# vi: ft=yaml version: "3.8" networks: traefik: external: true grafana: configs: esdatasource: external: true name: "{{ esdatasource.config_name }}" fluentconf: external: true name: "{{ fluentconf.config_name }}" volumes: escerts: driver_opts: type: "nfs" o: "addr=192.168.30.10,nolock,soft,rw" device: ":/mnt/data/elasticsearch/certs" esdata: driver_opts: type: "nfs" o: "addr=192.168.30.10,nolock,soft,rw" device: ":/mnt/data/elasticsearch/data" grafanadata: driver_opts: type: "nfs" o: "addr=192.168.30.10,nolock,soft,rw" device: ":/mnt/data/grafana/data" services: elasticsearch: image: docker.elastic.co/elasticsearch/elasticsearch:8.8.1 volumes: - type: volume source: escerts target: /usr/share/elasticsearch/config/certs volume: nocopy: true - type: volume source: esdata target: /usr/share/elasticsearch/data volume: nocopy: true ports: - {{ elasticsearch_port }}:9200 environment: - node.name=es01 - cluster.name=shoarma - discovery.type=single-node - bootstrap.memory_lock=true - xpack.security.enabled=false - xpack.security.http.ssl.enabled=false - xpack.security.http.ssl.key=certs/es01/es01.key - xpack.security.http.ssl.certificate=certs/es01/es01.crt - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt - xpack.security.transport.ssl.enabled=false - xpack.security.transport.ssl.key=certs/es01/es01.key - xpack.security.transport.ssl.certificate=certs/es01/es01.crt - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt - xpack.security.transport.ssl.verification_mode=certificate - xpack.license.self_generated.type=basic ulimits: memlock: soft: -1 hard: -1 healthcheck: test: [ "CMD-SHELL", "curl http://localhost:9200 | grep -q 'You Know, for Search'", ] interval: 10s timeout: 10s retries: 120 grafana: image: grafana/grafana-oss depends_on: - elasticsearch networks: - traefik - grafana deploy: labels: - traefik.enable=true - traefik.http.routers.grafana.entrypoints=localsecure - traefik.http.routers.grafana.rule=Host(`grafana.kun.is`) - traefik.http.routers.grafana.tls=true - traefik.http.routers.grafana.tls.certresolver=letsencrypt - traefik.http.routers.grafana.service=grafana - traefik.http.services.grafana.loadbalancer.server.port=3000 - traefik.docker.network=traefik volumes: - type: volume source: grafanadata target: /var/lib/grafana volume: nocopy: true configs: - source: esdatasource target: /etc/grafana/provisioning/datasources/elasticsearch.yaml grafana-ntfy: image: kittyandrew/grafana-to-ntfy:master depends_on: - grafana ports: - 8080:8080 networks: grafana: aliases: - grafana-ntfy environment: - NTFY_URL=https://ntfy.kun.is/alerts - NTFY_BAUTH_USER=pim - NTFY_BAUTH_PASS={{ ntfy_password }} - BAUTH_USER=admin - BAUTH_PASS=test fluentd: image: git.kun.is/pim/fluentd:1.0.2 depends_on: - elasticsearch ports: - {{ fluent_forward_port }}:24224 configs: - source: fluentconf target: /fluentd/etc/fluent.conf