141 lines
4.7 KiB
YAML
141 lines
4.7 KiB
YAML
services:
|
|
prometheus:
|
|
container_name: prometheus
|
|
image: prom/prometheus:latest
|
|
restart: unless-stopped
|
|
user: root
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.prom.rule=Host(`prometheus.bhasher.com`)"
|
|
- "traefik.http.routers.prom.entrypoints=internalsecure"
|
|
- "traefik.http.services.prom.loadbalancer.server.port=9090"
|
|
- "traefik.http.routers.prom.tls=true"
|
|
- "traefik.http.routers.prom.tls.certresolver=http"
|
|
- "traefik.http.routers.prom.middlewares=authelia@docker"
|
|
extra_hosts:
|
|
- "host.docker.internal:host-gateway"
|
|
volumes:
|
|
- $CONFIG/monitoring/prometheus.yaml:/etc/prometheus/prometheus.yml:ro
|
|
- $DATA/monitoring/prometheus:/prometheus
|
|
- /etc/localtime:/etc/localtime:ro
|
|
networks:
|
|
- monitoring
|
|
- external
|
|
|
|
grafana:
|
|
container_name: grafana
|
|
image: grafana/grafana
|
|
restart: unless-stopped
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.grafana.rule=Host(`grafana.bhasher.com`)"
|
|
- "traefik.http.routers.grafana.entrypoints=internalsecure"
|
|
- "traefik.http.services.grafana.loadbalancer.server.port=3000"
|
|
- "traefik.http.routers.grafana.tls=true"
|
|
- "traefik.http.routers.grafana.tls.certresolver=http"
|
|
environment:
|
|
- GF_SERVER_ROOT_URL=https://grafana.bhasher.com
|
|
- GF_SMTP_ENABLED=true
|
|
- GF_SMTP_HOST=bdubois.io:465
|
|
- GF_SMTP_USER=${SMTP_USER}
|
|
- GF_SMTP_PASSWORD=${SMTP_PASSWORD}
|
|
- GF_SMTP_FROM_ADDRESS=grafana@bhasher.com
|
|
- GF_AUTH_LOGIN_DISABLE_LOGIN_FORM=true
|
|
- GF_AUTH_DISABLE_SIGNOUT_MENU=true
|
|
- GF_AUTH_OAUTH_AUTO_LOGIN=true
|
|
- GF_AUTH_GENERIC_OAUTH_ENABLED=true
|
|
- GF_AUTH_GENERIC_OAUTH_ICON=signin
|
|
- GF_AUTH_GENERIC_OAUTH_NAME=Authelia
|
|
- GF_AUTH_GENERIC_OAUTH_CLIENT_ID=grafana
|
|
- GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=${GRAFANA_OAUTH}
|
|
- GF_AUTH_GENERIC_OAUTH_SCOPES=openid profile email groups
|
|
- GF_AUTH_GENERIC_OAUTH_EMPTY_SCOPES=false
|
|
- GF_AUTH_GENERIC_OAUTH_AUTH_URL=https://idp.bhasher.com/api/oidc/authorization
|
|
- GF_AUTH_GENERIC_OAUTH_TOKEN_URL=https://idp.bhasher.com/api/oidc/token
|
|
- GF_AUTH_GENERIC_OAUTH_API_URL=https://idp.bhasher.com/api/oidc/userinfo
|
|
- GF_AUTH_GENERIC_OAUTH_LOGIN_ATTRIBUTE_PATH=preferred_username
|
|
- GF_AUTH_GENERIC_OAUTH_GROUPS_ATTRIBUTE_PATH=groups
|
|
- GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE_PATH=name
|
|
- GF_AUTH_GENERIC_OAUTH_USE_PKCE=false
|
|
- GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH=contains(roles[*], 'admin') && 'Admin' || 'Viewer'
|
|
- GF_AUTH_GENERIC_OAUTH_GROUPS_PATH=groups
|
|
- GF_AUTH_GENERIC_OAUTH_ALLOWED_GROUPS=admin
|
|
- GF_AUTH_OAUTH_ALLOW_INSECURE_EMAIL_LOOKUP=true
|
|
volumes:
|
|
- $DATA/monitoring/grafana:/var/lib/grafana
|
|
- /etc/localtime:/etc/localtime:ro
|
|
networks:
|
|
- external
|
|
- monitoring
|
|
|
|
cadvisor:
|
|
container_name: cadvisor
|
|
image: gcr.io/cadvisor/cadvisor:v0.47.0 #v0.47.1
|
|
volumes:
|
|
- /:/rootfs:ro
|
|
- /var/run:/var/run:rw
|
|
- /sys:/sys:ro
|
|
- /var/lib/docker/:/var/lib/docker:ro
|
|
- /etc/localtime:/etc/localtime:ro
|
|
- /etc/machine-id:/etc/machine-id:ro
|
|
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id:ro
|
|
- /dev/disk/:/dev/disk:ro
|
|
restart: always
|
|
command:
|
|
- "--housekeeping_interval=60s"
|
|
- "--docker_only=true"
|
|
- "--store_container_labels=false"
|
|
- "--disable_metrics=percpu,sched,tcp,udp,disk,diskIO,hugetlb,referenced_memory,cpu_topology,resctrl"
|
|
networks:
|
|
- monitoring
|
|
devices:
|
|
- /dev/kmsg
|
|
healthcheck:
|
|
test: wget --quiet --tries=1 --spider http://localhost:8080/healthz || exit 1
|
|
interval: 15s
|
|
timeout: 15s
|
|
retries: 5
|
|
start_period: 30s
|
|
|
|
node-exporter:
|
|
container_name: node-exporter
|
|
image: quay.io/prometheus/node-exporter:latest
|
|
volumes:
|
|
- /proc:/host/proc:ro
|
|
- /sys:/host/sys:ro
|
|
- /:/rootfs:ro
|
|
- /:/host:ro,rslave
|
|
- /etc/localtime:/etc/localtime:ro
|
|
command:
|
|
- '--path.rootfs=/host'
|
|
- '--path.procfs=/host/proc'
|
|
- '--path.sysfs=/host/sys'
|
|
- '--collector.filesystem.ignored-mount-points'
|
|
- "^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/)"
|
|
restart: always
|
|
networks:
|
|
- monitoring
|
|
|
|
mikrotik:
|
|
container_name: mikrotik
|
|
image: ogi4i/mikrotik-exporter:latest
|
|
#image: nshttpd/mikrotik-exporter-linux-arm64:1.0.12-DEVEL
|
|
command:
|
|
- -config-file
|
|
- /config.yaml
|
|
restart: unless-stopped
|
|
environment:
|
|
- CONFIG_FILE=/config.yaml
|
|
volumes:
|
|
- $CONFIG/monitoring/mikrotik.yaml:/config.yaml:ro
|
|
- /etc/localtime:/etc/localtime:ro
|
|
networks:
|
|
- monitoring
|
|
|
|
|
|
networks:
|
|
monitoring:
|
|
name: monitoring
|
|
external:
|
|
external: true
|