bray/infra
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

safety

Browse source
This commit is contained in:
Bray 2026-04-01 11:43:26 -04:00
parent b35165cf0b
commit 211c5692c1
14 changed files with 751 additions and 67 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

37
databases/docker-compose.yml
View file

@ -27,20 +27,31 @@ services:
networks: networks:
- db-net - db-net
# --- REDIS (New) ---
redis:
image: redis:alpine
container_name: redis
restart: always
# Note: Using 'Nyhjew-didvot-zypsa7' to stay consistent with your PG pass,
# or you can change this to a new one.
command: redis-server --requirepass "Nyhjew-didvot-zypsa7" --save 60 1
ports:
- "6379:6379"
volumes:
- ./redis-data:/data
networks:
- db-net
# --- KOMODO AGENT (PERIPHERY) --- # --- KOMODO AGENT (PERIPHERY) ---
komodo-periphery: komodo-periphery:
image: ghcr.io/moghtech/komodo-periphery:2 image: ghcr.io/moghtech/komodo-periphery:2
container_name: komodo-periphery container_name: komodo-periphery
restart: always restart: always
environment: environment:
# The Tailscale IP of VM1 (The Brain)
PERIPHERY_CORE_ADDRESS: 100.80.179.128:9120 PERIPHERY_CORE_ADDRESS: 100.80.179.128:9120
# The name that will appear in your Komodo Web UI
PERIPHERY_CONNECT_AS: Mystic-Databases PERIPHERY_CONNECT_AS: Mystic-Databases
# Your Onboarding Key from the UI
PERIPHERY_ONBOARDING_KEY: O_dPWwdaJNO7q87kgvPE4hnjaLlcsu_O PERIPHERY_ONBOARDING_KEY: O_dPWwdaJNO7q87kgvPE4hnjaLlcsu_O
PERIPHERY_SERVER_ENABLED: "true" PERIPHERY_SERVER_ENABLED: "true"
# Recommended for correct disk reporting
PERIPHERY_INCLUDE_DISK_MOUNTS: /etc/hostname PERIPHERY_INCLUDE_DISK_MOUNTS: /etc/hostname
ports: ports:
- "8120:8120" - "8120:8120"
@ -51,7 +62,7 @@ services:
networks: networks:
- db-net - db-net
# --- MONITORING EXPORTERS (Scraped by VM1) --- # --- MONITORING EXPORTERS ---
node-exporter: node-exporter:
image: prom/node-exporter:latest image: prom/node-exporter:latest
container_name: node-exporter container_name: node-exporter
@ -80,7 +91,7 @@ services:
container_name: postgres-exporter container_name: postgres-exporter
restart: always restart: always
environment: environment:
- DATA_SOURCE_NAME=postgresql://mystic_admin:your_secure_password@postgres:5432/postgres?sslmode=disable - DATA_SOURCE_NAME=postgresql://mystic_admin:Nyhjew-didvot-zypsa7@postgres:5432/postgres?sslmode=disable
ports: ports:
- "9187:9187" - "9187:9187"
networks: networks:
@ -97,6 +108,20 @@ services:
networks: networks:
- db-net - db-net
redis-exporter:
image: oliver006/redis_exporter:latest
container_name: redis-exporter
restart: always
environment:
- REDIS_ADDR=redis://redis:6379
- REDIS_PASSWORD=Nyhjew-didvot-zypsa7
ports:
- "9121:9121"
depends_on:
- redis
networks:
- db-net
networks: networks:
db-net: db-net:
driver: bridge driver: bridge

49
dns/docker-compose.yml Normal file
View file

@ -0,0 +1,49 @@
services:
pihole:
container_name: pihole
image: pihole/pihole:latest
dns:
- 1.1.1.1
- 8.8.8.8
ports:
- "53:53/tcp"
- "53:53/udp"
- "80:80/tcp" # This is fine since Caddy isn't on this VM!
environment:
TZ: 'America/New_York'
WEBPASSWORD: 'dYtdyz-ginqas-pastu0'
PIHOLE_DNS_: '8.8.8.8;1.1.1.1'
DNSMASQ_LISTENING: 'all'
volumes:
- './etc-pihole:/etc/pihole'
- './etc-dnsmasq.d:/etc/dnsmasq.d'
restart: unless-stopped
cap_add:
- SYS_NICE
node-exporter:
image: prom/node-exporter:latest
container_name: node-exporter
ports:
- "9100:9100"
cadvisor:
image: gcr.io/cadvisor/cadvisor:latest
container_name: cadvisor
ports:
- "8080:8080"
volumes:
- /:/rootfs:ro
- /var/run:/var/run:ro
- /sys:/sys:ro
- /var/lib/docker/:/var/lib/docker:ro
pihole-exporter:
image: ekofr/pihole-exporter:latest
container_name: pihole-exporter
environment:
- PIHOLE_PROTOCOL=http
- PIHOLE_HOSTNAME=pihole
- PIHOLE_PASSWORD=dYtdyz-ginqas-pastu0
ports:
- "9617:9617"

