split: monitoring in 3 Stacks aufgeteilt

- monitoring: Prometheus, Exporters, InfluxDB (owns monitoring_network)
- teslamate/: TeslaMate + Grafana + Postgres + Mosquitto
- backup-monitor/: Backup-Monitor + MongoDB
- Jeder Stack unabhängig steuerbar, kein gegenseitiges Risiko

teslamate/compose.yaml

@@ -0,0 +1,87 @@
+networks:
+  monitoring_network:
+    external: true
+
+services:
+  teslamate:
+    image: teslamate/teslamate:latest
+    container_name: teslamate
+    restart: always
+    depends_on:
+      - teslamate_database
+    environment:
+      - DATABASE_USER=${TM_DB_USER}
+      - DATABASE_PASS=${TM_DB_PASS}
+      - DATABASE_NAME=${TM_DB_NAME}
+      - DATABASE_HOST=teslamate_database
+      - MQTT_HOST=mosquitto
+      - VIRTUAL_HOST=${FQDN_TM}
+      - CHECK_ORIGIN=true
+      - TZ=${TM_TZ}
+      - ENCRYPTION_KEY=${ENCRYPTION_KEY}
+    volumes:
+      - /app-config/teslamate_config:/opt/app/import
+    cap_drop:
+      - all
+    ports:
+      - "4000:4000"
+    networks:
+      - monitoring_network
+
+  teslamate_database:
+    image: postgres:17
+    container_name: teslamate_database
+    restart: always
+    environment:
+      - POSTGRES_USER=${TM_DB_USER}
+      - POSTGRES_PASSWORD=${TM_DB_PASS}
+      - POSTGRES_DB=${TM_DB_NAME}
+    volumes:
+      - /app-config/teslamate_database:/var/lib/postgresql/data
+    networks:
+      - monitoring_network
+
+  grafana:
+    image: teslamate/grafana:latest
+    container_name: grafana
+    restart: always
+    environment:
+      - DATABASE_USER=${TM_DB_USER}
+      - DATABASE_PASS=${TM_DB_PASS}
+      - DATABASE_NAME=${TM_DB_NAME}
+      - DATABASE_HOST=teslamate_database
+      - GRAFANA_PASSWD=${GRAFANA_PW}
+      - GF_SECURITY_ADMIN_USER=${GRAFANA_USER}
+      - GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_PW}
+      - GF_AUTH_ANONYMOUS_ENABLED=false
+      - GF_SERVER_DOMAIN=grafana.sascha-lutz.de
+      - GF_SERVER_ROOT_URL=https://grafana.sascha-lutz.de
+      - GF_SERVER_SERVE_FROM_SUB_PATH=false
+      - GF_AUTH_GENERIC_OAUTH_ENABLED=true
+      - GF_AUTH_GENERIC_OAUTH_NAME=Authentik
+      - GF_AUTH_GENERIC_OAUTH_CLIENT_ID=${GF_OAUTH_CLIENT_ID}
+      - GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=${GF_OAUTH_CLIENT_SECRET}
+      - GF_AUTH_GENERIC_OAUTH_SCOPES=openid profile email
+      - GF_AUTH_GENERIC_OAUTH_AUTH_URL=https://auth.sascha-lutz.de/application/o/authorize/
+      - GF_AUTH_GENERIC_OAUTH_TOKEN_URL=https://auth.sascha-lutz.de/application/o/token/
+      - GF_AUTH_GENERIC_OAUTH_API_URL=https://auth.sascha-lutz.de/application/o/userinfo/
+      - GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH=contains(groups[*], 'authentik Admins') && 'Admin' || 'Viewer'
+      - GF_AUTH_SIGNOUT_REDIRECT_URL=https://auth.sascha-lutz.de/application/o/grafana/end-session/
+      - GF_AUTH_GENERIC_OAUTH_AUTO_LOGIN=false
+    volumes:
+      - /app-config/grafana_data:/var/lib/grafana
+    ports:
+      - "3000:3000"
+    networks:
+      - monitoring_network
+
+  mosquitto:
+    image: eclipse-mosquitto:2
+    container_name: mosquitto
+    command: mosquitto -c /mosquitto-no-auth.conf
+    restart: always
+    volumes:
+      - /app-config/mosquitto_config:/mosquitto/config
+      - /app-config/mosquitto_data:/mosquitto/data
+    networks:
+      - monitoring_network