Initial commit to infra

2026-03-28 13:22:12 -04:00 · 2026-03-28 13:22:12 -04:00 · b35165cf0b
parent db3fa92c93
commit b35165cf0b
4 changed files with 235 additions and 69 deletions
--- a/databases/docker-compose.yml
+++ b/databases/docker-compose.yml
@ -1,26 +1,102 @@
 version: '3.8'
 services:
-  postgres:
+  # --- MONGODB ---
    image: postgres:17
    container_name: mystic-postgres
    restart: unless-stopped
    environment:
      POSTGRES_PASSWORD: Nyhjew-didvot-zypsa7
    volumes:
      - postgres_data:/var/lib/postgresql/data
    ports:
      - "5432:5432"
  mongodb:
-    image: mongo:latest
+    image: mongo:7
-    container_name: mystic-mongo
+    container_name: mongodb
-    restart: unless-stopped
+    restart: always
    volumes:
      - mongo_data:/data/db
    ports:
      - "27017:27017"
    volumes:
      - ./mongo-data:/data/db
    networks:
      - db-net
-volumes:
+  # --- POSTGRESQL ---
-  postgres_data:
+  postgres:
-  mongo_data:
+    image: postgres:16
    container_name: postgres
    restart: always
    environment:
      - POSTGRES_USER=mystic_admin
      - POSTGRES_PASSWORD=Nyhjew-didvot-zypsa7
      - POSTGRES_DB=postgres 
    ports:
      - "5432:5432"
    volumes:
      - ./postgres-data:/var/lib/postgresql/data
    networks:
      - db-net
  # --- KOMODO AGENT (PERIPHERY) ---
  komodo-periphery:
    image: ghcr.io/moghtech/komodo-periphery:2
    container_name: komodo-periphery
    restart: always
    environment:
      # The Tailscale IP of VM1 (The Brain)
      PERIPHERY_CORE_ADDRESS: 100.80.179.128:9120
      # The name that will appear in your Komodo Web UI
      PERIPHERY_CONNECT_AS: Mystic-Databases
      # Your Onboarding Key from the UI
      PERIPHERY_ONBOARDING_KEY: O_dPWwdaJNO7q87kgvPE4hnjaLlcsu_O
      PERIPHERY_SERVER_ENABLED: "true"
      # Recommended for correct disk reporting
      PERIPHERY_INCLUDE_DISK_MOUNTS: /etc/hostname
    ports:
      - "8120:8120"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./komodo:/config
      - /proc:/proc:ro
    networks:
      - db-net
  # --- MONITORING EXPORTERS (Scraped by VM1) ---
  node-exporter:
    image: prom/node-exporter:latest
    container_name: node-exporter
    restart: always
    ports:
      - "9100:9100"
    networks:
      - db-net
  cadvisor:
    image: gcr.io/cadvisor/cadvisor:latest
    container_name: cadvisor
    restart: always
    ports:
      - "8080:8080"
    volumes:
      - /:/rootfs:ro
      - /var/run:/var/run:ro
      - /sys:/sys:ro
      - /var/lib/docker/:/var/lib/docker:ro
    networks:
      - db-net
  postgres-exporter:
    image: prometheuscommunity/postgres-exporter
    container_name: postgres-exporter
    restart: always
    environment:
      - DATA_SOURCE_NAME=postgresql://mystic_admin:your_secure_password@postgres:5432/postgres?sslmode=disable
    ports:
      - "9187:9187"
    networks:
      - db-net
  mongodb-exporter:
    image: percona/mongodb_exporter:0.40
    container_name: mongodb-exporter
    restart: always
    command:
      - '--mongodb.uri=mongodb://mongodb:27017'
    ports:
      - "9216:9216"
    networks:
      - db-net
 networks:
  db-net:
    driver: bridge
--- a/git/docker-compose.yml
+++ b/git/docker-compose.yml
@ -1,21 +1,71 @@
 services:
  # --- THE FORGE ---
  forgejo:
-    image: codeberg.org/forgejo/forgejo:9
+    image: codeberg.org/forgejo/forgejo:7
-    container_name: mystic-forgejo
+    container_name: forgejo
-    restart: unless-stopped
+    restart: always
    environment:
      - FORGEJO__database__DB_TYPE=postgres
-      - FORGEJO__database__HOST=100.109.59.41:5432 # Your DB VM IP
+      - FORGEJO__database__HOST=100.109.59.41:5432
      - FORGEJO__database__NAME=forgejodb
-      - FORGEJO__database__USER=forgejo
+      - FORGEJO__database__USER=forgejodb
-      - FORGEJO__database__PASSWD=Nyhjew-didvot-zypsa7
+      - FORGEJO__database__PASSWD=Nyhjew-didvot-zypsa7 # Must match VM3 setup
-    volumes:
+      - FORGEJO__metrics__ENABLED=true                 # Enables internal exporter
-      - forgejo_data:/data
+      - FORGEJO__metrics__TOKEN=mystic_metrics_token   # Security for metrics
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "3000:3000"
-      - "2222:22" # SSH for Git 
+      - "2222:22"
-      
+    volumes:
-volumes:
+      - ./data:/data
-  forgejo_data:
+      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    networks:
      - git-net
  # --- KOMODO AGENT (PERIPHERY) ---
  komodo-periphery:
    image: ghcr.io/moghtech/komodo-periphery:2
    container_name: komodo-periphery
