Add Prometheus and Grafana services with alerting configuration

docker-compose.yml

@@ -14,6 +14,9 @@ volumes:
   pgadmin_data:
   authelia_config:
   authelia_db_data:
+  grafana_data:
+  prometheus_data:
+  alertmanager_data:
 
 ########################
 # Services
@@ -90,6 +93,7 @@ services:
       - --accesslog.filepath=/var/log/traefik/access.log
       - --accesslog.bufferingsize=100
       - --log.level=INFO
+      - --metrics.prometheus=true
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
       - traefik_letsencrypt:/letsencrypt
@@ -261,3 +265,73 @@ services:
       - traefik.http.routers.pgadmin.entrypoints=websecure
       - traefik.http.routers.pgadmin.tls.certresolver=le
       - traefik.http.services.pgadmin.loadbalancer.server.port=80
+
+  ## ─────────────────────────────────────────────
+  ## Prometheus — monitoring
+  ## ─────────────────────────────────────────────
+  prometheus:
+    image: prom/prometheus:latest
+    container_name: prometheus
+    restart: unless-stopped
+    networks: [traefik_proxy]
+    volumes:
+      - ./prometheus.yml:/etc/prometheus/prometheus.yml
+      - ./rules.yml:/etc/prometheus/rules.yml
+      - prometheus_data:/prometheus
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    command:
+      - '--config.file=/etc/prometheus/prometheus.yml'
+      - '--storage.tsdb.path=/prometheus'
+      - '--web.console.libraries=/etc/prometheus/console_libraries'
+      - '--web.console.templates=/etc/prometheus/consoles'
+      - '--storage.tsdb.retention.time=200h'
+      - '--web.enable-lifecycle'
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.prometheus.rule=Host(`prometheus.gate.${DOMAIN}`)
+      - traefik.http.routers.prometheus.entrypoints=websecure
+      - traefik.http.routers.prometheus.tls.certresolver=le
+      - traefik.http.routers.prometheus.middlewares=authelia@docker,security-headers
+      - traefik.http.services.prometheus.loadbalancer.server.port=9090
+
+  ## ─────────────────────────────────────────────
+  ## Grafana — visualization
+  ## ─────────────────────────────────────────────
+  grafana:
+    image: grafana/grafana:latest
+    container_name: grafana
+    restart: unless-stopped
+    networks: [traefik_proxy]
+    environment:
+      GF_SECURITY_ADMIN_PASSWORD: ${GRAFANA_ADMIN_PASSWORD}
+    volumes:
+      - grafana_data:/var/lib/grafana
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.grafana.rule=Host(`grafana.gate.${DOMAIN}`)
+      - traefik.http.routers.grafana.entrypoints=websecure
+      - traefik.http.routers.grafana.tls.certresolver=le
+      - traefik.http.routers.grafana.middlewares=authelia@docker,security-headers
+      - traefik.http.services.grafana.loadbalancer.server.port=3000
+
+  ## ─────────────────────────────────────────────
+  ## Alertmanager — alert handling
+  ## ─────────────────────────────────────────────
+  alertmanager:
+    image: prom/alertmanager:latest
+    container_name: alertmanager
+    restart: unless-stopped
+    networks: [traefik_proxy]
+    volumes:
+      - ./alertmanager.yml:/etc/alertmanager/alertmanager.yml
+      - alertmanager_data:/alertmanager
+    command:
+      - '--config.file=/etc/alertmanager/alertmanager.yml'
+      - '--storage.path=/alertmanager'
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.alertmanager.rule=Host(`alertmanager.gate.${DOMAIN}`)
+      - traefik.http.routers.alertmanager.entrypoints=websecure
+      - traefik.http.routers.alertmanager.tls.certresolver=le
+      - traefik.http.routers.alertmanager.middlewares=authelia@docker,security-headers
+      - traefik.http.services.alertmanager.loadbalancer.server.port=9093