121 lines
3.6 KiB
Nix
121 lines
3.6 KiB
Nix
{
|
|
project.name = "stats";
|
|
|
|
networks.dmz = {
|
|
name = "dmz";
|
|
external = true;
|
|
};
|
|
networks.internal = {};
|
|
|
|
services = {
|
|
grafana.service = {
|
|
image = "grafana/grafana:10.4.4";
|
|
user = "1000";
|
|
container_name = "grafana";
|
|
labels = {
|
|
"traefik.enable" = "true";
|
|
|
|
"traefik.http.services.grafana.loadbalancer.server.port" = "3000";
|
|
"traefik.http.routers.grafana.service" = "grafana";
|
|
"traefik.http.routers.grafana.rule" = "Host(`grafana.ghoscht.com`)";
|
|
"traefik.http.routers.grafana.entrypoints" = "websecure";
|
|
"traefik.http.routers.grafana.tls" = "true";
|
|
"traefik.http.routers.grafana.tls.certresolver" = "letsencrypt";
|
|
};
|
|
environment = {
|
|
GF_SERVER_ROOT_URL = "https://grafana.ghoscht.com";
|
|
|
|
GF_AUTH_GENERIC_OAUTH_NAME = "authentik";
|
|
GF_AUTH_GENERIC_OAUTH_ENABLED = "true";
|
|
GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP = "true";
|
|
GF_AUTH_GENERIC_OAUTH_SCOPES = "openid profile email";
|
|
GF_AUTH_GENERIC_OAUTH_AUTH_URL = "https://auth.ghoscht.com/application/o/authorize/";
|
|
GF_AUTH_GENERIC_OAUTH_TOKEN_URL = "https://auth.ghoscht.com/application/o/token/";
|
|
GF_AUTH_GENERIC_OAUTH_API_URL = "https://auth.ghoscht.com/application/o/userinfo/";
|
|
|
|
# GF_AUTH_OAUTH_AUTO_LOGIN = "true";
|
|
};
|
|
env_file = [
|
|
"/home/ghoscht/.docker/stats/grafana.env"
|
|
];
|
|
volumes = [
|
|
"/home/ghoscht/.docker/stats/grafana_data:/var/lib/grafana"
|
|
];
|
|
networks = [
|
|
"dmz"
|
|
"internal"
|
|
];
|
|
};
|
|
loki.service = {
|
|
image = "grafana/loki:3.0.0";
|
|
volumes = [
|
|
"/home/ghoscht/.docker/stats/loki_data:/etc/loki"
|
|
];
|
|
ports = [
|
|
"3100:3100"
|
|
];
|
|
command = "-config.file=/etc/loki/loki-config.yml";
|
|
networks = [
|
|
"internal"
|
|
];
|
|
};
|
|
promtail.service = {
|
|
image = "grafana/promtail:3.0.0";
|
|
volumes = [
|
|
"/var/log:/var/log"
|
|
"/var/run/docker.sock:/var/run/docker.sock:ro"
|
|
"/home/ghoscht/.docker/stats/promtail_data/promtail-config.yml:/etc/promtail/promtail-config.yml"
|
|
];
|
|
command = "-config.file=/etc/promtail/promtail-config.yml";
|
|
networks = [
|
|
"internal"
|
|
];
|
|
};
|
|
prometheus.service = {
|
|
image = "prom/prometheus:v2.53.0";
|
|
volumes = [
|
|
"/home/ghoscht/.docker/stats/prometheus_config/prometheus.yml:/etc/prometheus/prometheus.yml"
|
|
"/home/ghoscht/.docker/stats/prometheus_data:/prometheus"
|
|
];
|
|
command = [
|
|
"--config.file=/etc/prometheus/prometheus.yml"
|
|
"--web.console.libraries=/etc/prometheus/console_libraries"
|
|
"--web.console.templates=/etc/prometheus/consoles"
|
|
];
|
|
networks = [
|
|
"internal"
|
|
];
|
|
};
|
|
node-exporter.service = {
|
|
image = "prom/node-exporter:v1.8.1";
|
|
volumes = [
|
|
"/proc:/host/proc:ro"
|
|
"/sys:/host/sys:ro"
|
|
"/:/rootfs:ro"
|
|
];
|
|
command = [
|
|
"--path.procfs=/host/proc"
|
|
"--path.rootfs=/rootfs"
|
|
"--path.sysfs=/host/sys"
|
|
"--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)"
|
|
];
|
|
networks = [
|
|
"internal"
|
|
];
|
|
};
|
|
# cadvisor.service = {
|
|
# image = "gcr.io/cadvisor/cadvisor:v0.49.1";
|
|
# volumes = [
|
|
# "/:/rootfs:ro"
|
|
# "/var/run:/var/run:ro"
|
|
# "/sys:/sys:ro"
|
|
# "/var/lib/docker:/var/lib/docker:ro"
|
|
# "/dev/disk:/dev/disk:ro"
|
|
# ];
|
|
# devices = ["/dev/kmsg"];
|
|
# networks = [
|
|
# "internal"
|
|
# ];
|
|
# };
|
|
};
|
|
}
|