6
git/docker-compose.yml
View file

@ -11,10 +11,10 @@ services:
- FORGEJO__database__USER=forgejodb - FORGEJO__database__USER=forgejodb
- FORGEJO__database__PASSWD=Nyhjew-didvot-zypsa7 # Must match VM3 setup - FORGEJO__database__PASSWD=Nyhjew-didvot-zypsa7 # Must match VM3 setup
- FORGEJO__metrics__ENABLED=true # Enables internal exporter - FORGEJO__metrics__ENABLED=true # Enables internal exporter
- FORGEJO__metrics__TOKEN=mystic_metrics_token # Security for metrics - FORGEJO__metrics__TOKEN=
ports: ports:
- "3000:3000" - "0.0.0.0:3000:3000" # Explicitly bind to all interfaces
- "2222:22" - "0.0.0.0:2222:22"
volumes: volumes:
- ./data:/data - ./data:/data
- /etc/timezone:/etc/timezone:ro - /etc/timezone:/etc/timezone:ro

62
legal/html/privacy.html Normal file
View file

@ -0,0 +1,62 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Privacy Policy | CoreBot Labs</title>
<style>
body { font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Helvetica, Arial, sans-serif; line-height: 1.6; max-width: 800px; margin: 40px auto; padding: 0 20px; color: #e0e0e0; background-color: #121212; }
h1, h2, h3 { color: #ffffff; border-bottom: 1px solid #333; padding-bottom: 10px; }
strong { color: #fff; }
.footer { margin-top: 50px; font-size: 0.8em; color: #888; border-top: 1px solid #333; padding-top: 20px; }
a { color: #4dabf7; text-decoration: none; }
a:hover { text-decoration: underline; }
ul li { margin-bottom: 10px; }
</style>
</head>
<body>
<h1>Privacy Policy</h1>
<p><strong>Effective Date:</strong> April 1, 2026</p>
<h2>1. Data Collection</h2>
<p>To provide our Discord bot services, we collect the following information:</p>
<ul>
<li><strong>Discord User Data:</strong> User IDs, Server IDs, and Channel IDs.</li>
<li><strong>Activity Metrics:</strong> We log that a message was sent, the length of the message, and total message counts per user. <strong>We do not log or store the text content of your messages.</strong></li>
<li><strong>System Metrics:</strong> Interaction metadata and infrastructure performance data are logged via our internal monitoring (Loki/Prometheus) to ensure service stability.</li>
</ul>
<h2>2. Data Usage</h2>
<p>We use this information strictly to:</p>
<ul>
<li>Power Bot features (e.g., user profiles and activity tracking).</li>
<li>Monitor the health and security of the CoreBot Labs infrastructure.</li>
<li>Facate user-requested data exports for external services.</li>
</ul>
<h2>3. Storage and Retention</h2>
<ul>
<li><strong>Location:</strong> Data is hosted on secured servers in <strong>Canada</strong> and via <strong>Google Cloud (USA)</strong>.</li>
<li><strong>Discord User Data Retention:</strong> Personal data linked to Discord accounts is stored only as long as necessary to provide our services. This data is removed upon a verified request for deletion or if the service is no longer required.</li>
<li><strong>System Metrics Retention:</strong> Non-identifiable system and server metrics are kept indefinitely for historical trend analysis, troubleshooting, and infrastructure optimization.</li>
<li><strong>Deletion:</strong> You may request the removal of your Discord-related data at any time by contacting <strong>data@corebot.ca</strong>.</li>
</ul>
<h2>4. Data Sharing and Third Parties</h2>
<ul>
<li><strong>No Sale of Data:</strong> CoreBot Labs does not sell your information.</li>
<li><strong>Affiliates:</strong> We do not share user data with <strong>swvn.io</strong>, <strong>Nexus</strong>, or any other third parties.</li>
<li><strong>Public Services:</strong> Use of <strong>vault.corebot.services</strong> is subject to the same strict non-disclosure standards.</li>
</ul>
<h2>5. Open Source Transparency</h2>
<p>As an open-source project, our data handling logic is transparent and available for review at <strong>git.corebot.ca</strong>. Users running their own instances of CoreBot are responsible for their own data privacy compliance.</p>
<h2>6. User Rights</h2>
<p>Under GDPR and related privacy frameworks, you have the right to access, rectify, or request the deletion of your personal data. We support data portability and will provide data exports upon request via our support email.</p>
<div class="footer">
&copy; 2026 CoreBot Labs. Contact: data@corebot.ca
</div>
</body>
</html>

46
legal/html/tos.html Normal file
View file

@ -0,0 +1,46 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Terms of Service | CoreBot Labs</title>
<style>
body { font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Helvetica, Arial, sans-serif; line-height: 1.6; max-width: 800px; margin: 40px auto; padding: 0 20px; color: #e0e0e0; background-color: #121212; }
h1, h2, h3 { color: #ffffff; border-bottom: 1px solid #333; padding-bottom: 10px; }
strong { color: #fff; }
.footer { margin-top: 50px; font-size: 0.8em; color: #888; border-top: 1px solid #333; padding-top: 20px; }
a { color: #4dabf7; text-decoration: none; }
a:hover { text-decoration: underline; }
</style>
</head>
<body>
<h1>Terms of Service</h1>
<p><strong>Effective Date:</strong> April 1, 2026</p>
<h2>1. Agreement to Terms</h2>
<p>By adding <strong>CoreBot</strong> (the "Bot") to a Discord server or accessing <strong>CoreBot Labs</strong> infrastructure (the "Lab"), you agree to be bound by these Terms of Service. If you do not agree, please remove the Bot and cease use of our services.</p>
<h2>2. Service Description</h2>
<p>CoreBot Labs provides a Discord-integrated utility bot and related web services. We reserve the right to modify, suspend, or discontinue any aspect of the service at any time to maintain the stability of the Lab.</p>
<h2>3. Open Source Licensing</h2>
<p>While the CoreBot source code is available via <strong>git.corebot.ca</strong> under its respective open-source license, the "CoreBot Labs" name, branding, and hosted service instances (the Lab) remain the property of CoreBot Labs. Contributors are welcome, but CoreBot Labs is not responsible for third-party forks or self-hosted instances of the code.</p>
<h2>4. License and Use</h2>
<ul>
<li>CoreBot Labs grants you a limited, non-exclusive license to use the Bot for its intended purposes.</li>
<li><strong>Prohibited Use:</strong> You may not use the Bot for spam, "self-botting," or any action that disrupts the Labs performance or security.</li>
<li><strong>Reverse Engineering:</strong> Unauthorized attempts to access the Lab's internal API or bypass security measures are strictly prohibited.</li>
</ul>
<h2>5. Affiliates</h2>
<p>CoreBot is operated by CoreBot Labs (CB). While we maintain professional associations with <strong>swvn.io</strong> and <strong>Nexus</strong>, these are separate entities with their own terms and conditions.</p>
<h2>6. Limitation of Liability</h2>
<p>The Bot and all Lab services are provided "as-is." CoreBot Labs is not liable for any downtime, data loss, or damages resulting from the use of our services.</p>
<div class="footer">
&copy; 2026 CoreBot Labs. All rights reserved.
</div>
</body>
</html>

78
master/Caddyfile Normal file
View file

@ -0,0 +1,78 @@
{
# Global options removed to allow public ACME for .ca domains
}
# --- Landing Page (MysticOS) ---
main.bray.io {
tls internal
reverse_proxy mystic-home:80
}
# --- Komodo Fleet Management ---
core.bray.io {
tls internal
reverse_proxy localhost:9120
}
# --- Password Manager ---
vault.bray.io {
tls internal
reverse_proxy 100.120.171.124:80 {
header_up Host {host}
header_up X-Real-IP {remote_host}
}
}
# --- Git Services ---
git.bray.io {
tls internal
reverse_proxy 100.98.158.31:3000
}
# --- DNS Control (Pi-hole) ---
dns.bray.io {
tls internal
# Redirect the root path to /admin
redir / /admin/ 308
reverse_proxy 100.64.238.34:80
}
# --- Database Management ---
database.bray.io {
tls internal
reverse_proxy 100.109.59.41:80
}
# --- Metrics (Prometheus) ---
prometheus.bray.io {
tls internal
reverse_proxy prometheus:9090 {
header_up Host {host}
header_up X-Real-IP {remote_host}
}
}
# --- Visualization (Grafana) ---
grafana.bray.io {
tls internal
reverse_proxy grafana:3000 {
header_up Host {host}
header_up X-Real-IP {remote_host}
}
}
# --- CoreBot Labs Legal - ToS ---
tos.corebot.ca {
root * /usr/share/caddy/legal
file_server {
index tos.html
}
}
# --- CoreBot Labs Legal - Privacy ---
privacy.corebot.ca {
root * /usr/share/caddy/legal
file_server {
index privacy.html
}
}

60
monitoring/docker-compose.yml → master/docker-compose.yml
View file

@ -1,5 +1,5 @@
services: services:
# --- ORCHESTRATION (The Brain) --- # --- ORCHESTRATION ---
komodo-core: komodo-core:
image: ghcr.io/moghtech/komodo-core:2 image: ghcr.io/moghtech/komodo-core:2
container_name: komodo-core container_name: komodo-core
@ -7,14 +7,45 @@ services:
ports: ports:
- "9120:9120" - "9120:9120"
environment: environment:
- KOMODO_DATABASE_ADDRESS=l100.109.59.41:27017 - KOMODO_DATABASE_ADDRESS=100.109.59.41:27017
- KOMODO_LOCAL_AUTH=true
- KOMODO_INIT_ADMIN_USERNAME=bray
- KOMODO_INIT_ADMIN_PASSWORD=xabgus-Wiwqy3-difcyh
- KOMODO_AUTH_RATE_LIMIT_DISABLED=true
- KOMODO_HOST=https://core.bray.io
volumes: volumes:
- ./komodo:/config - ./komodo:/config
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
networks: networks:
- monitor-net - monitor-net
# --- MONITORING (The Eyes) --- # --- THE FRONT DOOR ---
caddy:
image: caddy:latest
container_name: caddy
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile
- caddy_data:/data
- caddy_config:/config
- ./mystic-home:/var/www/html
# Corrected path to legal HTML files relative to this compose file
- ./legal/html:/usr/share/caddy/legal:ro
networks:
- monitor-net
# --- CUSTOM LANDING PAGE ---
mystic-home:
build: ./mystic-home
container_name: mystic-home
restart: always
networks:
- monitor-net
# --- MONITORING ---
prometheus: prometheus:
image: prom/prometheus:latest image: prom/prometheus:latest
container_name: prometheus container_name: prometheus
@ -34,6 +65,9 @@ services:
image: grafana/grafana:latest image: grafana/grafana:latest
container_name: grafana container_name: grafana
restart: always restart: always
environment:
- GF_SERVER_ROOT_URL=https://grafana.bray.io
- GF_SERVER_SERVE_FROM_SUB_PATH=false
ports: ports:
- "3001:3000" - "3001:3000"
volumes: volumes:
@ -41,13 +75,13 @@ services:
networks: networks:
- monitor-net - monitor-net
# --- EXPORTERS (The Sensors) --- # --- EXPORTERS ---
node-exporter: node-exporter:
image: prom/node-exporter:latest image: prom/node-exporter:latest
container_name: node-exporter container_name: node-exporter
restart: always restart: always
ports: ports:
- "9110:9100" # Mapped to 9110 to avoid any host conflicts - "9110:9100"
networks: networks:
- monitor-net - monitor-net
@ -55,8 +89,16 @@ services:
image: gcr.io/cadvisor/cadvisor:latest image: gcr.io/cadvisor/cadvisor:latest
container_name: cadvisor container_name: cadvisor
restart: always restart: always
command:
- '--housekeeping_interval=30s'
- '--docker_only=true'
deploy:
resources:
limits:
cpus: '0.50'
memory: 256M
ports: ports:
- "8080:8080" - "8081:8080"
volumes: volumes:
- /:/rootfs:ro - /:/rootfs:ro
- /var/run:/var/run:ro - /var/run:/var/run:ro
@ -68,8 +110,10 @@ services:
networks: networks:
monitor-net: monitor-net:
driver: bridge external: true
volumes: volumes:
prometheus_data: prometheus_data:
grafana_data: grafana_data:
caddy_data:
caddy_config:

