Compare commits

..

2 commits

Author SHA1 Message Date
c5ad2aab9f Merge branch 'master' of ssh://git.pizzapim.nl:56287/pim/homeservers 2023-02-07 22:55:19 +01:00
9cc5fba042 add prometheus
don't publish traefik api
2023-02-07 22:54:07 +01:00
12 changed files with 69 additions and 12 deletions

View file

@ -22,6 +22,7 @@ All services below are running under Docker, except NSD and Borg.
- Jitsi Meet (https://meet.jit.si)
- Backups using [Borg](https://www.borgbackup.org/) and [Borgmatic](https://torsion.org/borgmatic/)
- RSS feed reader using [FreshRSS](https://miniflux.app/)
- Metrics using [Prometheus](https://prometheus.io/)
## Possible future services
@ -34,12 +35,12 @@ All services below are running under Docker, except NSD and Borg.
## TODO
- Clear view of what services + which versions we are running. This way, we can track security updates better.
- Delegate pim.kunis.nl to my server
- Host tobb website?
- Move from Ubuntu to Debian
- move to pim.kunis.nl
- security.txt
- Podman
- Remove watchtower with Podman features
- Replace watchtower with Podman features
### NSD

View file

@ -2,3 +2,5 @@ base_data_dir: /data
base_service_dir: /srv
jitsi_videobridge_port: 54562
git_ssh_port: 56287
prometheus_port: 8081
traefik_api_port: 8080

View file

@ -15,6 +15,7 @@
- {role: 'freshrss', tags: 'freshrss'}
- {role: 'blog', tags: 'blog'}
- {role: 'inbucket', tags: 'inbucket'}
- {role: 'prometheus', tags: 'prometheus'}
- name: Setup dataserver
hosts: dataserver
roles:

View file

@ -24,7 +24,7 @@ services:
- traefik.http.routers.forgejo.rule=Host(`git.pizzapim.nl`)
- traefik.http.routers.forgejo.tls=true
- traefik.http.routers.forgejo.tls.certresolver=pizzapim
- traefik.tcp.routers.forgejo.service=forgejo
- traefik.http.routers.forgejo.service=forgejo
- traefik.http.services.forgejo.loadbalancer.server.port=3000
- traefik.tcp.routers.forgejo-ssh.rule=HostSNI(`*`)

View file

@ -1,7 +1,7 @@
$ORIGIN pizzapim.nl.
$TTL 60
pizzapim.nl. IN SOA ns.pizzapim.nl. pim.kunis.nl. 2023012200 1800 3600 1209600 3600
pizzapim.nl. IN SOA ns.pizzapim.nl. pim.kunis.nl. 2023020701 1800 3600 1209600 3600
NS ns.pizzapim.nl.
NS ns0.transip.net.
@ -18,10 +18,8 @@ www IN A 84.245.14.149
AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
ns IN A 84.245.14.149
AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
cloud IN CNAME www.pizzapim.nl.
social IN CNAME www.pizzapim.nl.
dav IN CNAME www.pizzapim.nl.
git IN CNAME www.pizzapim.nl.
meet IN CNAME www.pizzapim.nl.
rss IN CNAME www.pizzapim.nl.
traefik IN CNAME www.pizzapim.nl.

View file

@ -0,0 +1,3 @@
dependencies:
- role: common
- role: docker

View file

@ -0,0 +1,19 @@
- name: Create app directory
file:
path: "{{ service_dir }}"
state: directory
- name: Copy Docker Compose script
template:
src: "{{ role_path }}/templates/docker-compose.yml.j2"
dest: "{{ service_dir }}/docker-compose.yml"
- name: Copy prometheus.yml
template:
src: "{{ role_path }}/templates/prometheus.yml.j2"
dest: "{{ service_dir }}/prometheus.yml"
register: config
- name: Start Docker Compose
docker_compose:
project_src: "{{ service_dir }}"
pull: true
remove_orphans: true
restarted: "{{ config.changed }}"

View file

@ -0,0 +1,13 @@
version: "3.8"
services:
prometheus:
image: prom/prometheus
container_name: prometheus
restart: always
volumes:
- "{{ service_dir }}/prometheus.yml:/etc/prometheus/prometheus.yml"
extra_hosts:
- "host.docker.internal:host-gateway"
ports:
- "{{ prometheus_port }}:9090"

View file

@ -0,0 +1,14 @@
global:
scrape_interval: 15s
scrape_configs:
- job_name: 'prometheus'
scrape_interval: 5s
static_configs:
- targets: ['localhost:9090']
- job_name: 'traefik'
scrape_interval: 5s
static_configs:
- targets: ['host.docker.internal:{{ traefik_api_port }}']

View file

@ -0,0 +1,3 @@
service_name: prometheus
data_dir: "{{ base_data_dir }}/{{ service_name }}"
service_dir: "{{ base_service_dir }}/{{ service_name }}"

View file

@ -13,6 +13,7 @@ services:
- "443:443"
- "80:80"
- "{{ git_ssh_port }}:{{ git_ssh_port }}"
- "{{ traefik_api_port }}:{{ traefik_api_port }}"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- {{ service_dir }}/traefik.toml:/etc/traefik/traefik.toml
@ -29,10 +30,6 @@ services:
- traefik.http.routers.esrom.tls=true
- traefik.http.routers.esrom.tls.certresolver=geokunis
- traefik.http.routers.traefik.rule=Host(`traefik.pizzapim.nl`)
- traefik.http.routers.traefik.entrypoints=websecure
- traefik.http.routers.traefik.tls=true
- traefik.http.routers.traefik.tls.certresolver=pizzapim
- traefik.http.routers.traefik.rule=Host(`max.lan`)
- traefik.http.routers.traefik.entrypoints=internal
- traefik.http.routers.traefik.service=api@internal
- traefik.http.routers.traefik.middlewares=whitelist-local
- "traefik.http.middlewares.whitelist-local.ipwhitelist.sourcerange=127.0.0.1/32,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,::1,fc00::/7"

View file

@ -13,11 +13,17 @@ loglevel = "DEBUG"
address = ":{{ git_ssh_port }}"
[entryPoints.video]
address = ":{{ jitsi_videobridge_port }}/udp"
[entryPoints.internal]
address = ":{{ traefik_api_port }}"
[api]
insecure = false
dashboard = true
[metrics]
[metrics.prometheus]
entryPoint = "internal"
[providers.docker]
endpoint = "unix:///var/run/docker.sock"