|
|
version: '3.8' |
|
|
|
|
|
services: |
|
|
|
|
|
|
|
|
|
|
|
auto-guardian: |
|
|
build: |
|
|
context: . |
|
|
dockerfile: Dockerfile |
|
|
container_name: auto-guardian-system |
|
|
restart: unless-stopped |
|
|
privileged: true |
|
|
volumes: |
|
|
|
|
|
- ./logs:/app/logs:rw |
|
|
|
|
|
|
|
|
- ./config:/app/config:rw |
|
|
|
|
|
|
|
|
- /var/log/auth.log:/var/log/auth.log:ro |
|
|
- /var/log/syslog:/var/log/syslog:ro |
|
|
- /var/log/nginx/access.log:/var/log/nginx/access.log:ro |
|
|
|
|
|
|
|
|
- /lib/modules:/lib/modules:ro |
|
|
|
|
|
environment: |
|
|
|
|
|
- TZ=UTC |
|
|
- PYTHONUNBUFFERED=1 |
|
|
- LOG_LEVEL=INFO |
|
|
|
|
|
|
|
|
- AG_MODE=docker |
|
|
- AG_CONFIG_PATH=/app/config/settings.yaml |
|
|
- AG_LOG_PATH=/app/logs |
|
|
|
|
|
|
|
|
- AG_API_HOST=0.0.0.0 |
|
|
- AG_API_PORT=8000 |
|
|
|
|
|
|
|
|
- AG_NOTIFICATIONS_ENABLED=true |
|
|
- AG_SLACK_WEBHOOK_URL=${SLACK_WEBHOOK_URL:-} |
|
|
- AG_DISCORD_WEBHOOK_URL=${DISCORD_WEBHOOK_URL:-} |
|
|
|
|
|
networks: |
|
|
- security-network |
|
|
ports: |
|
|
- "8000:8000" |
|
|
|
|
|
healthcheck: |
|
|
test: ["CMD", "python", "-c", "import requests; requests.get('http://localhost:8000/health')"] |
|
|
interval: 30s |
|
|
timeout: 10s |
|
|
retries: 3 |
|
|
start_period: 10s |
|
|
|
|
|
labels: |
|
|
- "com.autoguardian.version=1.3.0" |
|
|
- "com.autoguardian.service=auto-guardian" |
|
|
|
|
|
logging: |
|
|
driver: json-file |
|
|
options: |
|
|
max-size: "100m" |
|
|
max-file: "5" |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
prometheus: |
|
|
image: prom/prometheus:v2.48.0 |
|
|
container_name: prometheus |
|
|
restart: unless-stopped |
|
|
volumes: |
|
|
- ./prometheus.yml:/etc/prometheus/prometheus.yml:ro |
|
|
- prometheus-data:/prometheus |
|
|
command: |
|
|
- '--config.file=/etc/prometheus/prometheus.yml' |
|
|
- '--storage.tsdb.path=/prometheus' |
|
|
- '--storage.tsdb.retention.time=15d' |
|
|
- '--web.enable-lifecycle' |
|
|
- '--web.enable-admin-api' |
|
|
networks: |
|
|
- security-network |
|
|
ports: |
|
|
- "9090:9090" |
|
|
healthcheck: |
|
|
test: ["CMD", "wget", "--spider", "-q", "http://localhost:9090/-/healthy"] |
|
|
interval: 30s |
|
|
timeout: 10s |
|
|
retries: 3 |
|
|
labels: |
|
|
- "com.autoguardian.service=prometheus" |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
grafana: |
|
|
image: grafana/grafana:10.2.0 |
|
|
container_name: grafana |
|
|
restart: unless-stopped |
|
|
environment: |
|
|
|
|
|
- GF_SECURITY_ADMIN_USER=${GRAFANA_USER:-admin} |
|
|
- GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_PASSWORD:-autoguardian} |
|
|
- GF_USERS_ALLOW_SIGN_UP=false |
|
|
- GF_INSTALL_PLUGINS=grafana-clock-panel,grafana-simple-json-datasource |
|
|
|
|
|
|
|
|
- GF_SMTP_ENABLED=${GRAFANA_SMTP_ENABLED:-false} |
