171 lines
5.6 KiB
YAML
171 lines
5.6 KiB
YAML
---
|
|
lgtm_stack_domain: "{{ all_services | service_get_domain(role_name) }}"
|
|
lgtm_stack_mimir_domain: mimir.serguzim.me
|
|
lgtm_stack_alloy_domain: alloy.serguzim.me
|
|
|
|
lgtm_stack_alloy_jobs: "{{ all_services | services_to_alloy() }}"
|
|
|
|
|
|
lgtm_stack_svc:
|
|
domain: "{{ lgtm_stack_domain }}"
|
|
port: 3000
|
|
extra_svcs:
|
|
- domain: "{{ lgtm_stack_alloy_domain }}"
|
|
docker_host: lgtm_stack_alloy
|
|
port: 12345
|
|
caddy_extra: import vpn_only
|
|
- domain: "{{ lgtm_stack_mimir_domain }}"
|
|
docker_host: lgtm_stack_mimir
|
|
port: 9009
|
|
caddy_extra: import vpn_only
|
|
postgresql_collector:
|
|
host: "{{ postgres.host }}"
|
|
port: "{{ postgres.port }}"
|
|
user: "{{ opentofu.postgresql_metrics_collector.user }}"
|
|
pass: "{{ opentofu.postgresql_metrics_collector.pass }}"
|
|
database: "{{ opentofu.postgresql_metrics_collector.database }}"
|
|
|
|
lgtm_stack_env:
|
|
|
|
GF_DEFAULT_INSTANCE_NAME: "{{ lgtm_stack_domain }}"
|
|
GF_SERVER_PROTOCOL: "http"
|
|
GF_SERVER_DOMAIN: "{{ lgtm_stack_domain }}"
|
|
GF_SERVER_ROOT_URL: "https://{{ lgtm_stack_domain }}/"
|
|
|
|
GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION: true
|
|
GF_SECURITY_ADMIN_USER: "{{ admin_email }}"
|
|
GF_SECURITY_SECRET_KEY: "{{ vault_lgtm_stack.grafana.secret_key }}"
|
|
GF_SECURITY_COOKIE_SECURE: true
|
|
GF_SECURITY_COOKIE_SAMESITE: "strict"
|
|
|
|
GF_PLUGINS_PLUGIN_ADMIN_ENABLED: true
|
|
|
|
GF_DATABASE_TYPE: "postgres"
|
|
GF_DATABASE_HOST: "{{ postgres.host }}"
|
|
GF_DATABASE_NAME: "{{ opentofu.postgresql_data.lgtm_stack.database }}"
|
|
GF_DATABASE_USER: "{{ opentofu.postgresql_data.lgtm_stack.user }}"
|
|
GF_DATABASE_PASSWORD: "{{ opentofu.postgresql_data.lgtm_stack.pass }}"
|
|
GF_DATABASE_SSL_MODE: "verify-full"
|
|
|
|
GF_USERS_ALLOW_SIGN_UP: false
|
|
GF_AUTH_DISABLE_LOGIN_FORM: true
|
|
GF_SIGNOUT_REDIRECT_URL: "https://{{ lgtm_stack_domain }}/"
|
|
GF_OAUTH_AUTO_LOGIN: true
|
|
GF_AUTH_ANONYMOUS_ENABLED: false
|
|
GF_AUTH_ANONYMOUS_ORG_NAME: "Main Org."