    restart: always
    environment:
      PERIPHERY_CORE_ADDRESS: 100.80.179.128:9120
      PERIPHERY_CONNECT_AS: Mystic-Git
      PERIPHERY_ONBOARDING_KEY: O_dPWwdaJNO7q87kgvPE4hnjaLlcsu_O
      PERIPHERY_SERVER_ENABLED: "true"
      PERIPHERY_INCLUDE_DISK_MOUNTS: /etc/hostname
    ports:
      - "8120:8120"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./komodo:/config
      - /proc:/proc:ro
    networks:
      - git-net
  # --- MONITORING ---
  node-exporter:
    image: prom/node-exporter:latest
    container_name: node-exporter
    restart: always
    ports:
      - "9100:9100"
    networks:
      - git-net
  cadvisor:
    image: gcr.io/cadvisor/cadvisor:latest
    container_name: cadvisor
    restart: always
    ports:
      - "8080:8080"
    volumes:
      - /:/rootfs:ro
      - /var/run:/var/run:ro
      - /sys:/sys:ro
      - /var/lib/docker/:/var/lib/docker:ro
    networks:
      - git-net
 networks:
  git-net:
    driver: bridge
--- a/monitoring/docker-compose.yml
+++ b/monitoring/docker-compose.yml
@ -1,39 +1,75 @@
 services:
-  komodo:
+  # --- ORCHESTRATION (The Brain) ---
-    image: mbecker20/komodo:latest
+  komodo-core:
    image: ghcr.io/moghtech/komodo-core:2
    container_name: komodo-core
-    restart: unless-stopped
+    restart: always
    ports:
      - "9120:9120"
    volumes:
      - komodo_data:/config
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
-      - TZ=America/Toronto
+      - KOMODO_DATABASE_ADDRESS=l100.109.59.41:27017
    volumes:
      - ./komodo:/config
      - /var/run/docker.sock:/var/run/docker.sock
    networks:
      - monitor-net
  # --- MONITORING (The Eyes) ---
  prometheus:
    image: prom/prometheus:latest
    container_name: prometheus
    restart: always
    ports:
      - "9090:9090"
    volumes:
-      - ./monitoring/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml
+      - ./prometheus/prometheus.yml:/etc/prometheus/prometheus.yml
      - prometheus_data:/prometheus
    command:
      - '--config.file=/etc/prometheus/prometheus.yml'
      - '--storage.tsdb.path=/prometheus'
-    ports:
+    networks:
-      - "9090:9090"
+      - monitor-net
    restart: unless-stopped
  grafana:
    image: grafana/grafana:latest
    container_name: grafana
    restart: always
    ports:
-      - "3001:3000" 
+      - "3001:3000"
    volumes:
      - grafana_data:/var/lib/grafana
-    restart: unless-stopped
+    networks:
      - monitor-net
  # --- EXPORTERS (The Sensors) ---
  node-exporter:
    image: prom/node-exporter:latest
    container_name: node-exporter
    restart: always
    ports:
      - "9110:9100" # Mapped to 9110 to avoid any host conflicts
    networks:
      - monitor-net
  cadvisor:
    image: gcr.io/cadvisor/cadvisor:latest
    container_name: cadvisor
    restart: always
    ports:
      - "8080:8080"
    volumes:
      - /:/rootfs:ro
      - /var/run:/var/run:ro
      - /sys:/sys:ro
      - /var/lib/docker/:/var/lib/docker:ro
      - /dev/disk/:/dev/disk:ro
    networks:
      - monitor-net
 networks:
  monitor-net:
    driver: bridge
 volumes:
  komodo_data:
  prometheus_data:
  grafana_data:
--- a/monitoring/prometheus/prometheus.yml
+++ b/monitoring/prometheus/prometheus.yml
@ -3,28 +3,32 @@ global:
  evaluation_interval: 15s
 scrape_configs:
-  - job_name: 'mystic-infrastructure'
+  # --- VM1: MYSTIC-CLOUD (Local) ---
  - job_name: 'cloud-node'
    static_configs:
      - targets: ['node-exporter:9100']
  - job_name: 'cloud-docker'
    static_configs:
      - targets: ['cadvisor:8080']
  - job_name: 'prometheus'
    static_configs:
      - targets: ['localhost:9090']
  # --- VM3: MYSTIC-DATABASES (Remote via Tailscale) ---
  - job_name: 'vm3-node'
    static_configs:
      - targets: ['100.109.59.41:9100']
        labels:
          instance: 'mystic-database'
          role: 'database'
          env: 'prod'
-      - targets: ['100.120.171.124:9100']
+  - job_name: 'vm3-docker'
-        labels:
+    static_configs:
-          instance: 'mystic-passwords'
+      - targets: ['100.109.59.41:8080']
          role: 'vault'
          env: 'prod'
-      - targets: ['100.98.158.31:9100']
+  - job_name: 'vm3-postgres'
-        labels:
+    static_configs:
-          instance: 'mystic-git'
+      - targets: ['100.109.59.41:9187']
          role: 'git'
          env: 'prod'
-      - targets: ['100.80.179.128:9100']
+  - job_name: 'vm3-mongo'
-        labels:
+    static_configs:
-          instance: 'mystic-cloud'
+      - targets: ['100.109.59.41:9216']
          role: 'monitoring'
          env: 'prod'