diff --git a/main.tf b/main.tf index 312e21f..d94433b 100644 --- a/main.tf +++ b/main.tf @@ -24,13 +24,13 @@ module "docker" { domain = "bb8.fun" } - module "radicale" { source = "radicale" domain = "radicale.bb8.fun" } module "monitoring" { - source = "monitoring" + source = "monitoring" gf-security-admin-password = "${var.gf-security-admin-password}" + domain = "bb8.fun" } diff --git a/monitoring/config/prometheus.yml b/monitoring/config/prometheus.yml index f531679..85b0d8f 100644 --- a/monitoring/config/prometheus.yml +++ b/monitoring/config/prometheus.yml @@ -11,7 +11,12 @@ scrape_configs: - job_name: "node" scrape_interval: 5s static_configs: - - targets: ["node_exporter:9100"] + - targets: ["nodeexporter:9100"] + + - job_name: 'cadvisor' + scrape_interval: 5s + static_configs: + - targets: ['cadvisor:8080'] rule_files: - "alert.rules" diff --git a/monitoring/data.tf b/monitoring/data.tf index b3010c6..9a192aa 100644 --- a/monitoring/data.tf +++ b/monitoring/data.tf @@ -13,4 +13,3 @@ data "docker_registry_image" "prometheus" { data "docker_registry_image" "nodeexporter" { name = "prom/node-exporter" } - diff --git a/monitoring/main.tf b/monitoring/main.tf index 30f0045..9ed8ac5 100644 --- a/monitoring/main.tf +++ b/monitoring/main.tf @@ -4,13 +4,14 @@ resource docker_container "grafana" { labels { # "traefik.frontend.auth.basic" = "${var.basic_auth}" - "traefik.port" = 3000 - "traefik.enable" = "true" - "traefik.frontend.headers.SSLTemporaryRedirect" = "true" - "traefik.frontend.headers.STSSeconds" = "2592000" - "traefik.frontend.headers.STSIncludeSubdomains" = "false" - "traefik.frontend.headers.contentTypeNosniff" = "true" - "traefik.frontend.headers.browserXSSFilter" = "true" + "traefik.port" = 3000 + "traefik.enable" = "true" + "traefik.frontend.headers.SSLTemporaryRedirect" = "true" + "traefik.frontend.headers.STSSeconds" = "2592000" + "traefik.frontend.headers.STSIncludeSubdomains" = "false" + "traefik.frontend.headers.contentTypeNosniff" = "true" + "traefik.frontend.headers.browserXSSFilter" = "true" + # "traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}" # "traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}" } @@ -22,6 +23,11 @@ resource docker_container "grafana" { links = ["prometheus"] + env = [ + "GF_SECURITY_ADMIN_PASSWORD=${var.gf-security-admin-password}", + "GF_SERVER_ROOT_URL=https://grafana.${var.domain}", + ] + restart = "unless-stopped" destroy_grace_seconds = 10 must_run = true @@ -31,6 +37,9 @@ resource docker_container "prometheus" { name = "prometheus" image = "${docker_image.prometheus.latest}" + # prometheus:prometheus + user = "985:983" + command = ["--config.file=/etc/prometheus/prometheus.yml"] volumes { @@ -43,7 +52,7 @@ resource docker_container "prometheus" { file = "/etc/prometheus/prometheus.yml" } - links = ["nodeexporter"] + links = ["nodeexporter", "cadvisor"] restart = "unless-stopped" destroy_grace_seconds = 10 @@ -73,11 +82,10 @@ resource docker_container "nodeexporter" { command = [ "--path.procfs=/host/proc", "--path.sysfs=/host/sys", - "--collector.filesystem.ignored-mount-points=\"^/(sys|proc|dev|host|etc)($$|/)\"" + "--collector.filesystem.ignored-mount-points=\"^/(sys|proc|dev|host|etc)($$|/)\"", ] restart = "unless-stopped" destroy_grace_seconds = 10 must_run = true } - diff --git a/monitoring/variables.tf b/monitoring/variables.tf index 6eac904..5afcf1c 100644 --- a/monitoring/variables.tf +++ b/monitoring/variables.tf @@ -1,20 +1,23 @@ variable "gf-security-admin-password" { type = "string" } + # variable "email" { # type = "string" # } -# variable "domain" { -# type = "string" -# } +variable "domain" { + type = "string" +} variable "alert-slack-username" { default = "Prometheus" } + variable "alert-slack-channel" { default = "#notifications" } + variable "alert-slack-incoming-webhook" { default = "https://hooks.slack.com/whatever" }