monitoring-host.docker-compose.yaml

version: '3'
services:

  prometheus:
    restart: unless-stopped
    image: "prom/prometheus:v2.46.0"
    volumes:
      - "./prometheus/pixelflut.yml:/etc/prometheus/prometheus.yml"
      - 'prometheus-data:/prometheus'
    networks:
      - monitoring_internal
    extra_hosts:
      - "host.docker.internal:host-gateway"
      - "host.pixelflut:${pixelflut_host}"

  grafana:
    restart: unless-stopped
    image: grafana/grafana:10.0.3
    networks:
      - proxy
      - monitoring_internal
    volumes:
      - './grafana/provisioning:/etc/grafana/provisioning/'
      - 'grafana-data:/var/lib/grafana'
    environment:
      GF_SECURITY_ADMIN_PASSWORD: "${grafana_admin_password}"
      GF_USERS_ALLOW_SIGN_UP: 'false'
      GF_USERS_AUTO_ASSIGN_ORG: 'true'
      GF_USERS_AUTO_ASSIGN_ORG_ROLE: 'Admin'
      GF_SERVER_ROOT_URL: '%(protocol)s://%(domain)s:%(http_port)s/grafana/'
      GF_SERVER_SERVE_FROM_SUB_PATH: 'true'
      GF_SECURITY_ALLOW_EMBEDDING: 'true'
      GF_AUTH_ANONYMOUS_ENABLED: "${grafana_anonymous_access}"
    labels:
      - 'traefik.enable=true'
      - 'traefik.http.routers.grafana.rule=Host(`${monitoring_domain}`) && PathPrefix(`/grafana`)'
      - 'traefik.http.routers.grafana.priority=6'
      - 'traefik.http.routers.grafana.entrypoints=websecure'

  traefik:
    image: "traefik:v2.10"
    restart: unless-stopped
    command:
      - '--api'
      - '--api.dashboard=true'
      - '--ping=true'
      - '--ping.entrypoint=websecure'
      - '--providers.docker=true'
      - '--providers.docker.exposedbydefault=false'
      - '--providers.docker.network=pixelflut-infrastructure_proxy'

      - '--entrypoints.web.address=:80'
      - '--entrypoints.web.http.redirections.entrypoint.to=websecure'
      - '--entrypoints.websecure.address=:443'
      - '--entrypoints.websecure.http.tls=true'
      - '--entrypoints.websecure.http.tls.certResolver=letsencrypt'

      - '--certificatesresolvers.letsencrypt.acme.email=${letsencrypt_email}'
      - '--certificatesresolvers.letsencrypt.acme.storage=/acme/acme.json'
      - '--certificatesresolvers.letsencrypt.acme.tlschallenge=true'
      # Comment out next line to get letsencrypt production certificates
      - '--certificatesresolvers.letsencrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory'

      #- '--log.level=DEBUG'
    networks:
      - proxy
    ports:
      - '80:80'
      - '443:443'
    volumes:
      - '/var/run/docker.sock:/var/run/docker.sock:ro'
      - 'acme-store:/acme'
    labels:
      - 'traefik.enable=true'
      # since Traefik don't allow to change the api path the referer is used as rule (https://github.com/traefik/traefik/issues/5853)
      - 'traefik.http.routers.dashboard.rule=Host(`${monitoring_domain}`) && (PathPrefix(`/traefik/dashboard`) || HeadersRegexp(`Referer`, `.*\/traefik\/dashboard\/.*`))'
      - 'traefik.http.routers.dashboard.priority=20'
      - 'traefik.http.routers.dashboard.service=api@internal'
      - 'traefik.http.routers.dashboard.entrypoints=websecure'
      - 'traefik.http.routers.dashboard.middlewares=strip-prefix-traefik'
      - 'traefik.http.middlewares.strip-prefix-traefik.stripprefix.prefixes=/traefik'

      - 'traefik.http.routers.dashboard-redirect.rule=PathPrefix(`/traefik`)'
      - 'traefik.http.routers.dashboard-redirect.priority=10'
      - 'traefik.http.routers.dashboard-redirect.service=noop@internal'
      - 'traefik.http.routers.dashboard-redirect.entrypoints=websecure'
      - 'traefik.http.routers.dashboard-redirect.middlewares=dashboard-redirect'
      - 'traefik.http.middlewares.dashboard-redirect.redirectregex.regex=^(https://.*)/traefik.*'
      - 'traefik.http.middlewares.dashboard-redirect.redirectregex.replacement=$${1}/traefik/dashboard/'

  owncast:
    image: gabekangas/owncast:0.1.1
    restart: unless-stopped
    volumes:
      - "./owncast/logs:/app/data/logs"
      - "owncast-data:/app/data"
    networks:
      - proxy
    labels:
      - 'traefik.enable=true'
      - 'traefik.http.routers.owncast.rule=Host(`${monitoring_domain}`)'
      - 'traefik.http.routers.owncast.priority=5'
      - 'traefik.http.routers.owncast.entrypoints=websecure'
      - 'traefik.http.services.owncast.loadbalancer.server.port=8080'

  glances:
    image: nicolargo/glances:3.4.0.3-full
    restart: unless-stopped
    pid: host
    network_mode: host
    environment:
      GLANCES_OPT: "--quiet --export prometheus"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./glances/monitoring-config.conf:/glances/conf/glances.conf

  wiper:
    image: ghcr.io/poeschl/pixelpwnr
    container_name: canvas_wiper
    volumes:
      - ./wiper:/wiper
    network_mode: "host"
    entrypoint: ["sh", "-c",
      "timeout 60 sh -c 'until nc -z ${pixelflut_host} 1234; do sleep 1; done';
      pixelpwnr ${pixelflut_host}:1234 -i /wiper/background.png -c 1 -w ${pixelflut_canvas_width} -h ${pixelflut_canvas_height} 
      & pid=$$! && sleep 30 && kill -9 $$pid"]

  scheduler:
    image: mcuadros/ofelia:v0.3.6
    restart: unless-stopped
    command: daemon --docker
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    labels:
      ofelia.job-run.wiper.schedule: "@every 1h"
      ofelia.job-run.wiper.container: "canvas_wiper"

  vnc2rtmp:
    image: restreamio/gstreamer:2023-05-15T14-10-06Z-prod-dbg
    restart: unless-stopped
    volumes:
      - "./record:/record"
    networks:
      - proxy
    entrypoint: >
      /bin/sh -c '
      gst-launch-1.0
      rfbsrc host=${pixelflut_host} port=5901 shared=false view-only=true !
      videoconvert ! x264enc speed-preset=veryfast tune=zerolatency bitrate=${stream_bitrate} !
      tee name=videoSplit ! queue !
      flvmux name=mux metadatacreator="${record_file_identifier}" encoder="Pixelflut VNC Bridge" ! queue !
      rtmpsink location='rtmp://owncast:1935/live/${streaming_key}'
      audiotestsrc wave=silence ! avenc_aac ! mux.
      videoSplit. ! queue ! valve drop=${disable_video_recording} !
      matroskamux writing-app="Pixelflut VNC Bridge" !
      filesink location="/record/${record_file_identifier}-$$(date +%Y-%m-%d_%H-%M).mkv"'

networks:
  proxy:
  monitoring_internal:

volumes:
  grafana-data:
  prometheus-data:
  acme-store:
  owncast-data: