services:
  prometheus:
    image: prom/prometheus:v3.4.0
    container_name: prometheus
    privileged: true
    user: root
    restart: unless-stopped
    volumes:
      - ./config/prometheus:/etc/prometheus
      - ./hdd0/prometheus:/prometheus   # For Prometheus data persistence
    command:
      - '--config.file=/etc/prometheus/prometheus.yml'
      - '--storage.tsdb.path=/prometheus'
      - '--web.console.libraries=/usr/share/prometheus/console_libraries'
      - '--web.console.templates=/usr/share/prometheus/consoles'
      - '--web.enable-lifecycle' # Allows hot-reloading of config via API
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.prometheus.rule=Host(`prometheus.bouvais.lu`)"
      - "traefik.http.routers.prometheus.entrypoints=websecure"
      - "traefik.http.routers.prometheus.tls.certresolver=myresolver"
      - "traefik.http.routers.prometheus.service=prometheus"
      - "traefik.http.services.prometheus.loadbalancer.server.port=9090"
      - "traefik.http.routers.prometheus.middlewares=auth@docker"
    depends_on:
      - cadvisor
      - node-exporter

  grafana:
    image: grafana/grafana:12.0.1
    container_name: grafana
    privileged: true
    user: root
    restart: unless-stopped
    volumes:
      - ./hdd0/grafana:/var/lib/grafana
    environment:
      - GF_SECURITY_ADMIN_USER=adrien
      - GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_MY_PASSWORD}
      - GF_SERVER_ROOT_URL=https://grafana.bouvais.lu # Set this for correct links if behind a subpath
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.grafana.rule=Host(`grafana.bouvais.lu`)"
      - "traefik.http.routers.grafana.entrypoints=websecure"
      - "traefik.http.routers.grafana.tls.certresolver=myresolver"
      - "traefik.http.routers.grafana.service=grafana"
      - "traefik.http.services.grafana.loadbalancer.server.port=3000" # Grafana's default port
      - "traefik.http.routers.grafana.middlewares=auth@docker"
    depends_on:
      - prometheus

  cadvisor:
    image: gcr.io/cadvisor/cadvisor:v0.52.0
    container_name: cadvisor
    privileged: true
    restart: unless-stopped
    volumes:
      - /:/rootfs:ro
      - /var/run:/var/run:rw
      - /sys:/sys:ro
      - /var/lib/docker/:/var/lib/docker:ro
      - /dev/disk/:/dev/disk:ro
    devices:
      - /dev/kmsg:/dev/kmsg

  node-exporter:
    image: prom/node-exporter:v1.9.1
    container_name: node-exporter
    privileged: true
    restart: unless-stopped
    volumes:
      - /proc:/host/proc:ro
      - /sys:/host/sys:ro
      - /:/rootfs:ro
    command:
      - '--path.procfs=/host/proc'
      - '--path.sysfs=/host/sys'
      - '--path.rootfs=/rootfs'
      - '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/)'