nix-config/hosts/franz/arion/stats/arion-compose.nix

121 lines
3.6 KiB
Nix

{
project.name = "stats";
networks.dmz = {
name = "dmz";
external = true;
};
networks.internal = {};
services = {
grafana.service = {
image = "grafana/grafana:10.4.4";
user = "1000";
container_name = "grafana";
labels = {
"traefik.enable" = "true";
"traefik.http.services.grafana.loadbalancer.server.port" = "3000";
"traefik.http.routers.grafana.service" = "grafana";
"traefik.http.routers.grafana.rule" = "Host(`grafana.ghoscht.com`)";
"traefik.http.routers.grafana.entrypoints" = "websecure";
"traefik.http.routers.grafana.tls" = "true";
"traefik.http.routers.grafana.tls.certresolver" = "letsencrypt";
};
environment = {
GF_SERVER_ROOT_URL = "https://grafana.ghoscht.com";
GF_AUTH_GENERIC_OAUTH_NAME = "authentik";
GF_AUTH_GENERIC_OAUTH_ENABLED = "true";
GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP = "true";
GF_AUTH_GENERIC_OAUTH_SCOPES = "openid profile email";
GF_AUTH_GENERIC_OAUTH_AUTH_URL = "https://auth.ghoscht.com/application/o/authorize/";
GF_AUTH_GENERIC_OAUTH_TOKEN_URL = "https://auth.ghoscht.com/application/o/token/";
GF_AUTH_GENERIC_OAUTH_API_URL = "https://auth.ghoscht.com/application/o/userinfo/";
# GF_AUTH_OAUTH_AUTO_LOGIN = "true";
};
env_file = [
"/home/ghoscht/.docker/stats/grafana.env"
];
volumes = [
"/home/ghoscht/.docker/stats/grafana_data:/var/lib/grafana"
];
networks = [
"dmz"
"internal"
];
};
loki.service = {
image = "grafana/loki:3.0.0";
volumes = [
"/home/ghoscht/.docker/stats/loki_data:/etc/loki"
];
ports = [
"3100:3100"
];
command = "-config.file=/etc/loki/loki-config.yml";
networks = [
"internal"
];
};
promtail.service = {
image = "grafana/promtail:3.0.0";
volumes = [
"/var/log:/var/log"
"/var/run/docker.sock:/var/run/docker.sock:ro"
"/home/ghoscht/.docker/stats/promtail_data/promtail-config.yml:/etc/promtail/promtail-config.yml"
];
command = "-config.file=/etc/promtail/promtail-config.yml";
networks = [
"internal"
];
};
prometheus.service = {
image = "prom/prometheus:v2.53.0";
volumes = [
"/home/ghoscht/.docker/stats/prometheus_config/prometheus.yml:/etc/prometheus/prometheus.yml"
"/home/ghoscht/.docker/stats/prometheus_data:/prometheus"
];
command = [
"--config.file=/etc/prometheus/prometheus.yml"
"--web.console.libraries=/etc/prometheus/console_libraries"
"--web.console.templates=/etc/prometheus/consoles"
];
networks = [
"internal"
];
};
node-exporter.service = {
image = "prom/node-exporter:v1.8.1";
volumes = [
"/proc:/host/proc:ro"
"/sys:/host/sys:ro"
"/:/rootfs:ro"
];
command = [
"--path.procfs=/host/proc"
"--path.rootfs=/rootfs"
"--path.sysfs=/host/sys"
"--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)"
];
networks = [
"internal"
];
};
# cadvisor.service = {
# image = "gcr.io/cadvisor/cadvisor:v0.49.1";
# volumes = [
# "/:/rootfs:ro"
# "/var/run:/var/run:ro"
# "/sys:/sys:ro"
# "/var/lib/docker:/var/lib/docker:ro"
# "/dev/disk:/dev/disk:ro"
# ];
# devices = ["/dev/kmsg"];
# networks = [
# "internal"
# ];
# };
};
}