diff --git a/databases/docker-compose.yml b/databases/docker-compose.yml index 7eb1f48..ca8fa3b 100644 --- a/databases/docker-compose.yml +++ b/databases/docker-compose.yml @@ -27,20 +27,31 @@ services: networks: - db-net + # --- REDIS (New) --- + redis: + image: redis:alpine + container_name: redis + restart: always + # Note: Using 'Nyhjew-didvot-zypsa7' to stay consistent with your PG pass, + # or you can change this to a new one. + command: redis-server --requirepass "Nyhjew-didvot-zypsa7" --save 60 1 + ports: + - "6379:6379" + volumes: + - ./redis-data:/data + networks: + - db-net + # --- KOMODO AGENT (PERIPHERY) --- komodo-periphery: image: ghcr.io/moghtech/komodo-periphery:2 container_name: komodo-periphery restart: always environment: - # The Tailscale IP of VM1 (The Brain) PERIPHERY_CORE_ADDRESS: 100.80.179.128:9120 - # The name that will appear in your Komodo Web UI PERIPHERY_CONNECT_AS: Mystic-Databases - # Your Onboarding Key from the UI PERIPHERY_ONBOARDING_KEY: O_dPWwdaJNO7q87kgvPE4hnjaLlcsu_O PERIPHERY_SERVER_ENABLED: "true" - # Recommended for correct disk reporting PERIPHERY_INCLUDE_DISK_MOUNTS: /etc/hostname ports: - "8120:8120" @@ -51,7 +62,7 @@ services: networks: - db-net - # --- MONITORING EXPORTERS (Scraped by VM1) --- + # --- MONITORING EXPORTERS --- node-exporter: image: prom/node-exporter:latest container_name: node-exporter @@ -80,7 +91,7 @@ services: container_name: postgres-exporter restart: always environment: - - DATA_SOURCE_NAME=postgresql://mystic_admin:your_secure_password@postgres:5432/postgres?sslmode=disable + - DATA_SOURCE_NAME=postgresql://mystic_admin:Nyhjew-didvot-zypsa7@postgres:5432/postgres?sslmode=disable ports: - "9187:9187" networks: @@ -97,6 +108,20 @@ services: networks: - db-net + redis-exporter: + image: oliver006/redis_exporter:latest + container_name: redis-exporter + restart: always + environment: + - REDIS_ADDR=redis://redis:6379 + - REDIS_PASSWORD=Nyhjew-didvot-zypsa7 + ports: + - "9121:9121" + depends_on: + - redis + networks: + - db-net + networks: db-net: driver: bridge \ No newline at end of file diff --git a/dns/docker-compose.yml b/dns/docker-compose.yml new file mode 100644 index 0000000..eff8b92 --- /dev/null +++ b/dns/docker-compose.yml @@ -0,0 +1,49 @@ +services: + pihole: + container_name: pihole + image: pihole/pihole:latest + dns: + - 1.1.1.1 + - 8.8.8.8 + ports: + - "53:53/tcp" + - "53:53/udp" + - "80:80/tcp" # This is fine since Caddy isn't on this VM! + environment: + TZ: 'America/New_York' + WEBPASSWORD: 'dYtdyz-ginqas-pastu0' + PIHOLE_DNS_: '8.8.8.8;1.1.1.1' + DNSMASQ_LISTENING: 'all' + volumes: + - './etc-pihole:/etc/pihole' + - './etc-dnsmasq.d:/etc/dnsmasq.d' + restart: unless-stopped + cap_add: + - SYS_NICE + + node-exporter: + image: prom/node-exporter:latest + container_name: node-exporter + ports: + - "9100:9100" + + cadvisor: + image: gcr.io/cadvisor/cadvisor:latest + container_name: cadvisor + ports: + - "8080:8080" + volumes: + - /:/rootfs:ro + - /var/run:/var/run:ro + - /sys:/sys:ro + - /var/lib/docker/:/var/lib/docker:ro + + pihole-exporter: + image: ekofr/pihole-exporter:latest + container_name: pihole-exporter + environment: + - PIHOLE_PROTOCOL=http + - PIHOLE_HOSTNAME=pihole + - PIHOLE_PASSWORD=dYtdyz-ginqas-pastu0 + ports: + - "9617:9617" \ No newline at end of file diff --git a/git/docker-compose.yml b/git/docker-compose.yml index 3303e52..f0e1ca9 100644 --- a/git/docker-compose.yml +++ b/git/docker-compose.yml @@ -11,10 +11,10 @@ services: - FORGEJO__database__USER=forgejodb - FORGEJO__database__PASSWD=Nyhjew-didvot-zypsa7 # Must match VM3 setup - FORGEJO__metrics__ENABLED=true # Enables internal exporter - - FORGEJO__metrics__TOKEN=mystic_metrics_token # Security for metrics + - FORGEJO__metrics__TOKEN= ports: - - "3000:3000" - - "2222:22" + - "0.0.0.0:3000:3000" # Explicitly bind to all interfaces + - "0.0.0.0:2222:22" volumes: - ./data:/data - /etc/timezone:/etc/timezone:ro diff --git a/legal/html/privacy.html b/legal/html/privacy.html new file mode 100644 index 0000000..e1699be --- /dev/null +++ b/legal/html/privacy.html @@ -0,0 +1,62 @@ + + + + + + Privacy Policy | CoreBot Labs + + + +

