From c527e48804be0254c0bb3c53bbe59a3caff38c77 Mon Sep 17 00:00:00 2001
From: cventastic <sven@sven-holter.de>
Date: Mon, 20 Dec 2021 20:03:14 +0100
Subject: [PATCH] put networks into .env and added monitoring hosts

---
 README.md                 |   3 +-
 docker-compose.yml        | 111 +++++++++++++++++++++++++++++++++-----
 prometheus/prometheus.yml |  42 +++++++++++++++
 3 files changed, 143 insertions(+), 13 deletions(-)
 create mode 100644 prometheus/prometheus.yml

diff --git a/README.md b/README.md
index 8fc5925a..909bf624 100644
--- a/README.md
+++ b/README.md
@@ -4,7 +4,7 @@ Tested on Ubuntu 20.04.3 LTS
 docker <br />
 docker-compose <br />
 DNS A-Record pointing to your server <br />
-Paste wireguard wg0.conf from wireguard-server to wireguard/config/wg0.conf
+Wireguard-Server: Paste wireguard wg0.conf from wireguard-server to wireguard/config/wg0.conf <br />
 
 #### Usage
 
@@ -63,6 +63,7 @@ Check if there is a file here /traefic/letsencrypt/acme.json if yes, you have to
 Otherwise traefik will not issue the certificate for an existing domain. <br />
 
 #### TODO !!!! 
+alles uebr traefik aufen lassen?
 mal alle geth clients mit erigon vergleichen
 
 General Monitoring <br />
diff --git a/docker-compose.yml b/docker-compose.yml
index c0facf16..aae9507a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -2,6 +2,7 @@ version: '3.1'
 
 services:
 
+### TRAEFIK
 #  Basic Auth not working. Problems with parsing var from .env
 #  traefik:
 #    image: traefik:latest
@@ -11,7 +12,7 @@ services:
 #      - "443:443"
 #      - "127.0.0.1:8080:8080"
 #    networks:
-#      - pocket
+#      - $NET_POKT
 #    command:
 #      - "--api=true"
 #      - "--api.insecure=true"
@@ -32,6 +33,7 @@ services:
 #      - "traefik.enable=true"
 #      - 'traefik.http.middlewares.auth.basicauth.users=$AUTH_HTTP'
 
+### NODES
   geth-goerli:
     image: ethereum/client-go:latest
     expose:
@@ -42,7 +44,7 @@ services:
       - geth-goerli:/.goerli
     command: "--goerli --http --http.api eth,net --http.addr 0.0.0.0 --http.port 8545 --http.vhosts=* --syncmode full --datadir .goerli --verbosity 3"
     networks:
-      - pocket
+      - $NET_POKT
 
   geth-rinkeby:
     image: ethereum/client-go:latest
@@ -54,7 +56,7 @@ services:
       - geth-rinkeby:/.rinkeby
     command: "--rinkeby --http --http.api eth,net --http.addr 0.0.0.0 --http.port 8545 --http.vhosts=* --syncmode full --datadir .rinkeby --verbosity 3"
     networks:
-      - pocket
+      - $NET_POKT
     restart: unless-stopped
 
   geth-ropsten:
@@ -67,7 +69,7 @@ services:
       - geth-ropsten:/.ropsten
     command: "--ropsten --http --http.api eth,net --http.addr 0.0.0.0 --http.port 8545 --http.vhosts=* --syncmode full --datadir .ropsten --verbosity 3"
     networks:
-      - pocket
+      - $NET_POKT
     restart: unless-stopped
 
   geth-mainnet:
@@ -80,7 +82,7 @@ services:
       - geth-mainnet:/.mainnet
     command: "--http  --http.api eth,net --http.addr 0.0.0.0 --http.port 8545 --http.vhosts=* --syncmode full --datadir .mainnet --verbosity 3"
     networks:
-      - pocket
+      - $NET_POKT
     restart: unless-stopped
 
   erigon-trace:
@@ -92,7 +94,7 @@ services:
       - erigon-trace:/home/erigon/.local/share/erigon
     command: erigon --chain mainnet --metrics --metrics.addr=0.0.0.0 --metrics.port=6060 --private.api.addr=0.0.0.0:9090 --pprof --pprof.addr=0.0.0.0 --pprof.port=6061
     networks:
-      - pocket
+      - $NET_POKT
     restart: unless-stopped
 
   rpcdaemon:
@@ -106,6 +108,8 @@ services:
     restart: unless-stopped
     depends_on:
       - "erigon-trace"
+    networks:
+      - $NET_POKT
 
   avalanche:
     image: avaplatform/avalanchego
@@ -117,7 +121,7 @@ services:
       - avalanche:/root/.avalanche
     command: "/avalanchego/build/avalanchego --http-host="
     networks:
-      - pocket
+      - $NET_POKT
     restart: unless-stopped
 
   pocket-testnet:
@@ -137,7 +141,7 @@ services:
       - ./chains/chains_testnet.json:/home/app/.pocket/config/chains.json
       - pocket-testnet:/home/app/.pocket
     networks:
-      - pocket
+      - $NET_POKT
     restart: unless-stopped
 
   pocket-mainnet:
@@ -159,7 +163,7 @@ services:
       - ./bootstrap_skript/pokt_mainnet.sh:/home/app/.pocket/pokt_mainnet.sh
       - pocket-mainnet:/home/app/.pocket
     networks:
-      - pocket
+      - $NET_POKT
 #    labels:
 #      - "traefik.enable=true"
 #      - "traefik.http.services.myservice.loadbalancer.server.port=8081"
@@ -169,6 +173,9 @@ services:
 #      - "traefik.http.routers.pocket-mainnet.middlewares=auth"
     restart: unless-stopped
 