6
master/mystic-home/Dockerfile Normal file
View file

@ -0,0 +1,6 @@
FROM nginx:alpine
# Copy the static files to the nginx html directory
COPY ./www /usr/share/nginx/html
# Expose port 80
EXPOSE 80
CMD ["nginx", "-g", "daemon off;"]

105
master/mystic-home/www/index.html Normal file
View file

@ -0,0 +1,105 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>MysticOS</title>
<link rel="stylesheet" href="style.css">
<script src="https://unpkg.com/lucide@latest"></script>
</head>
<body>
<h1>MYSTIC<span>OS</span></h1>
<div class="dock">
<a href="https://git.bray.io" class="icon-link">
<div class="icon-box"><i data-lucide="git-branch"></i></div>
<div class="label">Forgejo</div>
</a>
<a href="https://vault.bray.io" class="icon-link">
<div class="icon-box"><i data-lucide="shield-check"></i></div>
<div class="label">Vault</div>
</a>
<a href="https://dns.bray.io" class="icon-link">
<div class="icon-box"><i data-lucide="globe"></i></div>
<div class="label">Pi-hole</div>
</a>
<a href="https://grafana.bray.io" class="icon-link">
<div class="icon-box"><i data-lucide="line-chart"></i></div>
<div class="label">Grafana</div>
</a>
<a href="https://prometheus.bray.io" class="icon-link">
<div class="icon-box"><i data-lucide="activity"></i></div>
<div class="label">Prometheus</div>
</a>
</div>
<div class="search-container">
<form action="https://www.google.com/search" method="GET">
<div class="search-wrapper">
<i data-lucide="search" class="search-icon"></i>
<input type="text" name="q" placeholder="Search the web..." autofocus autocomplete="off">
<button type="submit" style="display:none;"></button>
</div>
</form>
</div>
<script>
// Configuration
const services = [
{ name: 'Forgejo', url: 'https://git.bray.io' },
{ name: 'Vault', url: 'https://vault.bray.io' },
{ name: 'Pi-hole', url: 'https://dns.bray.io' },
{ name: 'Grafana', url: 'https://grafana.bray.io' },
{ name: 'Prometheus', url: 'https://prometheus.bray.io' }
];
function updateStatus(name, isUp) {
const links = document.querySelectorAll('.icon-link');
links.forEach(link => {
if (link.querySelector('.label').textContent === name) {
const box = link.querySelector('.icon-box');
box.style.borderColor = isUp ? '#3fb950' : '#f85149';
box.style.boxShadow = isUp ? '0 0 10px rgba(63, 185, 80, 0.2)' : '0 0 10px rgba(248, 81, 73, 0.2)';
}
});
}
async function checkHealth() {
services.forEach(service => {
const img = new Image();
let hasResponded = false;
// Success or security errors both indicate the service is "up"
img.onload = () => {
hasResponded = true;
updateStatus(service.name, true);
};
img.onerror = () => {
hasResponded = true;
updateStatus(service.name, true);
};
// Trigger the request with a cache-buster
img.src = `${service.url}/favicon.ico?t=${Date.now()}`;
// If no response at all after 5s, mark as down
setTimeout(() => {
if (!hasResponded) {
updateStatus(service.name, false);
}
}, 5000);
});
}
// Initialize when DOM is ready
window.addEventListener('DOMContentLoaded', () => {
lucide.createIcons();
checkHealth();
// Refresh every 30 seconds
setInterval(checkHealth, 30000);
});
</script>
</body>
</html>