Privacy Policy

+

Effective Date: April 1, 2026

+ +

1. Data Collection

+

To provide our Discord bot services, we collect the following information:

+ + +

2. Data Usage

+

We use this information strictly to:

+ + +

3. Storage and Retention

+ + +

4. Data Sharing and Third Parties

+ + +

5. Open Source Transparency

+

As an open-source project, our data handling logic is transparent and available for review at git.corebot.ca. Users running their own instances of CoreBot are responsible for their own data privacy compliance.

+ +

6. User Rights

+

Under GDPR and related privacy frameworks, you have the right to access, rectify, or request the deletion of your personal data. We support data portability and will provide data exports upon request via our support email.

+ +
+ © 2026 CoreBot Labs. Contact: data@corebot.ca +
+ + \ No newline at end of file diff --git a/legal/html/tos.html b/legal/html/tos.html new file mode 100644 index 0000000..e5df915 --- /dev/null +++ b/legal/html/tos.html @@ -0,0 +1,46 @@ + + + + + + Terms of Service | CoreBot Labs + + + +

Terms of Service

+

Effective Date: April 1, 2026

+ +

1. Agreement to Terms

+

By adding CoreBot (the "Bot") to a Discord server or accessing CoreBot Labs infrastructure (the "Lab"), you agree to be bound by these Terms of Service. If you do not agree, please remove the Bot and cease use of our services.

+ +

2. Service Description

+

CoreBot Labs provides a Discord-integrated utility bot and related web services. We reserve the right to modify, suspend, or discontinue any aspect of the service at any time to maintain the stability of the Lab.

+ +

3. Open Source Licensing

+

While the CoreBot source code is available via git.corebot.ca under its respective open-source license, the "CoreBot Labs" name, branding, and hosted service instances (the Lab) remain the property of CoreBot Labs. Contributors are welcome, but CoreBot Labs is not responsible for third-party forks or self-hosted instances of the code.

+ +

4. License and Use

+ + +

5. Affiliates

+

CoreBot is operated by CoreBot Labs (CB). While we maintain professional associations with swvn.io and Nexus, these are separate entities with their own terms and conditions.

+ +

6. Limitation of Liability

+

The Bot and all Lab services are provided "as-is." CoreBot Labs is not liable for any downtime, data loss, or damages resulting from the use of our services.

