├── .gitignore ├── LICENSE ├── README.md ├── consul.d └── config.json ├── docker └── daemon.json ├── fluent-bit ├── fluent-bit.conf └── parse_timestamp.lua ├── fluentd └── fluentd.conf ├── grafana └── config │ └── grafana.ini ├── loki └── config │ └── local-config.yaml ├── nomad-manifests └── monitoring_stack.nomad ├── nomad ├── client.conf └── server.conf ├── pihole_exporter ├── pihole-exporter.service └── start_phe.sh ├── prometheus └── config │ └── prometheus.yml ├── traefik └── traefik.toml ├── unifipoller └── config │ └── up.conf └── vault └── vault.hcl /.gitignore: -------------------------------------------------------------------------------- 1 | # Local .terraform directories 2 | **/.terraform/* 3 | 4 | # .tfstate files 5 | *.tfstate 6 | *.tfstate.* 7 | 8 | # Crash log files 9 | crash.log 10 | 11 | # Ignore any .tfvars files that are generated automatically for each Terraform run. Most 12 | # .tfvars files are managed as part of configuration and so should be included in 13 | # version control. 14 | # 15 | # example.tfvars 16 | 17 | # Ignore override files as they are usually used to override resources locally and so 18 | # are not checked in 19 | override.tf 20 | override.tf.json 21 | *_override.tf 22 | *_override.tf.json 23 | 24 | # Include override files you do wish to add to version control using negated pattern 25 | # 26 | # !example_override.tf 27 | 28 | # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan 29 | # example: *tfplan* 30 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2021 Budget Smart Home UK 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # home-lab-configs 2 | 3 | All the configuration files to accompany the blog posts on [Budget Smarthome](https://www.budgetsmarthome.co.uk/). 4 | -------------------------------------------------------------------------------- /consul.d/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "acl_default_policy": "allow", 3 | "addresses": { 4 | "dns": "", 5 | "grpc": "", 6 | "http": "", 7 | "https": "" 8 | }, 9 | "advertise_addr": "", 10 | "advertise_addr_wan": "", 11 | "bind_addr": "", 12 | "bootstrap": false, 13 | "client_addr": "127.0.0.1", 14 | "connect": { 15 | "enabled": true 16 | }, 17 | "data_dir": "/var/consul", 18 | "datacenter": "", 19 | "disable_update_check": false, 20 | "domain": "", 21 | "enable_script_checks": false, 22 | "enable_syslog": true, 23 | "encrypt": "", 24 | "encrypt_verify_incoming": true, 25 | "encrypt_verify_outgoing": true, 26 | "log_level": "INFO", 27 | "node_name": "", 28 | "performance": { 29 | "leave_drain_time": "5s", 30 | "raft_multiplier": 1, 31 | "rpc_hold_timeout": "7s" 32 | }, 33 | "ports": { 34 | "dns": 8600, 35 | "grpc": -1, 36 | "http": 8500, 37 | "https": -1, 38 | "serf_lan": 8301, 39 | "serf_wan": 8302, 40 | "server": 8300 41 | }, 42 | "raft_protocol": 3, 43 | "retry_interval": "30s", 44 | "recursors": [ 45 | "208.67.220.220", 46 | "208.67.222.222" 47 | ], 48 | "retry_interval_wan": "30s", 49 | "retry_join": [ 50 | "" 51 | ], 52 | "retry_max": 0, 53 | "retry_max_wan": 0, 54 | "server": true, 55 | "syslog_facility": "local0", 56 | "ui": true, 57 | "acl": { 58 | "enabled": true, 59 | "default_policy": "allow", 60 | "enable_token_persistence": true 61 | } 62 | } 63 | -------------------------------------------------------------------------------- /docker/daemon.json: -------------------------------------------------------------------------------- 