+
+### WIREGUARD
+
   wireguard:
     image: lscr.io/linuxserver/wireguard
     container_name: wireguard
@@ -179,15 +186,91 @@ services:
       - PUID=$PUID
       - PGID=$PGID
     volumes:
-      - .wireguard/config:/config
+      - ./wireguard/config/wg0.conf:/config/wg0.conf
       - /lib/modules:/lib/modules
     ports:
       - $SERVERPORT:$SERVERPORT/udp
     sysctls:
       - net.ipv4.conf.all.src_valid_mark=1
     restart: unless-stopped
+    networks:
+      - $NET_MONITOR
 
+### MONITORING
 
+  prometheus:
+    image: prom/prometheus:v2.30.3
+    container_name: prometheus
+    volumes:
+      - ./prometheus:/etc/prometheus
+      - prometheus_data:/prometheus
+    command:
+      - '--config.file=/etc/prometheus/prometheus.yml'
+      - '--storage.tsdb.path=/prometheus'
+      - '--web.console.libraries=/etc/prometheus/console_libraries'
+      - '--web.console.templates=/etc/prometheus/consoles'
+      - '--storage.tsdb.retention.time=200h'
+      - '--web.enable-lifecycle'
+    restart: unless-stopped
+    expose:
+      - 9090
+    networks:
+      - $NET_MONITOR
+    labels:
+      org.label-schema.group: "monitoring"
+
+  nodeexporter:
+    image: prom/node-exporter:v1.2.2
+    container_name: nodeexporter
+    volumes:
+      - /proc:/host/proc:ro
+      - /sys:/host/sys:ro
+      - /:/rootfs:ro
+    command:
+      - '--path.procfs=/host/proc'
+      - '--path.rootfs=/rootfs'
+      - '--path.sysfs=/host/sys'
+      - '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)'
+    restart: unless-stopped
+    expose:
+      - 9100
+    networks:
+      - $NET_MONITOR
+    labels:
+      org.label-schema.group: "monitoring"
+
+  cadvisor:
+    image: gcr.io/cadvisor/cadvisor:v0.42.0
+    container_name: cadvisor
+    privileged: true
+    devices:
+      - /dev/kmsg:/dev/kmsg
+    volumes:
+      - /:/rootfs:ro
+      - /var/run:/var/run:ro
+      - /sys:/sys:ro
+      - /var/lib/docker:/var/lib/docker:ro
+      #- /cgroup:/cgroup:ro #doesn't work on MacOS only for Linux
+    restart: unless-stopped
+    expose:
+      - 8080
+    networks:
+      - $NET_MONITOR
+    labels:
+      org.label-schema.group: "monitoring"
+
+  pushgateway:
+    image: prom/pushgateway:v1.4.2
+    container_name: pushgateway
+    restart: unless-stopped
+    expose:
+      - 9091
+    networks:
+      - $NET_MONITOR
+    labels:
+      org.label-schema.group: "monitoring"
+
+### VOLUMES
 
 volumes:
   geth-goerli:
@@ -198,8 +281,12 @@ volumes:
   avalanche:
   pocket-testnet:
   pocket-mainnet:
+  prometheus_data:
+
+### NETWORKS
 
 networks:
-  pocket:
+  $NET_MONITOR:
+    driver: bridge
+  $NET_POKT:
     driver: bridge
-
diff --git a/prometheus/prometheus.yml b/prometheus/prometheus.yml
new file mode 100644
index 00000000..8717b3f1
--- /dev/null
+++ b/prometheus/prometheus.yml
@@ -0,0 +1,42 @@
+global:
+  scrape_interval:     15s
+  evaluation_interval: 15s
+
+  # Attach these labels to any time series or alerts when communicating with
+  # external systems (federation, remote storage, Alertmanager).
+  external_labels:
+      monitor: 'docker-host-alpha'
+
+# Load and evaluate rules in this file every 'evaluation_interval' seconds.
+rule_files:
+  - "alert.rules"
+
+# A scrape configuration containing exactly one endpoint to scrape.
+scrape_configs:
+  - job_name: 'nodeexporter'
+    scrape_interval: 5s
+    static_configs:
+      - targets: ['nodeexporter:9100']
+
+  - job_name: 'cadvisor'
+    scrape_interval: 5s
+    static_configs:
+      - targets: ['cadvisor:8080']
+
+  - job_name: 'prometheus'
+    scrape_interval: 10s
+    static_configs:
+      - targets: ['localhost:9090']
+
+  - job_name: 'pushgateway'
+    scrape_interval: 10s
+    honor_labels: true
+    static_configs:
+      - targets: ['pushgateway:9091']
+
+alerting:
+  alertmanagers:
+  - scheme: http
+    static_configs:
+    - targets:
+      - 'alertmanager:9093'
\ No newline at end of file