98
master/mystic-home/www/style.css Normal file
View file

@ -0,0 +1,98 @@
:root {
--bg: #0d1117;
--accent: #58a6ff;
--text: #c9d1d9;
}
* { margin: 0; padding: 0; box-sizing: border-box; }
body {
background-color: var(--bg);
color: var(--text);
font-family: 'Segoe UI', system-ui, sans-serif;
height: 100vh;
display: flex;
flex-direction: column;
justify-content: center;
align-items: center;
overflow: hidden;
}
h1 {
margin-bottom: 3rem;
letter-spacing: 4px;
font-weight: 300;
text-transform: uppercase;
}
h1 span { color: var(--accent); font-weight: 800; }
.dock {
display: flex;
gap: 1.5rem;
padding: 25px;
background: rgba(255, 255, 255, 0.02);
border-radius: 20px;
border: 1px solid rgba(255, 255, 255, 0.08);
backdrop-filter: blur(10px);
}
.icon-link {
text-decoration: none;
color: inherit;
display: flex;
flex-direction: column;
align-items: center;
transition: transform 0.2s ease;
}
.icon-link:hover { transform: translateY(-8px); }
.icon-box {
width: 60px;
height: 60px;
background: #161b22;
border-radius: 15px;
display: flex;
justify-content: center;
align-items: center;
border: 1px solid #30363d;
margin-bottom: 8px;
}
/* Force icons to show up */
.icon-box svg, .icon-box i {
width: 28px !important;
height: 28px !important;
color: var(--accent);
}
.label { font-size: 12px; opacity: 0.7; font-weight: 500; }
.search-container { margin-top: 2.5rem; width: 100%; max-width: 450px; }
.search-wrapper {
display: flex;
align-items: center;
background: rgba(255, 255, 255, 0.03);
border: 1px solid rgba(255, 255, 255, 0.1);
border-radius: 30px;
padding: 10px 20px;
transition: all 0.3s ease;
}
.search-wrapper:focus-within {
border-color: var(--accent);
background: rgba(255, 255, 255, 0.05);
}
.search-icon { width: 18px; height: 18px; color: var(--accent); margin-right: 12px; }
.search-wrapper input {
background: transparent;
border: none;
outline: none;
color: var(--text);
font-size: 15px;
width: 100%;
}

144
master/prometheus/prometheus.yml Normal file
View file

@ -0,0 +1,144 @@
global:
scrape_interval: 15s
evaluation_interval: 15s
scrape_configs:
# --- VM1: MYSTIC-CLOUD (Local) ---
- job_name: 'cloud-node'
static_configs:
- targets: ['node-exporter:9100']
labels:
infrastructure: 'cloud'
type: 'control-plane'
task: 'exporter'
- job_name: 'cloud-docker'
static_configs:
- targets: ['cadvisor:8080']
labels:
infrastructure: 'cloud'
type: 'control-plane'
task: 'monitoring'
- job_name: 'prometheus'
static_configs:
- targets: ['localhost:9090']
labels:
infrastructure: 'cloud'
type: 'control-plane'
task: 'monitoring'
# --- VM3: MYSTIC-DATABASES (Tailscale) ---
- job_name: 'vm3-node'
static_configs:
- targets: ['100.109.59.41:9100']
labels:
infrastructure: 'cloud'
type: 'database'
task: 'exporter'
- job_name: 'vm3-docker'
static_configs:
- targets: ['100.109.59.41:8080']
labels:
infrastructure: 'cloud'
type: 'database'
task: 'monitoring'
- job_name: 'vm3-postgres'
static_configs:
- targets: ['100.109.59.41:9187']
labels:
infrastructure: 'cloud'
type: 'database'
task: 'database'
- job_name: 'vm3-mongo'
static_configs:
- targets: ['100.109.59.41:9216']
labels:
infrastructure: 'cloud'
type: 'database'
task: 'database'
- job_name: 'vm3-redis'
static_configs:
- targets: ['100.109.59.41:9121']
labels:
infrastructure: 'cloud'
type: 'database'
task: 'database'
app: 'redis'
# --- VM2: Mystic-Git (Tailscale) ---
- job_name: 'vm2-node'
static_configs:
- targets: ['100.98.158.31:9100']
labels:
infrastructure: 'cloud'
type: 'git'
task: 'exporter'
- job_name: 'vm2-docker'
static_configs:
- targets: ['100.98.158.31:8080']
labels:
infrastructure: 'cloud'
type: 'git'
task: 'monitoring'
- job_name: 'vm2-forgejo'
metrics_path: '/metrics'
authorization:
credentials: "mystic_metrics_token"
static_configs:
- targets: ['100.98.158.31:3000']
labels:
infrastructure: 'cloud'
type: 'git'
task: 'app'
# --- VM4: Mystic-Passwords (Tailscale) ---
- job_name: 'vm4-node'
static_configs:
- targets: ['100.120.171.124:9100']
labels:
infrastructure: 'cloud'
type: 'passwords'
task: 'exporter'
- job_name: 'vm4-docker'
static_configs:
- targets: ['100.120.171.124:8080']
labels:
infrastructure: 'cloud'
type: 'passwords'
task: 'monitoring'
- job_name: 'vm4-vaultwarden'
static_configs:
- targets: ['100.120.171.124:3040']
# --- VM5: NEW NODE (35.192.210.155) ---
- job_name: 'vm5-dns'
static_configs:
- targets: ['100.64.238.34:9100']
labels:
infrastructure: 'cloud'
type: 'worker'
task: 'exporter'
- job_name: 'vm5-docker'
static_configs:
- targets: ['100.64.238.34:8080']
labels:
infrastructure: 'cloud'
type: 'worker'
task: 'monitoring'
- job_name: 'vm5-pihole'
static_configs:
- targets: ['100.64.238.34:9617']
labels:
infrastructure: 'cloud'
type: 'worker'
task: 'dns'
app: 'pihole'