1 | { 2 | "data-root": "/mnt/docker", 3 | "metrics-addr" : ":9323", 4 | "experimental" : true, 5 | "log-driver": "loki", 6 | "log-opts": { 7 | "loki-url": "http://loki.service./loki/api/v1/push", 8 | "loki-batch-size": "400" 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /fluent-bit/fluent-bit.conf: -------------------------------------------------------------------------------- 1 | [SERVICE] 2 | flush 5 3 | daemon Off 4 | log_level info 5 | parsers_file parsers.conf 6 | plugins_file plugins.conf 7 | http_server Off 8 | http_listen 0.0.0.0 9 | http_port 2020 10 | storage.metrics on 11 | 12 | [INPUT] 13 | Name syslog 14 | Listen 0.0.0.0 15 | Port 1514 16 | Parser syslog-rfc3164 17 | Mode udp 18 | tag unifi 19 | 20 | [FILTER] 21 | Name lua 22 | Match * 23 | script /etc/fluent-bit/parse_timestamp.lua 24 | call local_timestamp_to_UTC 25 | 26 | [FILTER] 27 | Name parser 28 | Match unifi 29 | Key_Name message 30 | Parser iptables 31 | Preserve_Key True 32 | Reserve_Data True 33 | 34 | 35 | 36 | [FILTER] 37 | Name geoip2 38 | Match unifi 39 | Database /etc/fluent-bit/GeoLite2-City.mmdb 40 | Lookup_key source_addr 41 | Record country source_addr %{country.names.en} 42 | Record isocode source_addr %{country.iso_code} 43 | Record latitude source_addr %{location.latitude} 44 | Record longitude source_addr %{location.longitude} 45 | Record city source_addr %{city.names.en} 46 | Record postal_code source_addr %{postal.code} 47 | Record region_code source_addr %{subdivisions.0.iso_code} 48 | Record region_name source_addr %{subdivisions.0.names.en} 49 | 50 | [OUTPUT] 51 | Name loki 52 | Match * 53 | Host loki.service. 54 | Port 443 55 | tls on 56 | Labels job=fluentbit 57 | label_keys $city, $country 58 | 59 | -------------------------------------------------------------------------------- /fluent-bit/parse_timestamp.lua: -------------------------------------------------------------------------------- 1 | function local_timestamp_to_UTC(tag, timestamp, record) 2 | local d1 = os.date("*t", 0) 3 | local d2 = os.date("!*t", 0) 4 | local zone_diff = os.difftime(os.time(d2), os.time(d1)) 5 | new_timestamp = timestamp + zone_diff 6 | return 1, new_timestamp, record 7 | end 8 | -------------------------------------------------------------------------------- /fluentd/fluentd.conf: -------------------------------------------------------------------------------- 1 | 2 | @type forward 3 | port 24224 4 | bind 0.0.0.0 5 | 6 | 7 | 8 | @type forward 9 | port 24225 10 | bind 0.0.0.0 11 | tag unifi 12 | 13 | 14 | 15 | @type geoip 16 | geoip_database "/usr/share/GeoIP/GeoIPCity.dat" 17 | geoip2_database "/usr/share/GEOIP2/GEOIP2city.mmdb" 18 | geoip_lookup_keys ["source"] 19 | 20 | city ${city.names.en["source"]} 21 | latitude ${location.latitude["source"]} 22 | longitude ${location.longitude["source"]} 23 | country ${country.iso_code["source"]} 24 | country_name ${country.names.en["source"]} 25 | postal_code ${postal.code["source"]} 26 | region_code ${subdivisions.0.iso_code["source"]} 27 | region_name ${subdivisions.0.names.en["source"]} 28 | 29 | 30 | 31 | 32 | @type loki 33 | url "http://loki.service." 34 | extra_labels {"env":"prod"} 35 | flush_interval 10s 36 | flush_at_shutdown true 37 | buffer_chunk_limit 1m 38 | 39 | -------------------------------------------------------------------------------- /grafana/config/grafana.ini: -------------------------------------------------------------------------------- 1 | [paths] 2 | [server] 3 | domain = grafana.service. 4 | root_url = %(protocol)s://%(domain)s/ 5 | [database] 6 | [datasources] 7 | [remote_cache] 8 | [dataproxy] 9 | [analytics] 10 | [security] 11 | [snapshots] 12 | [dashboards] 13 | [users] 14 | [auth] 15 | [auth.anonymous] 16 | enabled = True 17 | org_name = Main Org. 18 | org_role = Viewer 19 | hide_version = true 20 | [auth.github] 21 | [auth.gitlab] 22 | [auth.google] 23 | [auth.grafana_com] 24 | [auth.azuread] 25 | [auth.okta] 26 | [auth.generic_oauth] 27 | [auth.basic] 28 | [auth.proxy] 29 | [auth.ldap] 30 | [smtp] 31 | [emails] 32 | [log] 33 | [log.console] 34 | [log.file] 35 | [log.syslog] 36 | [log.frontend] 37 | [quota] 38 | [alerting] 39 | [annotations.dashboard] 40 | [annotations.api] 41 | [explore] 42 | [metrics] 43 | [metrics.environment_info] 44 | [metrics.graphite] 45 | [grafana_com] 46 | [tracing.jaeger] 47 | [external_image_storage] 48 | [external_image_storage.s3] 49 | [external_image_storage.webdav] 50 | [external_image_storage.gcs] 51 | [external_image_storage.azure_blob] 52 | [external_image_storage.local] 53 | [rendering] 54 | [panels] 55 | [plugins] 56 | [plugin.grafana-image-renderer] 57 | [enterprise] 58 | [feature_toggles] 59 | [date_formats] 60 | [expressions] 61 | -------------------------------------------------------------------------------- /loki/config/local-config.yaml: -------------------------------------------------------------------------------- 1 | auth_enabled: false 2 | 3 | server: 4 | http_listen_address: 0.0.0.0 5 | http_listen_port: 3100 6 | 7 | ingester: 8 | lifecycler: 9 | address: 0.0.0.0 10 | ring: 11 | kvstore: 12 | store: inmemory 13 | replication_factor: 1 14 | final_sleep: 0s 15 | chunk_idle_period: 1h # Any chunk not receiving new logs in this time will be flushed 16 | max_chunk_age: 1h # All chunks will be flushed when they hit this age, default is 1h 17 | chunk_target_size: 1048576 # Loki will attempt to build chunks up to 1.5MB, flushing first if chunk_idle_period or max_chunk_age is reached first 18 | chunk_retain_period: 30s # Must be greater than index read cache TTL if using an index cache (Default index read cache TTL is 5m) 19 | max_transfer_retries: 0 # Chunk transfers disabled 20 | 21 | schema_config: 22 | configs: 23 | - from: 2020-10-24 24 | store: boltdb-shipper 25 | object_store: filesystem 26 | schema: v11 27 | index: 28 | prefix: index_ 29 | period: 24h 30 | 31 | storage_config: 32 | boltdb_shipper: 33 | active_index_directory: /tmp/loki/boltdb-shipper-active 34 | cache_location: /tmp/loki/boltdb-shipper-cache 35 | cache_ttl: 24h # Can be increased for faster performance over longer query periods, uses more disk space 36 | shared_store: filesystem 37 | filesystem: 38 | directory: /tmp/loki/chunks 39 | 40 | compactor: 41 | working_directory: /tmp/loki/boltdb-shipper-compactor 42 | shared_store: filesystem 43 | 44 | limits_config: 45 | reject_old_samples: true 46 | reject_old_samples_max_age: 168h 47 | 48 | chunk_store_config: 49 | max_look_back_period: 0s 50 | 51 | table_manager: 52 | retention_deletes_enabled: false 53 | retention_period: 0s 54 | 55 | ruler: 56 | storage: 57 | type: local 58 | local: 59 | directory: /tmp/loki/rules 60 | rule_path: /tmp/loki/rules-temp 61 | alertmanager_url: http://localhost:9093 62 | ring: 63 | kvstore: 64 | store: inmemory 65 | enable_api: true 66 | -------------------------------------------------------------------------------- /nomad-manifests/monitoring_stack.nomad: -------------------------------------------------------------------------------- 1 | job "monitoring" { 2 | affinity { 3 | attribute = "${unique.hostname}" 4 | value = "." 