+ +
+ © 2026 CoreBot Labs. All rights reserved. +
+ + \ No newline at end of file diff --git a/master/Caddyfile b/master/Caddyfile new file mode 100644 index 0000000..7a0c6ac --- /dev/null +++ b/master/Caddyfile @@ -0,0 +1,78 @@ +{ + # Global options removed to allow public ACME for .ca domains +} + +# --- Landing Page (MysticOS) --- +main.bray.io { + tls internal + reverse_proxy mystic-home:80 +} + +# --- Komodo Fleet Management --- +core.bray.io { + tls internal + reverse_proxy localhost:9120 +} + +# --- Password Manager --- +vault.bray.io { + tls internal + reverse_proxy 100.120.171.124:80 { + header_up Host {host} + header_up X-Real-IP {remote_host} + } +} + +# --- Git Services --- +git.bray.io { + tls internal + reverse_proxy 100.98.158.31:3000 +} + +# --- DNS Control (Pi-hole) --- +dns.bray.io { + tls internal + # Redirect the root path to /admin + redir / /admin/ 308 + reverse_proxy 100.64.238.34:80 +} + +# --- Database Management --- +database.bray.io { + tls internal + reverse_proxy 100.109.59.41:80 +} + +# --- Metrics (Prometheus) --- +prometheus.bray.io { + tls internal + reverse_proxy prometheus:9090 { + header_up Host {host} + header_up X-Real-IP {remote_host} + } +} + +# --- Visualization (Grafana) --- +grafana.bray.io { + tls internal + reverse_proxy grafana:3000 { + header_up Host {host} + header_up X-Real-IP {remote_host} + } +} + +# --- CoreBot Labs Legal - ToS --- +tos.corebot.ca { + root * /usr/share/caddy/legal + file_server { + index tos.html + } +} + +# --- CoreBot Labs Legal - Privacy --- +privacy.corebot.ca { + root * /usr/share/caddy/legal + file_server { + index privacy.html + } +} \ No newline at end of file diff --git a/monitoring/docker-compose.yml b/master/docker-compose.yml similarity index 51% rename from monitoring/docker-compose.yml rename to master/docker-compose.yml index 2f3eb31..99a22ce 100644 --- a/monitoring/docker-compose.yml +++ b/master/docker-compose.yml @@ -1,5 +1,5 @@ services: - # --- ORCHESTRATION (The Brain) --- + # --- ORCHESTRATION --- komodo-core: image: ghcr.io/moghtech/komodo-core:2 container_name: komodo-core @@ -7,14 +7,45 @@ services: ports: - "9120:9120" environment: - - KOMODO_DATABASE_ADDRESS=l100.109.59.41:27017 + - KOMODO_DATABASE_ADDRESS=100.109.59.41:27017 + - KOMODO_LOCAL_AUTH=true + - KOMODO_INIT_ADMIN_USERNAME=bray + - KOMODO_INIT_ADMIN_PASSWORD=xabgus-Wiwqy3-difcyh + - KOMODO_AUTH_RATE_LIMIT_DISABLED=true + - KOMODO_HOST=https://core.bray.io volumes: - ./komodo:/config - /var/run/docker.sock:/var/run/docker.sock networks: - monitor-net - # --- MONITORING (The Eyes) --- + # --- THE FRONT DOOR --- + caddy: + image: caddy:latest + container_name: caddy + restart: unless-stopped + ports: + - "80:80" + - "443:443" + volumes: + - ./Caddyfile:/etc/caddy/Caddyfile + - caddy_data:/data + - caddy_config:/config + - ./mystic-home:/var/www/html + # Corrected path to legal HTML files relative to this compose file + - ./legal/html:/usr/share/caddy/legal:ro + networks: + - monitor-net + + # --- CUSTOM LANDING PAGE --- + mystic-home: + build: ./mystic-home + container_name: mystic-home + restart: always + networks: + - monitor-net + + # --- MONITORING --- prometheus: image: prom/prometheus:latest container_name: prometheus @@ -34,6 +65,9 @@ services: image: grafana/grafana:latest container_name: grafana restart: always + environment: + - GF_SERVER_ROOT_URL=https://grafana.bray.io + - GF_SERVER_SERVE_FROM_SUB_PATH=false ports: - "3001:3000" volumes: @@ -41,13 +75,13 @@ services: networks: - monitor-net - # --- EXPORTERS (The Sensors) --- + # --- EXPORTERS --- node-exporter: image: prom/node-exporter:latest container_name: node-exporter restart: always ports: - - "9110:9100" # Mapped to 9110 to avoid any host conflicts + - "9110:9100" networks: - monitor-net @@ -55,8 +89,16 @@ services: image: gcr.io/cadvisor/cadvisor:latest container_name: cadvisor restart: always + command: + - '--housekeeping_interval=30s' + - '--docker_only=true' + deploy: + resources: + limits: + cpus: '0.50' + memory: 256M ports: - - "8080:8080" + - "8081:8080" volumes: - /:/rootfs:ro - /var/run:/var/run:ro @@ -68,8 +110,10 @@ services: networks: monitor-net: - driver: bridge + external: true volumes: prometheus_data: - grafana_data: \ No newline at end of file + grafana_data: + caddy_data: + caddy_config: \ No newline at end of file diff --git a/master/mystic-home/Dockerfile b/master/mystic-home/Dockerfile new file mode 100644 index 0000000..8f11bee --- /dev/null +++ b/master/mystic-home/Dockerfile @@ -0,0 +1,6 @@ +FROM nginx:alpine +# Copy the static files to the nginx html directory +COPY ./www /usr/share/nginx/html +# Expose port 80 +EXPOSE 80 +CMD ["nginx", "-g", "daemon off;"] \ No newline at end of file diff --git a/master/mystic-home/www/index.html b/master/mystic-home/www/index.html new file mode 100644 index 0000000..46ee68c --- /dev/null +++ b/master/mystic-home/www/index.html @@ -0,0 +1,105 @@ + + + + + + MysticOS + + + + + +

