networks:
  monitoring:
    driver: bridge
volumes:
  prometheus_data: null
  grafana_data: null
services:
  prometheus:
    image: prom/prometheus:latest
    container_name: prometheus
    restart: unless-stopped
    ports:
    - 127.0.0.1:9091:9090
    volumes:
    - ./prometheus.yml:/etc/prometheus/prometheus.yml:ro
    - ./targets:/etc/prometheus/targets:ro
    - prometheus_data:/prometheus
    command:
    - --config.file=/etc/prometheus/prometheus.yml
    - --storage.tsdb.path=/prometheus
    - --storage.tsdb.retention.time=90d
    - --web.enable-lifecycle
    extra_hosts:
    - host.docker.internal:host-gateway
    networks:
    - monitoring
    healthcheck:
      test:
      - CMD
      - wget
      - -qO-
      - http://localhost:9090/-/healthy
      interval: 30s
      timeout: 5s
      retries: 3
  node-exporter:
    image: prom/node-exporter:latest
    container_name: node-exporter
    restart: unless-stopped
    ports:
    - 127.0.0.1:9100:9100
    volumes:
    - /proc:/host/proc:ro
    - /sys:/host/sys:ro
    - /:/rootfs:ro
    - /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket:ro
    - /var/lib/prometheus/node-exporter:/textfile:ro
    command:
    - --path.procfs=/host/proc
    - --path.sysfs=/host/sys
    - --path.rootfs=/rootfs
    - --collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)
    - --collector.netclass.ignored-devices=^(veth.*|br-.*|docker.*)$$
    - --collector.diskstats.device-exclude=^(ram|loop|fd|dm-)\d+$$
    - --collector.systemd
    - --collector.systemd.unit-include=.+
    - --collector.textfile.directory=/textfile
    pid: host
    security_opt:
    - apparmor:unconfined
    networks:
    - monitoring
    healthcheck:
      test:
      - CMD
      - wget
      - --spider
      - -q
      - http://localhost:9100/metrics
      interval: 30s
      timeout: 5s
      retries: 3
  cadvisor:
    image: gcr.io/cadvisor/cadvisor:latest
    container_name: cadvisor
    restart: unless-stopped
    ports:
    - 127.0.0.1:8082:8080
    volumes:
    - /:/rootfs:ro
    - /var/run:/var/run:ro
    - /sys:/sys:ro
    - /var/lib/docker/:/var/lib/docker:ro
    - /dev/disk/:/dev/disk:ro
    privileged: true
    devices:
    - /dev/kmsg
    networks:
    - monitoring
    healthcheck:
      test:
      - CMD
      - wget
      - --spider
      - -q
      - http://localhost:8080/healthz
      interval: 30s
      timeout: 5s
      retries: 3
  nginx-exporter:
    image: nginx/nginx-prometheus-exporter:latest
    container_name: nginx-exporter
    restart: unless-stopped
    network_mode: host
    command:
    - --nginx.scrape-uri=http://127.0.0.1:8888/nginx_status
    - --web.listen-address=0.0.0.0:9113
  grafana:
    image: grafana/grafana:latest
    container_name: grafana
    restart: unless-stopped
    ports:
    - 127.0.0.1:3001:3000
    environment:
    - GF_SECURITY_ADMIN_USER=jmiller
    - GF_SECURITY_ADMIN_PASSWORD=#2918HeatherfieldDrive
    - GF_SERVER_ROOT_URL=https://bench.mokoconsulting.tech/
    - GF_SERVER_DOMAIN=bench.mokoconsulting.tech
    - GF_AUTH_ANONYMOUS_ENABLED=true
    - GF_AUTH_ANONYMOUS_ORG_ROLE=Viewer
    - GF_AUTH_ANONYMOUS_ORG_ID=1
    - GF_USERS_ALLOW_SIGN_UP=false
    - GF_USERS_ALLOW_ORG_CREATE=false
    - GF_SECURITY_COOKIE_SECURE=true
    - GF_SECURITY_STRICT_TRANSPORT_SECURITY=true
    - GF_SECURITY_X_CONTENT_TYPE_OPTIONS=true
    - GF_SECURITY_X_XSS_PROTECTION=true
    - GF_LOG_MODE=console
    - GF_LOG_LEVEL=debug
    - GF_USERS_DEFAULT_THEME=dark
    - GF_BRANDING_APP_TITLE=Moko Bench
    - GF_BRANDING_LOGIN_TITLE=Moko Consulting
    - GF_BRANDING_LOGIN_SUBTITLE=Server Performance Dashboard
    - GF_DATE_FORMATS_FULL_DATE=YYYY-MM-DD HH:mm:ss
    - GF_INSTALL_PLUGINS=grafana-clock-panel,grafana-polystat-panel,yesoreyeram-infinity-datasource,natel-discrete-panel
    - GF_AUTH_GOOGLE_ENABLED=true
    - GF_AUTH_GOOGLE_CLIENT_ID=349391103517-oiq974b2gq4r3t9f9cf43im31gtruhml.apps.googleusercontent.com
    - GF_AUTH_GOOGLE_CLIENT_SECRET=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
    - GF_AUTH_GOOGLE_SCOPES=openid email profile
    - GF_AUTH_GOOGLE_AUTH_URL=https://accounts.google.com/o/oauth2/v2/auth
    - GF_AUTH_GOOGLE_TOKEN_URL=https://oauth2.googleapis.com/token
    - GF_AUTH_GOOGLE_ALLOWED_DOMAINS=mokoconsulting.tech
    - GF_AUTH_GOOGLE_ALLOW_SIGN_UP=true
    - GF_AUTH_GOOGLE_AUTO_LOGIN=false
    - GF_AUTH_GOOGLE_SKIP_ORG_ROLE_SYNC=true
    - GF_USERS_AUTO_ASSIGN_ORG_ROLE=Admin
    volumes:
    - grafana_data:/var/lib/grafana
    - ./grafana/provisioning:/etc/grafana/provisioning:ro
    - ./grafana/custom.ini:/etc/grafana/grafana.ini:ro
    - ./grafana/dashboards:/var/lib/grafana/dashboards:ro
    networks:
    - monitoring
    depends_on:
      prometheus:
        condition: service_healthy
    healthcheck:
      test:
      - CMD
      - wget
      - --spider
      - -q
      - http://localhost:3000/api/health
      interval: 30s
      timeout: 5s
      retries: 3
  mysqld-exporter:
    image: prom/mysqld-exporter:latest
    container_name: mysqld-exporter
    restart: unless-stopped
    network_mode: host
    volumes:
    - /opt/gitea-server-setup/docker/monitoring/.mysqld-exporter.cnf:/cfg/.my.cnf:ro
    environment:
      MYSQLD_EXPORTER_PASSWORD: exporter_moko_2026
    command:
    - --config.my-cnf=/cfg/.my.cnf
    - --web.listen-address=127.0.0.1:9104
    healthcheck:
      test:
      - CMD-SHELL
      - wget -q --spider http://localhost:9104/metrics || exit 1
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 15s