add prometheus

don't publish traefik api
This commit is contained in:
Pim Kunis 2023-02-07 22:54:07 +01:00
parent 68981f3f66
commit 9cc5fba042
12 changed files with 68 additions and 11 deletions

View file

@ -22,6 +22,7 @@ All services below are running under Docker, except NSD and Borg.
- Jitsi Meet (https://meet.jit.si)
- Backups using [Borg](https://www.borgbackup.org/) and [Borgmatic](https://torsion.org/borgmatic/)
- RSS feed reader using [FreshRSS](https://miniflux.app/)
- Metrics using [Prometheus](https://prometheus.io/)
## Possible future services
@ -34,9 +35,9 @@ All services below are running under Docker, except NSD and Borg.
## TODO
- Clear view of what services + which versions we are running. This way, we can track security updates better.
- Delegate pim.kunis.nl to my server
- Host tobb website?
- Move from Ubuntu to Debian
- move to pim.kunis.nl
### NSD

View file

@ -2,3 +2,5 @@ base_data_dir: /data
base_service_dir: /srv
jitsi_videobridge_port: 54562
git_ssh_port: 56287
prometheus_port: 8081
traefik_api_port: 8080

View file

@ -14,6 +14,7 @@
- {role: 'freshrss', tags: 'freshrss'}
- {role: 'blog', tags: 'blog'}
- {role: 'inbucket', tags: 'inbucket'}
- {role: 'prometheus', tags: 'prometheus'}
- name: Setup dataserver
hosts: dataserver
roles:

View file

@ -24,7 +24,7 @@ services:
- traefik.http.routers.forgejo.rule=Host(`git.pizzapim.nl`)
- traefik.http.routers.forgejo.tls=true
- traefik.http.routers.forgejo.tls.certresolver=pizzapim
- traefik.tcp.routers.forgejo.service=forgejo
- traefik.http.routers.forgejo.service=forgejo
- traefik.http.services.forgejo.loadbalancer.server.port=3000
- traefik.tcp.routers.forgejo-ssh.rule=HostSNI(`*`)

View file

@ -1,7 +1,7 @@
$ORIGIN pizzapim.nl.
$TTL 60
pizzapim.nl. IN SOA ns.pizzapim.nl. pim.kunis.nl. 2023012200 1800 3600 1209600 3600
pizzapim.nl. IN SOA ns.pizzapim.nl. pim.kunis.nl. 2023020701 1800 3600 1209600 3600
NS ns.pizzapim.nl.
NS ns0.transip.net.
@ -18,10 +18,8 @@ www IN A 84.245.14.149
AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
ns IN A 84.245.14.149
AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
cloud IN CNAME www.pizzapim.nl.
social IN CNAME www.pizzapim.nl.
dav IN CNAME www.pizzapim.nl.
git IN CNAME www.pizzapim.nl.
meet IN CNAME www.pizzapim.nl.
rss IN CNAME www.pizzapim.nl.
traefik IN CNAME www.pizzapim.nl.

View file

@ -0,0 +1,3 @@
dependencies:
- role: common
- role: docker

View file

@ -0,0 +1,19 @@
- name: Create app directory
file:
path: "{{ service_dir }}"
state: directory
- name: Copy Docker Compose script
template:
src: "{{ role_path }}/templates/docker-compose.yml.j2"
dest: "{{ service_dir }}/docker-compose.yml"
- name: Copy prometheus.yml
template:
src: "{{ role_path }}/templates/prometheus.yml.j2"
dest: "{{ service_dir }}/prometheus.yml"
register: config
- name: Start Docker Compose
docker_compose:
project_src: "{{ service_dir }}"
pull: true
remove_orphans: true
restarted: "{{ config.changed }}"

View file

@ -0,0 +1,13 @@
version: "3.8"
services:
prometheus:
image: prom/prometheus
container_name: prometheus
restart: always
volumes:
- "{{ service_dir }}/prometheus.yml:/etc/prometheus/prometheus.yml"
extra_hosts:
- "host.docker.internal:host-gateway"
ports:
- "{{ prometheus_port }}:9090"

View file

@ -0,0 +1,14 @@
global:
scrape_interval: 15s
scrape_configs:
- job_name: 'prometheus'
scrape_interval: 5s
static_configs:
- targets: ['localhost:9090']
- job_name: 'traefik'
scrape_interval: 5s
static_configs:
- targets: ['host.docker.internal:{{ traefik_api_port }}']

View file

@ -0,0 +1,3 @@
service_name: prometheus
data_dir: "{{ base_data_dir }}/{{ service_name }}"
service_dir: "{{ base_service_dir }}/{{ service_name }}"

View file

@ -13,6 +13,7 @@ services:
- "443:443"
- "80:80"
- "{{ git_ssh_port }}:{{ git_ssh_port }}"
- "{{ traefik_api_port }}:{{ traefik_api_port }}"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- {{ service_dir }}/traefik.toml:/etc/traefik/traefik.toml
@ -29,10 +30,6 @@ services:
- traefik.http.routers.esrom.tls=true
- traefik.http.routers.esrom.tls.certresolver=geokunis
- traefik.http.routers.traefik.rule=Host(`traefik.pizzapim.nl`)
- traefik.http.routers.traefik.entrypoints=websecure
- traefik.http.routers.traefik.tls=true
- traefik.http.routers.traefik.tls.certresolver=pizzapim
- traefik.http.routers.traefik.rule=Host(`max.lan`)
- traefik.http.routers.traefik.entrypoints=internal
- traefik.http.routers.traefik.service=api@internal
- traefik.http.routers.traefik.middlewares=whitelist-local
- "traefik.http.middlewares.whitelist-local.ipwhitelist.sourcerange=127.0.0.1/32,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,::1,fc00::/7"

View file

@ -13,11 +13,17 @@ loglevel = "DEBUG"
address = ":{{ git_ssh_port }}"
[entryPoints.video]
address = ":{{ jitsi_videobridge_port }}/udp"
[entryPoints.internal]
address = ":{{ traefik_api_port }}"
[api]
insecure = false
dashboard = true
[metrics]
[metrics.prometheus]
entryPoint = "internal"
[providers.docker]
endpoint = "unix:///var/run/docker.sock"