MYSTICOS

+ +
+ +
+
Forgejo
+ + +
+
Vault
+ + +
+
Pi-hole
+ + +
+
Grafana
+ + +
+
Prometheus
+ +
+ +
+
+
+ + + +
+
+
+ + + + \ No newline at end of file diff --git a/master/mystic-home/www/style.css b/master/mystic-home/www/style.css new file mode 100644 index 0000000..8190e65 --- /dev/null +++ b/master/mystic-home/www/style.css @@ -0,0 +1,98 @@ +:root { + --bg: #0d1117; + --accent: #58a6ff; + --text: #c9d1d9; +} + +* { margin: 0; padding: 0; box-sizing: border-box; } + +body { + background-color: var(--bg); + color: var(--text); + font-family: 'Segoe UI', system-ui, sans-serif; + height: 100vh; + display: flex; + flex-direction: column; + justify-content: center; + align-items: center; + overflow: hidden; +} + +h1 { + margin-bottom: 3rem; + letter-spacing: 4px; + font-weight: 300; + text-transform: uppercase; +} + +h1 span { color: var(--accent); font-weight: 800; } + +.dock { + display: flex; + gap: 1.5rem; + padding: 25px; + background: rgba(255, 255, 255, 0.02); + border-radius: 20px; + border: 1px solid rgba(255, 255, 255, 0.08); + backdrop-filter: blur(10px); +} + +.icon-link { + text-decoration: none; + color: inherit; + display: flex; + flex-direction: column; + align-items: center; + transition: transform 0.2s ease; +} + +.icon-link:hover { transform: translateY(-8px); } + +.icon-box { + width: 60px; + height: 60px; + background: #161b22; + border-radius: 15px; + display: flex; + justify-content: center; + align-items: center; + border: 1px solid #30363d; + margin-bottom: 8px; +} + +/* Force icons to show up */ +.icon-box svg, .icon-box i { + width: 28px !important; + height: 28px !important; + color: var(--accent); +} + +.label { font-size: 12px; opacity: 0.7; font-weight: 500; } + +.search-container { margin-top: 2.5rem; width: 100%; max-width: 450px; } + +.search-wrapper { + display: flex; + align-items: center; + background: rgba(255, 255, 255, 0.03); + border: 1px solid rgba(255, 255, 255, 0.1); + border-radius: 30px; + padding: 10px 20px; + transition: all 0.3s ease; +} + +.search-wrapper:focus-within { + border-color: var(--accent); + background: rgba(255, 255, 255, 0.05); +} + +.search-icon { width: 18px; height: 18px; color: var(--accent); margin-right: 12px; } + +.search-wrapper input { + background: transparent; + border: none; + outline: none; + color: var(--text); + font-size: 15px; + width: 100%; +} \ No newline at end of file diff --git a/master/prometheus/prometheus.yml b/master/prometheus/prometheus.yml new file mode 100644 index 0000000..df57c5a --- /dev/null +++ b/master/prometheus/prometheus.yml @@ -0,0 +1,144 @@ +global: + scrape_interval: 15s + evaluation_interval: 15s + +scrape_configs: + # --- VM1: MYSTIC-CLOUD (Local) --- + - job_name: 'cloud-node' + static_configs: + - targets: ['node-exporter:9100'] + labels: + infrastructure: 'cloud' + type: 'control-plane' + task: 'exporter' + + - job_name: 'cloud-docker' + static_configs: + - targets: ['cadvisor:8080'] + labels: + infrastructure: 'cloud' + type: 'control-plane' + task: 