5 | weight = 100 6 | } 7 | datacenters = [""] 8 | type = "service" 9 | update { 10 | max_parallel = 1 11 | min_healthy_time = "10s" 12 | healthy_deadline = "3m" 13 | progress_deadline = "10m" 14 | auto_revert = false 15 | canary = 0 16 | } 17 | migrate { 18 | max_parallel = 1 19 | health_check = "checks" 20 | min_healthy_time = "10s" 21 | healthy_deadline = "5m" 22 | } 23 | group "monitoring" { 24 | count = 1 25 | restart { 26 | attempts = 5 27 | interval = "5m" 28 | delay = "15s" 29 | mode = "delay" 30 | } 31 | ephemeral_disk { 32 | size = 400 33 | } 34 | network { 35 | port "unifipoller" { 36 | to = 9130 37 | } 38 | port "grafana" { 39 | to = 3000 40 | } 41 | port "loki" { 42 | to = 3100 43 | } 44 | port "prometheus" { 45 | to = 9090 46 | } 47 | } 48 | task "unifiPoller" { 49 | driver = "docker" 50 | config { 51 | image = "golift/unifi-poller:latest" 52 | dns_servers = [""] 53 | network_mode = "bridge" 54 | volumes = [ 55 | "/media/unifipoller/config:/etc/unifi-poller:Z", 56 | "/etc/localtime:/etc/localtime:ro" 57 | ] 58 | ports = ["unifipoller"] 59 | } 60 | resources { 61 | cpu = 251 # 500 MHz 62 | memory = 256 # 4G 63 | } 64 | service { 65 | name = "unifipoller" 66 | tags = [ 67 | "unifipoller", 68 | "monitoring" 69 | ] 70 | port = "unifipoller" 71 | check { 72 | name = "alive" 73 | type = "tcp" 74 | interval = "10s" 75 | timeout = "2s" 76 | } 77 | } 78 | } 79 | task "grafana" { 80 | env = { 81 | discovery.type = "single-node" 82 | GF_INSTALL_PLUGINS = "grafana-worldmap-panel,grafana-clock-panel,grafana-piechart-panel,natel-discrete-panel,mtanda-histogram-panel,larona-epict-panel" 83 | } 84 | driver = "docker" 85 | config { 86 | dns_servers = [""] 87 | image = "grafana/grafana:latest" 88 | network_mode = "bridge" 89 | volumes = [ 90 | "/media/grafana/config:/etc/grafana:Z", 91 | "/media/grafana/home:/var/lib/grafana:Z", 92 | "/etc/localtime:/etc/localtime:ro" 93 | ] 94 | ports = ["grafana"] 95 | } 96 | resources { 97 | cpu = 500 # 500 MHz 98 | memory = 512 # 4G 99 | } 100 | service { 101 | name = "grafana" 102 | tags = [ 103 | "grafana", 104 | "monitoring" 105 | ] 106 | port = "grafana" 107 | check { 108 | name = "alive" 109 | type = "tcp" 110 | interval = "10s" 111 | timeout = "2s" 112 | } 113 | } 114 | } 115 | task "loki" { 116 | env { 117 | discovery.type = "single-node" 118 | } 119 | driver = "docker" 120 | config { 121 | dns_servers = [""] 122 | image = "grafana/loki:2.0.0" 123 | network_mode = "bridge" 124 | volumes = [ 125 | "/media/loki/data:/tmp/loki:Z", 126 | "/media/loki/config:/etc/loki:Z", 127 | "/etc/localtime:/etc/localtime:ro" 128 | ] 129 | ports = ["loki"] 130 | } 131 | resources { 132 | cpu = 1000 # 500 MHz 133 | memory = 2048 # 4G 134 | } 135 | service { 136 | name = "loki" 137 | tags = [ 138 | "loki" 139 | ] 140 | port = "loki" 141 | check { 142 | name = "loki HTTPS" 143 | type = "tcp" 144 | interval = "10s" 145 | timeout = "2s" 146 | } 147 | } 148 | } 149 | task "prometheus" { 150 | driver = "docker" 151 | config { 152 | dns_servers = [""] 153 | image = "prom/prometheus" 154 | network_mode = "bridge" 155 | volumes = [ 156 | "/media/prometheus/data:/prometheus:Z", 157 | "/media/prometheus/config:/etc/prometheus:Z", 158 | "/etc/localtime:/etc/localtime:ro" 159 | ] 160 | ports = ["prometheus"] 161 | } 162 | resources { 163 | cpu = 1000 # 500 MHz 164 | memory = 2048 # 4G 165 | } 166 | service { 167 | name = "prometheus" 168 | tags = [ 169 | "prometheus", 170 | ] 171 | port = "prometheus" 172 | check { 173 | name = "prometheus HTTPS" 174 | type = "tcp" 175 | interval = "10s" 176 | timeout = "2s" 177 | } 178 | } 179 | } 180 | } 181 | } 182 | -------------------------------------------------------------------------------- /nomad/client.conf: -------------------------------------------------------------------------------- 1 | name = "" 2 | region = "" 3 | datacenter = "" 4 | 5 | enable_debug = false 6 | disable_update_check = false 7 | 8 | bind_addr = "" 9 | advertise { 10 | http = ":4656" 11 | rpc = ":4657" 12 | serf = ":4658" 13 | } 14 | ports { 15 | http = 4656 16 | rpc = 4657 17 | serf = 4658 18 | } 19 | 20 | consul { 21 | # The address to the Consul agent. 22 | address = ":8500" 23 | # The service name to register the server and client with Consul. 24 | server_service_name = "nomad-servers" 25 | client_service_name = "nomad-clients" 26 | 27 | # Enables automatically registering the services. 28 | auto_advertise = true 29 | 30 | # Enabling the server and client to bootstrap using Consul. 31 | server_auto_join = true 32 | client_auto_join = true 33 | 34 | token = "" 35 | } 36 | 37 | data_dir = "/media/docker/nomad" 38 | 39 | log_level = "INFO" 40 | enable_syslog = true 41 | 42 | leave_on_terminate = true 43 | leave_on_interrupt = false 44 | 45 | 46 | 47 | acl { 48 | enabled = false 49 | token_ttl = "30s" 50 | policy_ttl = "30s" 51 | replication_token = "" 52 | } 53 | 54 | vault { 55 | enabled = true 56 | address = "http://:8200/" 57 | allow_unauthenticated = true 58 | create_from_role = "nomad-cluster" 59 | task_token_ttl = "" 60 | ca_file = "" 61 | ca_path = "" 62 | cert_file = "" 63 | key_file = "" 64 | tls_server_name = "" 65 | tls_skip_verify = false 66 | token = "" 67 | } 68 | client { 69 | enabled = true 70 | 71 | node_class = "" 72 | no_host_uuid = false 73 | 74 | 75 | max_kill_timeout = "30s" 76 | 77 | network_speed = 0 78 | cpu_total_compute = 0 79 | 80 | gc_interval = "1m" 81 | gc_disk_usage_threshold = 80 82 | gc_inode_usage_threshold = 70 83 | gc_parallel_destroys = 2 84 | 85 | reserved { 86 | cpu = 0 87 | memory = 0 88 | disk = 1024 89 | } 90 | options { 91 | "docker.caps.whitelist" = "ALL" 92 | "docker.volumes.enabled" = "True" 93 | "docker.config.allow_privileged" = "True" 94 | } 95 | 96 | 97 | 98 | } 99 | 100 | telemetry { 101 | collection_interval = "1s" 102 | disable_hostname = true 103 | prometheus_metrics = true 104 | publish_allocation_metrics = true 105 | publish_node_metrics = true 106 | } 107 | 108 | -------------------------------------------------------------------------------- /nomad/server.conf: -------------------------------------------------------------------------------- 1 | name = "" 2 | region = "" 3 | datacenter = "" 4 | 5 | enable_debug = false 6 | disable_update_check = false 7 | 8 | 9 | bind_addr = "" 10 | advertise { 11 | http = ":4646" 12 | rpc = ":4647" 13 | serf = ":4648" 14 | } 15 | ports { 16 | http = 4646 17 | rpc = 4647 18 | serf = 4648 19 | } 20 | 21 | consul { 22 | # The address to the Consul agent. 