# Grafana - Dashboards # Port: 3000 # Metrics visualization and dashboards version: "3.9" services: grafana: image: grafana/grafana:latest container_name: Grafana hostname: grafana networks: - grafana-net mem_limit: 512m cpu_shares: 512 security_opt: - no-new-privileges:true user: 1026:100 healthcheck: test: wget --no-verbose --tries=1 --spider http://localhost:3000/api/health ports: - 3340:3000 volumes: - /volume1/docker/grafana/data:/var/lib/grafana:rw environment: TZ: America/Los_Angeles GF_INSTALL_PLUGINS: grafana-clock-panel,grafana-simple-json-datasource,natel-discrete-panel,grafana-piechart-panel # Authentik SSO Configuration GF_SERVER_ROOT_URL: https://gf.vish.gg GF_AUTH_GENERIC_OAUTH_ENABLED: "true" GF_AUTH_GENERIC_OAUTH_NAME: Authentik GF_AUTH_GENERIC_OAUTH_CLIENT_ID: "REDACTED_CLIENT_ID" # pragma: allowlist secret GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: "REDACTED_CLIENT_SECRET" # pragma: allowlist secret GF_AUTH_GENERIC_OAUTH_SCOPES: openid profile email GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://sso.vish.gg/application/o/authorize/ GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://sso.vish.gg/application/o/token/ GF_AUTH_GENERIC_OAUTH_API_URL: https://sso.vish.gg/application/o/userinfo/ GF_AUTH_SIGNOUT_REDIRECT_URL: https://sso.vish.gg/application/o/grafana/end-session/ GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: "contains(groups[*], 'Grafana Admins') && 'Admin' || contains(groups[*], 'Grafana Editors') && 'Editor' || 'Viewer'" # Keep local admin auth working GF_AUTH_DISABLE_LOGIN_FORM: "false" restart: on-failure:5 prometheus: image: prom/prometheus command: - '--storage.tsdb.retention.time=60d' - --config.file=/etc/prometheus/prometheus.yml container_name: Prometheus hostname: prometheus-server networks: - grafana-net - prometheus-net mem_limit: 1g cpu_shares: 768 security_opt: - no-new-privileges=true user: 1026:100 healthcheck: test: wget --no-verbose --tries=1 --spider http://localhost:9090/ || exit 1 volumes: - /volume1/docker/grafana/prometheus:/prometheus:rw - /volume1/docker/grafana/prometheus.yml:/etc/prometheus/prometheus.yml:ro restart: on-failure:5 node-exporter: image: prom/node-exporter:latest command: - --collector.disable-defaults - --collector.stat - --collector.time - --collector.cpu - --collector.loadavg - --collector.hwmon - --collector.meminfo - --collector.diskstats container_name: Prometheus-Node hostname: prometheus-node networks: - prometheus-net mem_limit: 256m mem_reservation: 64m cpu_shares: 512 security_opt: - no-new-privileges=true read_only: true user: 1026:100 healthcheck: test: wget --no-verbose --tries=1 --spider http://localhost:9100/ restart: on-failure:5 snmp-exporter: image: prom/snmp-exporter:latest command: - --config.file=/etc/snmp_exporter/snmp.yml container_name: Prometheus-SNMP hostname: prometheus-snmp networks: - prometheus-net mem_limit: 256m mem_reservation: 64m cpu_shares: 512 security_opt: - no-new-privileges:true read_only: true user: 1026:100 healthcheck: test: wget --no-verbose --tries=1 --spider http://localhost:9116/ || exit 1 volumes: - /volume1/docker/grafana/snmp:/etc/snmp_exporter/:ro restart: on-failure:5 cadvisor: image: gcr.io/cadvisor/cadvisor:latest command: - '--docker_only=true' container_name: Prometheus-cAdvisor hostname: prometheus-cadvisor networks: - prometheus-net mem_limit: 256m mem_reservation: 64m cpu_shares: 512 security_opt: - no-new-privileges=true read_only: true volumes: - /:/rootfs:ro - /var/run:/var/run:ro - /sys:/sys:ro - /var/run/docker.sock:/var/run/docker.sock:ro restart: on-failure:5 networks: grafana-net: name: grafana-net ipam: config: - subnet: 192.168.50.0/24 prometheus-net: name: prometheus-net ipam: config: - subnet: 192.168.51.0/24