'monitoring' + + - job_name: 'prometheus' + static_configs: + - targets: ['localhost:9090'] + labels: + infrastructure: 'cloud' + type: 'control-plane' + task: 'monitoring' + + # --- VM3: MYSTIC-DATABASES (Tailscale) --- + - job_name: 'vm3-node' + static_configs: + - targets: ['100.109.59.41:9100'] + labels: + infrastructure: 'cloud' + type: 'database' + task: 'exporter' + + - job_name: 'vm3-docker' + static_configs: + - targets: ['100.109.59.41:8080'] + labels: + infrastructure: 'cloud' + type: 'database' + task: 'monitoring' + + - job_name: 'vm3-postgres' + static_configs: + - targets: ['100.109.59.41:9187'] + labels: + infrastructure: 'cloud' + type: 'database' + task: 'database' + + - job_name: 'vm3-mongo' + static_configs: + - targets: ['100.109.59.41:9216'] + labels: + infrastructure: 'cloud' + type: 'database' + task: 'database' + + - job_name: 'vm3-redis' + static_configs: + - targets: ['100.109.59.41:9121'] + labels: + infrastructure: 'cloud' + type: 'database' + task: 'database' + app: 'redis' + # --- VM2: Mystic-Git (Tailscale) --- + - job_name: 'vm2-node' + static_configs: + - targets: ['100.98.158.31:9100'] + labels: + infrastructure: 'cloud' + type: 'git' + task: 'exporter' + + - job_name: 'vm2-docker' + static_configs: + - targets: ['100.98.158.31:8080'] + labels: + infrastructure: 'cloud' + type: 'git' + task: 'monitoring' + + - job_name: 'vm2-forgejo' + metrics_path: '/metrics' + authorization: + credentials: "mystic_metrics_token" + static_configs: + - targets: ['100.98.158.31:3000'] + labels: + infrastructure: 'cloud' + type: 'git' + task: 'app' + + # --- VM4: Mystic-Passwords (Tailscale) --- + - job_name: 'vm4-node' + static_configs: + - targets: ['100.120.171.124:9100'] + labels: + infrastructure: 'cloud' + type: 'passwords' + task: 'exporter' + + - job_name: 'vm4-docker' + static_configs: + - targets: ['100.120.171.124:8080'] + labels: + infrastructure: 'cloud' + type: 'passwords' + task: 'monitoring' + + - job_name: 'vm4-vaultwarden' + static_configs: + - targets: ['100.120.171.124:3040'] + + # --- VM5: NEW NODE (35.192.210.155) --- + - job_name: 'vm5-dns' + static_configs: + - targets: ['100.64.238.34:9100'] + labels: + infrastructure: 'cloud' + type: 'worker' + task: 'exporter' + + - job_name: 'vm5-docker' + static_configs: + - targets: ['100.64.238.34:8080'] + labels: + infrastructure: 'cloud' + type: 'worker' + task: 'monitoring' + - job_name: 'vm5-pihole' + static_configs: + - targets: ['100.64.238.34:9617'] + labels: + infrastructure: 'cloud' + type: 'worker' + task: 'dns' + app: 'pihole' \ No newline at end of file diff --git a/monitoring/prometheus/prometheus.yml b/monitoring/prometheus/prometheus.yml deleted file mode 100644 index 13335dd..0000000 --- a/monitoring/prometheus/prometheus.yml +++ /dev/null @@ -1,34 +0,0 @@ -global: - scrape_interval: 15s - evaluation_interval: 15s - -scrape_configs: - # --- VM1: MYSTIC-CLOUD (Local) --- - - job_name: 'cloud-node' - static_configs: - - targets: ['node-exporter:9100'] - - - job_name: 