23 | address = ":8500" 24 | # The service name to register the server and client with Consul. 25 | server_service_name = "nomad-servers" 26 | client_service_name = "nomad-clients" 27 | 28 | # Enables automatically registering the services. 29 | auto_advertise = true 30 | 31 | # Enabling the server and client to bootstrap using Consul. 32 | server_auto_join = true 33 | client_auto_join = true 34 | 35 | token = "" 36 | } 37 | 38 | data_dir = "/media/docker/nomad" 39 | 40 | log_level = "INFO" 41 | enable_syslog = true 42 | 43 | leave_on_terminate = true 44 | leave_on_interrupt = false 45 | 46 | 47 | 48 | acl { 49 | enabled = false 50 | token_ttl = "30s" 51 | policy_ttl = "30s" 52 | replication_token = "" 53 | } 54 | 55 | vault { 56 | enabled = true 57 | address = "http://:8200/" 58 | allow_unauthenticated = true 59 | create_from_role = "nomad-cluster" 60 | task_token_ttl = "" 61 | ca_file = "" 62 | ca_path = "" 63 | cert_file = "" 64 | key_file = "" 65 | tls_server_name = "" 66 | tls_skip_verify = false 67 | token = "" 68 | } 69 | server { 70 | enabled = true 71 | 72 | bootstrap_expect = 1 73 | 74 | rejoin_after_leave = false 75 | 76 | enabled_schedulers = ["service","batch","system"] 77 | num_schedulers = 12 78 | 79 | node_gc_threshold = "24h" 80 | eval_gc_threshold = "1h" 81 | job_gc_threshold = "4h" 82 | 83 | encrypt = "" 84 | } 85 | 86 | telemetry { 87 | collection_interval = "1s" 88 | disable_hostname = true 89 | prometheus_metrics = true 90 | publish_allocation_metrics = true 91 | publish_node_metrics = true 92 | } 93 | 94 | -------------------------------------------------------------------------------- /pihole_exporter/pihole-exporter.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=PiHole Prometheus Exporter 3 | Wants=network.target 4 | Before=network.target 5 | 6 | [Service] 7 | ExecStart=/usr/local/bin/start_phe.sh 8 | 9 | [Install] 10 | WantedBy=multi-user.target 11 | 12 | -------------------------------------------------------------------------------- /pihole_exporter/start_phe.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | API_TOKEN=$(awk -F= -v key="WEBPASSWORD" '$1==key {print $2}' /etc/pihole/setupVars.conf) 3 | /usr/local/bin/pihole_exporter -pihole_api_token ${API_TOKEN} 4 | -------------------------------------------------------------------------------- /prometheus/config/prometheus.yml: -------------------------------------------------------------------------------- 1 | # my global config 2 | global: 3 | scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute. 4 | evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute. 5 | # scrape_timeout is set to the global default (10s). 6 | 7 | # Alertmanager configuration 8 | alerting: 9 | alertmanagers: 10 | - static_configs: 11 | - targets: 12 | # - alertmanager:9093 13 | 14 | # Load rules once and periodically evaluate them according to the global 'evaluation_interval'. 15 | rule_files: 16 | # - "first_rules.yml" 17 | # - "second_rules.yml" 18 | 19 | # A scrape configuration containing exactly one endpoint to scrape: 20 | # Here it's Prometheus itself. 21 | scrape_configs: 22 | # The job name is added as a label `job=` to any timeseries scraped from this config. 23 | - job_name: 'prometheus' 24 | 25 | # metrics_path defaults to '/metrics' 26 | # scheme defaults to 'http'. 