5c35a1ed36
- monitoring: Prometheus, Exporters, InfluxDB (owns monitoring_network) - teslamate/: TeslaMate + Grafana + Postgres + Mosquitto - backup-monitor/: Backup-Monitor + MongoDB - Jeder Stack unabhängig steuerbar, kein gegenseitiges Risiko
87 lines
2.8 KiB
YAML
87 lines
2.8 KiB
YAML
networks:
|
|
monitoring_network:
|
|
external: true
|
|
|
|
services:
|
|
teslamate:
|
|
image: teslamate/teslamate:latest
|
|
container_name: teslamate
|
|
restart: always
|
|
depends_on:
|
|
- teslamate_database
|
|
environment:
|
|
- DATABASE_USER=${TM_DB_USER}
|
|
- DATABASE_PASS=${TM_DB_PASS}
|
|
- DATABASE_NAME=${TM_DB_NAME}
|
|
- DATABASE_HOST=teslamate_database
|
|
- MQTT_HOST=mosquitto
|
|
- VIRTUAL_HOST=${FQDN_TM}
|
|
- CHECK_ORIGIN=true
|
|
- TZ=${TM_TZ}
|
|
- ENCRYPTION_KEY=${ENCRYPTION_KEY}
|
|
volumes:
|
|
- /app-config/teslamate_config:/opt/app/import
|
|
cap_drop:
|
|
- all
|
|
ports:
|
|
- "4000:4000"
|
|
networks:
|
|
- monitoring_network
|
|
|
|
teslamate_database:
|
|
image: postgres:17
|
|
container_name: teslamate_database
|
|
restart: always
|
|
environment:
|
|
- POSTGRES_USER=${TM_DB_USER}
|
|
- POSTGRES_PASSWORD=${TM_DB_PASS}
|
|
- POSTGRES_DB=${TM_DB_NAME}
|
|
volumes:
|
|
- /app-config/teslamate_database:/var/lib/postgresql/data
|
|
networks:
|
|
- monitoring_network
|
|
|
|
grafana:
|
|
image: teslamate/grafana:latest
|
|
container_name: grafana
|
|
restart: always
|
|
environment:
|
|
- DATABASE_USER=${TM_DB_USER}
|
|
- DATABASE_PASS=${TM_DB_PASS}
|
|
- DATABASE_NAME=${TM_DB_NAME}
|
|
- DATABASE_HOST=teslamate_database
|
|
- GRAFANA_PASSWD=${GRAFANA_PW}
|
|
- GF_SECURITY_ADMIN_USER=${GRAFANA_USER}
|
|
- GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_PW}
|
|
- GF_AUTH_ANONYMOUS_ENABLED=false
|
|
- GF_SERVER_DOMAIN=grafana.sascha-lutz.de
|
|
- GF_SERVER_ROOT_URL=https://grafana.sascha-lutz.de
|
|
- GF_SERVER_SERVE_FROM_SUB_PATH=false
|
|
- GF_AUTH_GENERIC_OAUTH_ENABLED=true
|
|
- GF_AUTH_GENERIC_OAUTH_NAME=Authentik
|
|
- GF_AUTH_GENERIC_OAUTH_CLIENT_ID=${GF_OAUTH_CLIENT_ID}
|
|
- GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=${GF_OAUTH_CLIENT_SECRET}
|
|
- GF_AUTH_GENERIC_OAUTH_SCOPES=openid profile email
|
|
- GF_AUTH_GENERIC_OAUTH_AUTH_URL=https://auth.sascha-lutz.de/application/o/authorize/
|
|
- GF_AUTH_GENERIC_OAUTH_TOKEN_URL=https://auth.sascha-lutz.de/application/o/token/
|
|
- GF_AUTH_GENERIC_OAUTH_API_URL=https://auth.sascha-lutz.de/application/o/userinfo/
|
|
- GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH=contains(groups[*], 'authentik Admins') && 'Admin' || 'Viewer'
|
|
- GF_AUTH_SIGNOUT_REDIRECT_URL=https://auth.sascha-lutz.de/application/o/grafana/end-session/
|
|
- GF_AUTH_GENERIC_OAUTH_AUTO_LOGIN=false
|
|
volumes:
|
|
- /app-config/grafana_data:/var/lib/grafana
|
|
ports:
|
|
- "3000:3000"
|
|
networks:
|
|
- monitoring_network
|
|
|
|
mosquitto:
|
|
image: eclipse-mosquitto:2
|
|
container_name: mosquitto
|
|
command: mosquitto -c /mosquitto-no-auth.conf
|
|
restart: always
|
|
volumes:
|
|
- /app-config/mosquitto_config:/mosquitto/config
|
|
- /app-config/mosquitto_data:/mosquitto/data
|
|
networks:
|
|
- monitoring_network
|