docker-socket-proxy + hostname: docker-socket-proxy + restart: unless-stopped + environment: + LOG_LEVEL: ${DOCKER_SOCKET_PROXY_LOG_LEVEL} + DISTRIBUTION: 1 + CONTAINERS: 1 + EVENTS: 1 + IMAGES: 1 + INFO: 1 + NETWORKS: 1 + PING: 1 + POST: 1 + AUTH: 1 + EXEC: 1 + SYSTEM: 1 + SERVICES: 1 + SWARM: 1 + NODES: 1 + SECRETS: 1 + TASKS: 1 + VERSION: 1 + VOLUMES: 1 + ALLOW_START: 1 # for better security, set to 0 + ALLOW_STOP: 1 # for better security, set to 0 + ALLOW_RESTARTS: 1 # for better security, set to 0 + BUILD: 0 + COMMIT: 0 + CONFIGS: 0 + DELETE: 1 + DISABLE_IPV6: 0 + PLUGINS: 0 + SESSION: 0 + + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + cap_drop: + - ALL + security_opt: + - no-new-privileges:true + networks: + - monitor + - traefik diff --git a/monitoring/influxdb-service/docker-compose.yml b/monitoring/influxdb-service/docker-compose.yml new file mode 100644 index 0000000..4cd2cfc --- /dev/null +++ b/monitoring/influxdb-service/docker-compose.yml @@ -0,0 +1,42 @@ +services: + influxdb: + profiles: ["monitoring","all","prometheus"] + image: influxdb:2.7 + container_name: influxdb + restart: unless-stopped +# env_file: +# - ${PROJECT_ROOT}/secrets/stack-secrets.env + volumes: + - ${PROJECT_ROOT}/monitoring/influxdb:/var/lib/influxdb2 + environment: + DOCKER_INFLUXDB_INIT_MODE: ${INFLUXDB_INIT_MODE} + DOCKER_INFLUXDB_INIT_USERNAME: ${INFLUXDB_INIT_USERNAME} + DOCKER_INFLUXDB_INIT_PASSWORD_FILE: /run/secrets/influxdb_init_password + DOCKER_INFLUXDB_INIT_ORG: ${INFLUXDB_INIT_ORG} + DOCKER_INFLUXDB_INIT_BUCKET: ${INFLUXDB_INIT_BUCKET} + secrets: + - influxdb_init_password + networks: +# - edge +# - traefik_reverse_proxy + - traefik + - monitor + labels: + - "traefik.http.routers.influxdb.rule=Host(`influxdb.lan.ddnsgeek.com`)" + - "traefik.enable=true" + - "traefik.http.routers.influxdb.entrypoints=websecure" + - "traefik.http.routers.influxdb.tls.certresolver=myresolver" + - "io.portainer.accesscontrol.public" + - "traefik.http.services.influxdb.loadbalancer.server.port=8086" + - "traefik.http.routers.influxdb.middlewares=authelia" + - "traefik.docker.network=core_traefik" + healthcheck: + test: ["CMD-SHELL", "curl -f http://localhost:8086/health || exit 1"] + interval: 30s + timeout: 5s + retries: 3 + start_period: 10s + +secrets: + influxdb_init_password: + file: ${PROJECT_ROOT}/secrets/influxdb_init_password.txt diff --git a/monitoring/node-exporter/docker-compose.yml b/monitoring/node-exporter/docker-compose.yml new file mode 100644 index 0000000..2ce1fa6 --- /dev/null +++ b/monitoring/node-exporter/docker-compose.yml @@ -0,0 +1,23 @@ +services: + node-exporter: + profiles: ["monitoring","all","prometheus-exporters"] + image: prom/node-exporter:latest + container_name: node-exporter + pid: host + volumes: + - /proc:/host/proc:ro + - /sys:/host/sys:ro + - /:/rootfs:ro + command: + - "--path.procfs=/host/proc" + - "--path.sysfs=/host/sys" + - "--path.rootfs=/rootfs" + restart: unless-stopped + networks: +# - edge + - monitor + healthcheck: + test: ["CMD", "wget", "--spider", "-q", "http://localhost:9100/metrics"] + interval: 30s + timeout: 10s + retries: 3 diff --git a/monitoring/pihole-exporter/docker-compose.yml b/monitoring/pihole-exporter/docker-compose.yml new file mode 100644 index 0000000..408eb44 --- /dev/null +++ b/monitoring/pihole-exporter/docker-compose.yml @@ -0,0 +1,17 @@ +services: + pihole-exporter: + profiles: ["monitoring","all","prometheus-exporters"] + image: ekofr/pihole-exporter:latest + container_name: pihole-exporter +# env_file: +# - ${PROJECT_ROOT}/secrets/stack-secrets.env + environment: + PIHOLE_HOSTNAME: ${PIHOLE_HOSTNAME} + PIHOLE_PASSWORD: ${PIHOLE_PASSWORD} + PORT: ${PIHOLE_EXPORTER_PORT} + ports: + - "${PIHOLE_EXPORTER_PORT}:${PIHOLE_EXPORTER_PORT}" + restart: unless-stopped + networks: +# - edge + - monitor diff --git a/monitoring/prometheus/docker-compose.yml b/monitoring/prometheus/docker-compose.yml index f41789a..3c3b4b1 100644 --- a/monitoring/prometheus/docker-compose.yml +++ b/monitoring/prometheus/docker-compose.yml @@ -1,53 +1,4 @@ -#version: "3.8" - services: - docker-socket-proxy: - profiles: ["monitoring","all","prometheus","prometheus-exporters"] - image: tecnativa/docker-socket-proxy:latest - container_name: docker-socket-proxy - hostname: docker-socket-proxy - restart: unless-stopped - environment: - LOG_LEVEL: ${DOCKER_SOCKET_PROXY_LOG_LEVEL} - DISTRIBUTION: 1 - CONTAINERS: 1 - EVENTS: 1 - IMAGES: 1 - INFO: 1 - NETWORKS: 1 - PING: 1 - POST: 1 - AUTH: 1 - EXEC: 1 - SYSTEM: 1 - SERVICES: 1 - SWARM: 1 - NODES: 1 - SECRETS: 1 - TASKS: 1 - VERSION: 1 - VOLUMES: 1 - ALLOW_START: 1 # for better security, set to 0 - ALLOW_STOP: 1 # for better security, set to 0 - ALLOW_RESTARTS: 1 # for better security, set to 0 - BUILD: 0 - COMMIT: 0 - CONFIGS: 0 - DELETE: 1 - DISABLE_IPV6: 0 - PLUGINS: 0 - SESSION: 0 - - volumes: - - /var/run/docker.sock:/var/run/docker.sock:ro - cap_drop: - - ALL - security_opt: - - no-new-privileges:true - networks: - - monitor - - traefik - prometheus: profiles: ["monitoring","all","prometheus"] image: prom/prometheus:latest @@ -94,207 +45,3 @@ services: timeout: 10s retries: 3 start_period: 30s - -# alertmanager: -# image: prom/alertmanager:latest -# container_name: alertmanager -# command: -# - "--config.file=/etc/alertmanager/alertmanager.yml" -# volumes: -# - ./alertmanager/alertmanager.yml:/etc/alertmanager/alertmanager.yml:ro -# restart: unless-stopped -# secrets: -# - edge -# - traefik_reverse_proxy -# healthcheck: -# test: ["CMD", "wget", "--spider", "-q", "http://localhost:9093/-/healthy"] -# interval: 30s -# timeout: 10s -# retries: 3 -# start_period: 20s -# labels: -# - "traefik.http.routers.alertmanager.rule=Host(`alertmanager.lan.ddnsgeek.com`)" -# - "traefik.enable=true" -# - "traefik.http.routers.alertmanager.entrypoints=websecure" -# - "traefik.http.routers.alertmanager.tls.certresolver=myresolver" -# - "io.portainer.accesscontrol.public" -# - "traefik.http.services.alertmanager.loadbalancer.server.port=9093" -# - "traefik.http.routers.alertmanager.middlewares=authelia" -# - "traefik.docker.network=traefik_reverse_proxy" - - node-exporter: - profiles: ["monitoring","all","prometheus-exporters"] - image: prom/node-exporter:latest - container_name: node-exporter - pid: host - volumes: - - /proc:/host/proc:ro - - /sys:/host/sys:ro - - /:/rootfs:ro - command: - - "--path.procfs=/host/proc" - - "--path.sysfs=/host/sys" - - "--path.rootfs=/rootfs" - restart: unless-stopped - networks: -# - edge - - monitor - healthcheck: - test: ["CMD", "wget", "--spider", "-q", "http://localhost:9100/metrics"] - interval: 30s - timeout: 10s - retries: 3 - - - influxdb: - profiles: ["monitoring","all","prometheus"] - image: influxdb:2.7 - container_name: influxdb - restart: unless-stopped -# env_file: -# - ${PROJECT_ROOT}/secrets/stack-secrets.env - volumes: - - ${PROJECT_ROOT}/monitoring/influxdb:/var/lib/influxdb2 - environment: - DOCKER_INFLUXDB_INIT_MODE: ${INFLUXDB_INIT_MODE} - DOCKER_INFLUXDB_INIT_USERNAME: ${INFLUXDB_INIT_USERNAME} - DOCKER_INFLUXDB_INIT_PASSWORD_FILE: /run/secrets/influxdb_init_password - DOCKER_INFLUXDB_INIT_ORG: ${INFLUXDB_INIT_ORG} - DOCKER_INFLUXDB_INIT_BUCKET: ${INFLUXDB_INIT_BUCKET} - secrets: - - influxdb_init_password - networks: -# - edge -# - traefik_reverse_proxy - - traefik - - monitor - labels: - - "traefik.http.routers.influxdb.rule=Host(`influxdb.lan.ddnsgeek.com`)" - - "traefik.enable=true" - - "traefik.http.routers.influxdb.entrypoints=websecure" - - "traefik.http.routers.influxdb.tls.certresolver=myresolver" - - "io.portainer.accesscontrol.public" - - "traefik.http.services.influxdb.loadbalancer.server.port=8086" - - "traefik.http.routers.influxdb.middlewares=authelia" - - "traefik.docker.network=core_traefik" - healthcheck: - test: ["CMD-SHELL", "curl -f http://localhost:8086/health || exit 1"] - interval: 30s - timeout: 5s - retries: 3 - start_period: 10s - - telegraf: - profiles: ["monitoring","all","prometheus"] - image: telegraf:latest - container_name: telegraf - restart: unless-stopped - depends_on: - - docker-socket-proxy -# cap_drop: -# - ALL - security_opt: - - no-new-privileges:true - volumes: - - ${PROJECT_ROOT}/monitoring/telegraf/telegraf.conf:/etc/telegraf/telegraf.conf:ro - - ${PROJECT_ROOT}/monitoring/node-red/data:/var/log/node-red:ro - networks: -# - edge - - monitor - healthcheck: - test: ["CMD-SHELL", "curl -f http://localhost:9273/metrics || exit 1"] - interval: 30s - timeout: 5s - retries: 3 - start_period: 10s - - - docker-update-exporter: - profiles: ["monitoring","all","prometheus-exporters"] - build: - context: ${PROJECT_ROOT}/monitoring/docker-exporter - container_name: docker-update-exporter -# volumes: -# - /var/run/docker.sock:/var/run/docker.sock -# - ${PROJECT_ROOT}/monitoring/docker-exporter/data:/data:rw -# - ${PROJECT_ROOT}/services-up.sh:/app/services-up.sh:ro - environment: - LOG_LEVEL: ${DOCKER_EXPORTER_LOG_LEVEL} - DOCKER_HOST: ${DOCKER_SOCKET_PROXY_HOST} - depends_on: - - docker-socket-proxy - - volumes: - - ~/.docker/config.json:/root/.docker/config.json:ro - - ${PROJECT_ROOT}/monitoring/docker-exporter/data:/data:rw - - ${PROJECT_ROOT}:/compose:ro -# - ${PROJECT_ROOT}/default-environment.env:/compose/default-environment.env:ro -# - ${PROJECT_ROOT}/default-network.yml:/compose/default-network.yml:ro -# - ${PROJECT_ROOT}/core/docker-compose.yml:/compose/core/docker-compose.yml:ro -# - ${PROJECT_ROOT}/monitoring/prometheus/docker-compose.yml:/compose/monitoring/prometheus/docker-compose.yml:ro -# - ${PROJECT_ROOT}/monitoring/gotify/docker-compose.yml:/compose/monitoring/gotify/docker-compose.yml:ro -# - ${PROJECT_ROOT}/monitoring/grafana/docker-compose.yml:/compose/monitoring/grafana/docker-compose.yml:ro -# - ${PROJECT_ROOT}/monitoring/portainer/docker-compose.yml:/compose/monitoring/portainer/docker-compose.yml:ro -# - ${PROJECT_ROOT}/monitoring/uptime-kuma/docker-compose.yml:/compose/monitoring/uptime-kuma/docker-compose.yml:> -# - ${PROJECT_ROOT}/apps/gitea/docker-compose.yml:/compose/apps/gitea/docker-compose.yml:ro -# - ${PROJECT_ROOT}/apps/gramps/docker-compose.yml:/compose/apps/gramps/docker-compose.yml:ro -# - ${PROJECT_ROOT}/apps/nextcloud/docker-compose.yml:/compose/apps/nextcloud/docker-compose.yml:ro -# - ${PROJECT_ROOT}/apps/passbolt/docker-compose.yml:/compose/apps/passbolt/docker-compose.yml:ro -# - ${PROJECT_ROOT}/apps/searxng/docker-compose.yml:/compose/apps/searxng/docker-compose.yml:ro -# - ${PROJECT_ROOT}/apps/shift-recorder/docker-compose.yml:/compose/apps/shift-recorder/docker-compose.yml:ro -# - ${PROJECT_ROOT}/apps/stockfill/docker-compose.yml:/compose/apps/stockfill/docker-compose.yml:ro -# - ${PROJECT_ROOT}/monitoring/node-red/docker-compose.yml:/compose/monitoring/node-red/docker-compose.yml:ro -# - ${PROJECT_ROOT}/core/test/docker-compose.yml:/compose/core/test/docker-compose.yml:ro - - -# ports: -# - "9105:9105" - restart: unless-stopped - cap_drop: - - ALL - security_opt: - - no-new-privileges:true - networks: -# - edge - - monitor - healthcheck: - test: ["CMD", "python", "-c", "import urllib.request; urllib.request.urlopen('http://localhost:9105/metrics')"] - interval: 30s - timeout: 5s - retries: 3 - start_period: 10s - - pihole-exporter: - profiles: ["monitoring","all","prometheus-exporters"] - image: ekofr/pihole-exporter:latest - container_name: pihole-exporter -# env_file: -# - ${PROJECT_ROOT}/secrets/stack-secrets.env - environment: - PIHOLE_HOSTNAME: ${PIHOLE_HOSTNAME} - PIHOLE_PASSWORD: ${PIHOLE_PASSWORD} - PORT: ${PIHOLE_EXPORTER_PORT} - ports: - - "${PIHOLE_EXPORTER_PORT}:${PIHOLE_EXPORTER_PORT}" - restart: unless-stopped - networks: -# - edge - - monitor - - - -#networks: -# internal: -# internal: true -# edge: -# internal: false - -# traefik_reverse_proxy: -# external: true - - - - -secrets: - influxdb_init_password: - file: ${PROJECT_ROOT}/secrets/influxdb_init_password.txt diff --git a/monitoring/telegraf/docker-compose.yml b/monitoring/telegraf/docker-compose.yml new file mode 100644 index 0000000..eff9da9 --- /dev/null +++ b/monitoring/telegraf/docker-compose.yml @@ -0,0 +1,24 @@ +services: + telegraf: + profiles: ["monitoring","all","prometheus"] + image: telegraf:latest + container_name: telegraf + restart: unless-stopped + depends_on: + - docker-socket-proxy +# cap_drop: +# - ALL + security_opt: + - no-new-privileges:true + volumes: + - ${PROJECT_ROOT}/monitoring/telegraf/telegraf.conf:/etc/telegraf/telegraf.conf:ro + - ${PROJECT_ROOT}/monitoring/node-red/data:/var/log/node-red:ro + networks: +# - edge + - monitor + healthcheck: + test: ["CMD-SHELL", "curl -f http://localhost:9273/metrics || exit 1"] + interval: 30s + timeout: 5s + retries: 3 + start_period: 10s diff --git a/services-up.sh b/services-up.sh index b7b45cb..7603ae8 100755 --- a/services-up.sh +++ b/services-up.sh @@ -16,6 +16,7 @@ while IFS= read -r file; do FILES+=(-f "$file") done < <( find "$PROJECT_ROOT/apps" "$PROJECT_ROOT/monitoring" "$PROJECT_ROOT/core" \ + -maxdepth 2 \ -type f \ \( -name 'docker-compose.yml' -o -name 'docker-compose.yaml' \) \ 2>/dev/null \