{ project.name = "stats"; networks.dmz = { name = "dmz"; external = true; }; networks.internal = {}; services = { grafana.service = { image = "grafana/grafana:10.4.4"; user = "1000"; container_name = "grafana"; labels = { "traefik.enable" = "true"; "traefik.http.services.grafana.loadbalancer.server.port" = "3000"; "traefik.http.routers.grafana.service" = "grafana"; "traefik.http.routers.grafana.rule" = "Host(`grafana.ghoscht.com`)"; "traefik.http.routers.grafana.entrypoints" = "websecure"; "traefik.http.routers.grafana.tls" = "true"; "traefik.http.routers.grafana.tls.certresolver" = "letsencrypt"; }; environment = { GF_SERVER_ROOT_URL = "https://grafana.ghoscht.com"; GF_AUTH_GENERIC_OAUTH_NAME = "authentik"; GF_AUTH_GENERIC_OAUTH_ENABLED = "true"; GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP = "true"; GF_AUTH_GENERIC_OAUTH_SCOPES = "openid profile email"; GF_AUTH_GENERIC_OAUTH_AUTH_URL = "https://auth.ghoscht.com/application/o/authorize/"; GF_AUTH_GENERIC_OAUTH_TOKEN_URL = "https://auth.ghoscht.com/application/o/token/"; GF_AUTH_GENERIC_OAUTH_API_URL = "https://auth.ghoscht.com/application/o/userinfo/"; # GF_AUTH_OAUTH_AUTO_LOGIN = "true"; }; env_file = [ "/home/ghoscht/.docker/stats/grafana.env" ]; volumes = [ "/home/ghoscht/.docker/stats/grafana_data:/var/lib/grafana" ]; networks = [ "dmz" "internal" ]; }; loki.service = { image = "grafana/loki:3.0.0"; volumes = [ "/home/ghoscht/.docker/stats/loki_data:/etc/loki" ]; ports = [ "3100:3100" ]; command = "-config.file=/etc/loki/loki-config.yml"; networks = [ "internal" ]; }; promtail.service = { image = "grafana/promtail:3.0.0"; volumes = [ "/var/log:/var/log" "/var/run/docker.sock:/var/run/docker.sock:ro" "/home/ghoscht/.docker/stats/promtail_data/promtail-config.yml:/etc/promtail/promtail-config.yml" ]; command = "-config.file=/etc/promtail/promtail-config.yml"; networks = [ "internal" ]; }; prometheus.service = { image = "prom/prometheus:v2.53.0"; volumes = [ "/home/ghoscht/.docker/stats/prometheus_config/prometheus.yml:/etc/prometheus/prometheus.yml" "/home/ghoscht/.docker/stats/prometheus_data:/prometheus" ]; command = [ "--config.file=/etc/prometheus/prometheus.yml" "--web.console.libraries=/etc/prometheus/console_libraries" "--web.console.templates=/etc/prometheus/consoles" ]; networks = [ "internal" ]; }; node-exporter.service = { image = "prom/node-exporter:v1.8.1"; volumes = [ "/proc:/host/proc:ro" "/sys:/host/sys:ro" "/:/rootfs:ro" ]; command = [ "--path.procfs=/host/proc" "--path.rootfs=/rootfs" "--path.sysfs=/host/sys" "--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)" ]; networks = [ "internal" ]; }; # cadvisor.service = { # image = "gcr.io/cadvisor/cadvisor:v0.49.1"; # volumes = [ # "/:/rootfs:ro" # "/var/run:/var/run:ro" # "/sys:/sys:ro" # "/var/lib/docker:/var/lib/docker:ro" # "/dev/disk:/dev/disk:ro" # ]; # devices = ["/dev/kmsg"]; # networks = [ # "internal" # ]; # }; }; }