34
monitoring/prometheus/prometheus.yml
View file

@ -1,34 +0,0 @@
global:
scrape_interval: 15s
evaluation_interval: 15s
scrape_configs:
# --- VM1: MYSTIC-CLOUD (Local) ---
- job_name: 'cloud-node'
static_configs:
- targets: ['node-exporter:9100']
- job_name: 'cloud-docker'
static_configs:
- targets: ['cadvisor:8080']
- job_name: 'prometheus'
static_configs:
- targets: ['localhost:9090']
# --- VM3: MYSTIC-DATABASES (Remote via Tailscale) ---
- job_name: 'vm3-node'
static_configs:
- targets: ['100.109.59.41:9100']
- job_name: 'vm3-docker'
static_configs:
- targets: ['100.109.59.41:8080']
- job_name: 'vm3-postgres'
static_configs:
- targets: ['100.109.59.41:9187']
- job_name: 'vm3-mongo'
static_configs:
- targets: ['100.109.59.41:9216']

16
nodes/docker-compose.node.yml
View file

@ -1,16 +0,0 @@
services:
node-exporter:
image: prom/node-exporter:latest
container_name: node-exporter
volumes:
- /proc:/host/proc:ro
- /sys:/host/sys:ro
- /:/rootfs:ro
command:
- '--path.procfs=/host/proc'
- '--path.rootfs=/rootfs'
- '--path.sysfs=/host/sys'
- '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)'
ports:
- "9100:9100"
restart: unless-stopped

77
passwords/docker-compose.yml Normal file
View file

@ -0,0 +1,77 @@
services:
# --- THE VAULT ---
vaultwarden:
image: vaultwarden/server:latest
container_name: vaultwarden
restart: always
environment:
- SIGNUPS_ALLOWED=false
- PUSH_ENABLED=false
volumes:
- ./data:/data
networks:
- pass-net
# --- VW METRICS EXPORTER (Tricked-dev) ---
vwmetrics:
image: ghcr.io/tricked-dev/vwmetrics:latest
container_name: vwmetrics
restart: always
environment:
# Use read-only mode for the sqlite database
- DATABASE_URL=sqlite:///data/db.sqlite3?mode=ro
- PORT=3040
- UPDATE_SECONDS=60
volumes:
- ./data:/data:ro # Mount the same data folder as read-only
ports:
- "3040:3040"
networks:
- pass-net
# --- KOMODO AGENT ---
komodo-periphery:
image: ghcr.io/moghtech/komodo-periphery:2
container_name: komodo-periphery
restart: always
environment:
PERIPHERY_CORE_ADDRESS: 100.80.179.128:9120
PERIPHERY_CONNECT_AS: Mystic-Passwords
PERIPHERY_ONBOARDING_KEY: O_dPWwdaJNO7q87kgvPE4hnjaLlcsu_O
PERIPHERY_SERVER_ENABLED: "true"
ports:
- "8120:8120"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./komodo:/config
- /proc:/proc:ro
networks:
- pass-net
# --- MONITORING ---
node-exporter:
image: prom/node-exporter:latest
container_name: node-exporter
restart: always
ports:
- "9100:9100"
networks:
- pass-net
cadvisor:
image: gcr.io/cadvisor/cadvisor:latest
container_name: cadvisor
restart: always
ports:
- "8080:8080"
volumes:
- /:/rootfs:ro
- /var/run:/var/run:ro
- /sys:/sys:ro
- /var/lib/docker/:/var/lib/docker:ro
networks:
- pass-net
networks:
pass-net:
driver: bridge