|
|
GF_AUTH_ANONYMOUS_ORG_ROLE: "Viewer"
|
|
GF_AUTH_GENERIC_OAUTH_ENABLED: true
|
|
GF_AUTH_GENERIC_OAUTH_NAME: "auth.serguzim.me"
|
|
GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP: true
|
|
GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: "\
|
|
contains(groups, 'Grafana GrafanaAdmins') && 'GrafanaAdmin'
|
|
|| contains(groups, 'Grafana Admins') && 'Admin'
|
|
|| contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'"
|
|
GF_AUTH_GENERIC_OAUTH_ALLOW_ASSIGN_GRAFANA_ADMIN: true
|
|
GF_AUTH_GENERIC_OAUTH_CLIENT_ID: "{{ opentofu.authentik_data.lgtm_stack.client_id }}"
|
|
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: "{{ opentofu.authentik_data.lgtm_stack.client_secret }}"
|
|
GF_AUTH_GENERIC_OAUTH_SCOPES: "openid profile email"
|
|
GF_AUTH_GENERIC_OAUTH_AUTH_URL: "https://auth.serguzim.me/application/o/authorize/"
|
|
GF_AUTH_GENERIC_OAUTH_TOKEN_URL: "https://auth.serguzim.me/application/o/token/"
|
|
GF_AUTH_GENERIC_OAUTH_API_URL: "https://auth.serguzim.me/application/o/userinfo/"
|
|
GF_AUTH_SIGNOUT_REDIRECT_URL: "{{ (opentofu.authentik_data.lgtm_stack.base_url, 'end-session') | path_join }}/"
|
|
GF_AUTH_OAUTH_AUTO_LOGIN: true
|
|
|
|
GF_SMTP_ENABLED: true
|
|
GF_SMTP_HOST: "{{ mailer.host }}:{{ mailer.port }}"
|
|
GF_SMTP_USER: "{{ opentofu.mailcow_data.lgtm_stack.address }}"
|
|
GF_SMTP_PASSWORD: "{{ opentofu.mailcow_data.lgtm_stack.password }}"
|
|
GF_SMTP_FROM_ADDRESS: "{{ opentofu.mailcow_data.lgtm_stack.address }}"
|
|
GF_SMTP_FROM_NAME: "Monitoring"
|
|
|
|
lgtm_stack_grafana_datasources:
|
|
apiVersion: 1
|
|
|
|
deleteDatasources:
|
|
- name: Mimir
|
|
|
|
datasources:
|
|
- name: Mimir
|
|
type: prometheus
|
|
access: proxy
|
|
orgId: 1
|
|
url: "https://{{ lgtm_stack_mimir_domain }}/prometheus"
|
|
version: 1
|
|
editable: true
|
|
jsonData:
|
|
timeInterval: 60s
|
|
prometheusType: Mimir
|
|
|
|
lgtm_stack_mimir_yml:
|
|
multitenancy_enabled: false
|
|
target: all
|
|
|
|
common:
|
|
storage:
|
|
backend: s3
|
|
s3:
|
|
endpoint: "{{ opentofu.scaleway_data.mimir_blocks.api_endpoint | regex_replace('^https://', '') }}"
|
|
region: "{{ opentofu.scaleway_data.mimir_blocks.region }}"
|
|
access_key_id: "{{ opentofu.scaleway_data.mimir_blocks.access_key }}"
|
|
secret_access_key: "{{ opentofu.scaleway_data.mimir_blocks.secret_key }}"
|
|
blocks_storage:
|
|
s3:
|
|
bucket_name: "{{ opentofu.scaleway_data.mimir_blocks.name }}"
|
|
alertmanager_storage:
|
|
s3:
|
|
bucket_name: "{{ opentofu.scaleway_data.mimir_alertmanager.name }}"
|
|
ruler_storage:
|
|
s3:
|
|
bucket_name: "{{ opentofu.scaleway_data.mimir_ruler.name }}"
|
|
|
|
server:
|
|
http_listen_port: 9009
|
|
|
|
# Configure the server to allow messages up to 100MB.
|
|
grpc_server_max_recv_msg_size: 104857600
|
|
grpc_server_max_send_msg_size: 104857600
|
|
grpc_server_max_concurrent_streams: 1000
|
|
|
|
ingester:
|
|
ring:
|
|
replication_factor: 1
|
|
|
|
lgtm_stack_compose:
|
|
watchtower: update
|
|
image: grafana/grafana-oss
|
|
volumes:
|
|
- ./datasources:/etc/grafana/provisioning/datasources
|
|
- grafana-data:/var/lib/grafana
|
|
file:
|
|
services:
|
|
alloy:
|
|
image: grafana/alloy:latest
|
|
restart: always
|
|
volumes:
|
|
- ./config.alloy:/etc/alloy/config.alloy:ro
|
|
command:
|
|
- run
|
|
- /etc/alloy/config.alloy
|
|
- --storage.path=/var/lib/alloy/data
|
|
- --server.http.listen-addr=0.0.0.0:12345
|
|
- --stability.level=experimental
|
|
networks:
|
|
apps:
|
|
aliases:
|
|
- lgtm_stack_alloy
|
|
default:
|
|
|
|
mimir:
|
|
image: grafana/mimir:latest
|
|
restart: always
|
|
command:
|
|
- -config.file=/etc/mimir-config/mimir.yaml
|
|
volumes:
|
|
- ./mimir.yaml:/etc/mimir-config/mimir.yaml:ro
|
|
networks:
|
|
default:
|
|
apps:
|
|
aliases:
|
|
- lgtm_stack_mimir
|
|
volumes:
|
|
grafana-data:
|