|
|
- GF_SMTP_HOST=${GRAFANA_SMTP_HOST:-} |
|
|
- GF_SMTP_USER=${GRAFANA_SMTP_USER:-} |
|
|
- GF_SMTP_PASSWORD=${GRAFANA_SMTP_PASSWORD:-} |
|
|
|
|
|
volumes: |
|
|
- grafana-data:/var/lib/grafana |
|
|
- ./grafana/provisioning:/etc/grafana/provisioning:ro |
|
|
- ./grafana/dashboards:/var/lib/grafana/dashboards:ro |
|
|
|
|
|
networks: |
|
|
- security-network |
|
|
ports: |
|
|
- "3000:3000" |
|
|
depends_on: |
|
|
- prometheus |
|
|
healthcheck: |
|
|
test: ["CMD", "wget", "--spider", "-q", "http://localhost:3000/api/health"] |
|
|
interval: 30s |
|
|
timeout: 10s |
|
|
retries: 3 |
|
|
labels: |
|
|
- "com.autoguardian.service=grafana" |
|
|
|
|
|
logging: |
|
|
driver: json-file |
|
|
options: |
|
|
max-size: "50m" |
|
|
max-file: "3" |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
alerts-worker: |
|
|
build: |
|
|
context: . |
|
|
dockerfile: Dockerfile |
|
|
container_name: alerts-worker |
|
|
restart: unless-stopped |
|
|
command: ["python", "-m", "src.notifiers.worker"] |
|
|
volumes: |
|
|
- ./logs:/app/logs:rw |
|
|
- ./config:/app/config:rw |
|
|
environment: |
|
|
- TZ=UTC |
|
|
- PYTHONUNBUFFERED=1 |
|
|
- AG_MODE=worker |
|
|
- AG_CONFIG_PATH=/app/config/settings.yaml |
|
|
- AG_REDIS_URL=redis://redis:6379/0 |
|
|
networks: |
|
|
- security-network |
|
|
depends_on: |
|
|
redis: |
|
|
condition: service_healthy |
|
|
profiles: |
|
|
- production |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
redis: |
|
|
image: redis:7-alpine |
|
|
container_name: redis |
|
|
restart: unless-stopped |
|
|
command: redis-server --appendonly yes --maxmemory 256mb --maxmemory-policy allkeys-lru |
|
|
volumes: |
|
|
- redis-data:/data |
|
|
networks: |
|
|
- security-network |
|
|
ports: |
|
|
- "6379:6379" |
|
|
healthcheck: |
|
|
test: ["CMD", "redis-cli", "ping"] |
|
|
interval: 10s |
|
|
timeout: 5s |
|
|
retries: 3 |
|
|
labels: |
|
|
- "com.autoguardian.service=redis" |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
nginx: |
|
|
image: nginx:alpine |
|
|
container_name: nginx-proxy |
|
|
restart: unless-stopped |
|
|
volumes: |
|
|
- ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro |
|
|
- ./nginx/conf.d:/etc/nginx/conf.d:ro |
|
|
- ./nginx/html:/usr/share/nginx/html:ro |
|
|
networks: |
|
|
- security-network |
|
|
ports: |
|
|
- "80:80" |
|
|
- "443:443" |
|
|
depends_on: |
|
|
- auto-guardian |
|
|
- grafana |
|
|
profiles: |
|
|
- production |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
networks: |
|
|
security-network: |
|
|
driver: bridge |
|
|
ipam: |
|
|
config: |
|
|
- subnet: 172.28.0.0/16 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
volumes: |
|
|
prometheus-data: |
|
|
driver: local |
|
|
grafana-data: |
|
|
driver: local |
|
|
redis-data: |
|
|
driver: local |
|
|
|