'cloud-docker' - static_configs: - - targets: ['cadvisor:8080'] - - - job_name: 'prometheus' - static_configs: - - targets: ['localhost:9090'] - - # --- VM3: MYSTIC-DATABASES (Remote via Tailscale) --- - - job_name: 'vm3-node' - static_configs: - - targets: ['100.109.59.41:9100'] - - - job_name: 'vm3-docker' - static_configs: - - targets: ['100.109.59.41:8080'] - - - job_name: 'vm3-postgres' - static_configs: - - targets: ['100.109.59.41:9187'] - - - job_name: 'vm3-mongo' - static_configs: - - targets: ['100.109.59.41:9216'] \ No newline at end of file diff --git a/nodes/docker-compose.node.yml b/nodes/docker-compose.node.yml deleted file mode 100644 index 2a000bc..0000000 --- a/nodes/docker-compose.node.yml +++ /dev/null @@ -1,16 +0,0 @@ -services: - node-exporter: - image: prom/node-exporter:latest - container_name: node-exporter - volumes: - - /proc:/host/proc:ro - - /sys:/host/sys:ro - - /:/rootfs:ro - command: - - '--path.procfs=/host/proc' - - '--path.rootfs=/rootfs' - - '--path.sysfs=/host/sys' - - '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)' - ports: - - "9100:9100" - restart: unless-stopped \ No newline at end of file diff --git a/passwords/docker-compose.yml b/passwords/docker-compose.yml new file mode 100644 index 0000000..1609310 --- /dev/null +++ b/passwords/docker-compose.yml @@ -0,0 +1,77 @@ +services: + # --- THE VAULT --- + vaultwarden: + image: vaultwarden/server:latest + container_name: vaultwarden + restart: always + environment: + - SIGNUPS_ALLOWED=false + - PUSH_ENABLED=false + volumes: + - ./data:/data + networks: + - pass-net + + # --- VW METRICS EXPORTER (Tricked-dev) --- + vwmetrics: + image: ghcr.io/tricked-dev/vwmetrics:latest + container_name: vwmetrics + restart: always + environment: + # Use read-only mode for the sqlite database + - DATABASE_URL=sqlite:///data/db.sqlite3?mode=ro + - PORT=3040 + - UPDATE_SECONDS=60 + volumes: + - ./data:/data:ro # Mount the same data folder as read-only + ports: + - "3040:3040" + networks: + - pass-net + + # --- KOMODO AGENT --- + komodo-periphery: + image: ghcr.io/moghtech/komodo-periphery:2 + container_name: komodo-periphery + restart: always + environment: + PERIPHERY_CORE_ADDRESS: 100.80.179.128:9120 + PERIPHERY_CONNECT_AS: Mystic-Passwords + PERIPHERY_ONBOARDING_KEY: O_dPWwdaJNO7q87kgvPE4hnjaLlcsu_O + PERIPHERY_SERVER_ENABLED: "true" + ports: + - "8120:8120" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - ./komodo:/config + - /proc:/proc:ro + networks: + - pass-net + + # --- MONITORING --- + node-exporter: + image: prom/node-exporter:latest + container_name: node-exporter + restart: always + ports: + - "9100:9100" + networks: + - pass-net + + cadvisor: + image: gcr.io/cadvisor/cadvisor:latest + container_name: cadvisor + restart: always + ports: + - "8080:8080" + volumes: + - /:/rootfs:ro + - /var/run:/var/run:ro + - /sys:/sys:ro + - /var/lib/docker/:/var/lib/docker:ro + networks: + - pass-net + +networks: + pass-net: + driver: bridge \ No newline at end of file