27 | 28 | static_configs: 29 | - targets: ['localhost:9090'] 30 | 31 | - job_name: 'traefik' 32 | 33 | # metrics_path defaults to '/metrics' 34 | # scheme defaults to 'http'. 35 | 36 | static_configs: 37 | - targets: [':8080'] 38 | 39 | # List of Consul service discovery configurations. 40 | - job_name: node-exporter 41 | scrape_interval: 15s 42 | honor_labels: true 43 | consul_sd_configs: 44 | - server: :8500 45 | services: [node-exporter] 46 | relabel_configs: 47 | - source_labels: [__meta_consul_tags] 48 | regex: .*,_app=([^,]+),.* 49 | replacement: ${1} 50 | target_label: _app 51 | - source_labels: [__meta_consul_tags] 52 | regex: .*,_service=([^,]+),.* 53 | replacement: ${1} 54 | target_label: _service 55 | - source_labels: [__meta_consul_tags] 56 | regex: .*,_hostname=([^,]+),.* 57 | replacement: ${1} 58 | target_label: _hostname 59 | - source_labels: [__meta_consul_tags] 60 | regex: .*,_environment=([^,]+),.* 61 | replacement: ${1} 62 | target_label: _environment 63 | 64 | - job_name: 'nomad_metrics' 65 | 66 | consul_sd_configs: 67 | - server: ':8500' 68 | services: ['nomad-clients', 'nomad-servers'] 69 | 70 | relabel_configs: 71 | - source_labels: ['__meta_consul_tags'] 72 | regex: '(.*)http(.*)' 73 | action: keep 74 | 75 | scrape_interval: 5s 76 | metrics_path: /v1/metrics 77 | params: 78 | format: ['prometheus'] 79 | 80 | - job_name: 'unifipoller' 81 | scrape_interval: 30s 82 | static_configs: 83 | - targets: ['unifipoller.service.'] 84 | 85 | - job_name: 'pihole01' 86 | scrape_interval: 30s 87 | static_configs: 88 | - targets: [':9617'] 89 | 90 | - job_name: 'pihole02' 91 | scrape_interval: 30s 92 | static_configs: 93 | - targets: [':9617'] 94 | -------------------------------------------------------------------------------- /traefik/traefik.toml: -------------------------------------------------------------------------------- 1 | [entrypoints] 2 | [entrypoints.http] 3 | address = ":80" 4 | 5 | [providers] 6 | [providers.consulCatalog] 7 | prefix = "traefik" 8 | requireConsistent = true # Also tried with False here, no difference 9 | exposedByDefault = true 10 | defaultRule = "Host(`{{ .Name }}.service.your.domain`)" 11 | [providers.consulCatalog.endpoint] 12 | address = "http://:8500" 13 | scheme = "http" 14 | 15 | [api] 16 | dashboard = true 17 | insecure = true 18 | debug = true 19 | 20 | [metrics] 21 | [metrics.prometheus] 22 | 23 | [log] 24 | level = "INFO" 25 | -------------------------------------------------------------------------------- /unifipoller/config/up.conf: -------------------------------------------------------------------------------- 1 | [unifi.defaults] 2 | url = "https://" 3 | user = "" 4 | pass = "" 5 | [loki] 6 | url = "http://loki.service." 7 | -------------------------------------------------------------------------------- /vault/vault.hcl: -------------------------------------------------------------------------------- 1 | cluster_name = "" 2 | max_lease_ttl = "768h" 3 | default_lease_ttl = "768h" 4 | 5 | disable_clustering = "True" 6 | cluster_addr = "http://:8201" 7 | api_addr = "http://:8200" 8 | disable_mlock = "True" 9 | 10 | listener "tcp" { 11 | address = ":8200" 12 | cluster_address = ":8201" 13 | tls_disable = "true" 14 | } 15 | 16 | backend "consul" { 17 | address = ":8500" 18 | path = "vault" 19 | service = "vault" 20 | scheme = "http" 21 | } 22 | ui = true 23 | --------------------------------------------------------------------------------