valknar/docker-compose
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
149 Commits 1 Branch 0 Tags
7f892a47d7c03071a07c9794addf8edf7ec2d711
Commit Graph

4 Commits

Author SHA1 Message Date
Sebastian Krüger
7f892a47d7 fix: mount individual Netdata config files instead of directory 
Changed from mounting entire go.d directory to mounting specific
config files (postgres.conf, filecheck.conf) to avoid conflicts
with Netdata's initialization script which needs to write to the
go.d directory during startup.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-11-08 18:53:26 +01:00
Sebastian Krüger
4b098b9463 feat: configure Netdata monitoring for PostgreSQL and Restic backups 
Added monitoring configurations for infrastructure services:

- **PostgreSQL monitoring** (netdata/go.d/postgres.conf):
  - Configured go.d postgres collector with netdata user credentials
  - Monitors core PostgreSQL instance at 172.18.0.5:5432
  - Tracks database performance, connections, queries, and replication

- **Restic backup monitoring** (netdata/go.d/filecheck.conf):
  - Configured go.d filecheck collector for backup repository
  - Monitors /mnt/hidrive/users/valknar/Backup directory
  - Tracks backup repository size and modification times
  - Detects backup failures via directory state changes

Infrastructure updates:
- Mounted go.d configuration directory in Netdata container
- Mounted HiDrive backup directory (read-only) for monitoring
- Persistent collector configurations across container restarts

All monitoring visible in Netdata dashboard at netdata.pivoine.art
with HTTP Basic Auth protection.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-11-08 18:50:19 +01:00
Sebastian Krüger
3c7aad09ad security: add HTTP Basic Auth to Netdata dashboard 
Added HTTP Basic Authentication to secure the Netdata monitoring dashboard:
- Added basicauth middleware using shared AUTH_USERS credentials
- Protects sensitive infrastructure metrics from unauthorized access
- Uses same credentials as Scrapy and other protected services
- Maintains SSL/TLS encryption via Traefik

Security improvements:
- Dashboard now requires username/password
- Prevents public access to server metrics
- Infrastructure monitoring data protected
- Follows security best practices from Netdata documentation

Access requires credentials stored in AUTH_USERS environment variable.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-11-08 18:37:01 +01:00
Sebastian Krüger
66579fa861 feat: add Netdata monitoring stack 
Added Netdata real-time monitoring system at netdata.pivoine.art:
- Real-time infrastructure and container monitoring
- Auto-discovers all Docker containers
- Tracks CPU, memory, disk, network usage per service
- Low overhead monitoring (~1-3% CPU)
- Self-hosted with web dashboard on port 19999

Configuration:
- Created netdata/compose.yaml with full Traefik integration
- Added to main compose.yaml include list
- Added environment variables to arty.yml
- Mounted Docker socket for container metrics
- Mounted system directories for host metrics (/proc, /sys, /var/log)
- Three persistent volumes: config, lib, cache
- Required capabilities: SYS_PTRACE, SYS_ADMIN for system monitoring
- Watchtower enabled for automatic updates

Benefits for infrastructure:
- Monitor 20+ running services in real-time
- Track PostgreSQL, Redis, Traefik performance
- Watch backup processes (Backrest/Restic)
- Monitor Jellyfin transcoding load
- Alert on resource issues before they become critical
- Historical data for capacity planning

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-11-08 18:28:47 +01:00