m1ngsama/automa
1
0
Fork 0
mirror of https://github.com/m1ngsama/automa.git synced 2026-02-08 06:24:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
automa/infrastructure/README.md
m1ngsama 7bb3e05942 feat: add infrastructure services for monitoring and automation 
Add infrastructure layer with following components:

**Reverse Proxy & SSL:**
- Caddy: Auto HTTPS with Let's Encrypt, simple configuration
- Caddyfile with reverse proxy rules for Nextcloud and Grafana

**Monitoring Stack (Observability):**
- Prometheus: Metrics collection and time-series database
- Grafana: Visualization dashboards with datasource provisioning
- Loki: Lightweight log aggregation
- Promtail: Log collection agent for Docker containers
- cAdvisor: Container resource monitoring

**Automation:**
- Watchtower: Automatic Docker image updates (label-based)
- Duplicati: Remote backup with web UI and encryption support

**Security:**
- Fail2ban: Intrusion prevention and IP banning

**Key Features:**
- All services use official Alpine-based images (lightweight)
- Network isolation (automa-proxy, automa-monitoring)
- Resource limits and health checks configured
- Read-only configs where applicable
- Comprehensive README with setup instructions

**Resource Usage:**
- Total additional overhead: ~1.5GB RAM, ~16GB disk
- Follows KISS principles and Unix philosophy
- All services replaceable and independently scalable

Refs: #3
2026-01-19 16:32:00 +08:00

173 lines
3.2 KiB
Markdown
Raw Permalink Blame History

# Infrastructure Services
Core infrastructure components for automa self-hosted platform.
## Quick Start
### 1. Create Networks
```bash
docker network create automa-proxy
docker network create automa-monitoring
```
### 2. Setup Environment
```bash
# Copy global env file
cp ../.env.example ../.env
# Edit with your values
vim ../.env
```
Required variables:
```bash
DOMAIN=example.com
GRAFANA_ADMIN_PASSWORD=changeme
TZ=Asia/Shanghai
```
### 3. Start Infrastructure
```bash
# Start all at once
cd caddy && docker compose up -d && cd ..
cd monitoring && docker compose up -d && cd ..
cd watchtower && docker compose up -d && cd ..
cd duplicati && docker compose up -d && cd ..
cd fail2ban && docker compose up -d && cd ..
# Or use Makefile
make infra-up
```
### 4. Verify
```bash
docker ps
docker network ls | grep automa
```
## Services
### Caddy (Reverse Proxy)
- **Port**: 80, 443
- **Web**: N/A (proxy only)
- **Config**: `caddy/Caddyfile`
- Auto HTTPS via Let's Encrypt
### Grafana (Monitoring Dashboard)
- **Port**: 3000 (internal)
- **Web**: https://grafana.example.com
- **User**: admin
- **Pass**: (from .env)
Import dashboards:
- 11074 - Node Exporter
- 193 - Docker
- 12486 - Loki Logs
### Prometheus (Metrics)
- **Port**: 9090 (localhost only)
- **Web**: http://localhost:9090
- **Config**: `monitoring/prometheus.yml`
### Loki (Logs)
- **Port**: 3100 (internal)
- No direct web UI (use Grafana)
### Duplicati (Remote Backup)
- **Port**: 8200 (localhost only)
- **Web**: http://localhost:8200
- Setup backup jobs via web UI
### Watchtower (Auto Update)
- No ports exposed
- Runs daily at midnight
- Only updates containers with label:
```yaml
labels:
- "com.centurylinklabs.watchtower.enable=true"
```
### Fail2ban (Security)
- No ports exposed
- Monitors logs and bans IPs
- Config: `fail2ban/data/jail.d/`
## Network Architecture
```
Internet
Caddy (80/443)
├─→ automa-proxy ─→ Nextcloud, Grafana
└─→ automa-monitoring ─→ Prometheus, Loki, etc.
```
## Updating Services
### Manual Update
```bash
cd monitoring
docker compose pull
docker compose up -d
```
### Auto Update (via Watchtower)
- Runs daily automatically
- Only updates labeled containers
- To disable for a service, set label to `false`
## Troubleshooting
### Check logs
```bash
docker logs automa-caddy
docker logs automa-prometheus
```
### Restart service
```bash
cd monitoring
docker compose restart grafana
```
### Reset service
```bash
cd monitoring
docker compose down
docker compose up -d
```
### Test Caddy config
```bash
docker exec -it automa-caddy caddy validate --config /etc/caddy/Caddyfile
```
## Resource Usage
Typical usage per service:
| Service | CPU | RAM | Disk |
|---------|-----|-----|------|
| Caddy | 0.1 | 50M | 50M |
| Prometheus | 0.5 | 500M | 10G |
| Grafana | 0.1 | 200M | 500M |
| Loki | 0.2 | 300M | 5G |
| Promtail | 0.02 | 50M | 10M |
| cAdvisor | 0.1 | 100M | 10M |
| Watchtower | 0.01 | 30M | 10M |
| Duplicati | 0.05 | 100M | 100M |
| Fail2ban | 0.02 | 50M | 100M |
| **Total** | **~1.2** | **~1.4G** | **~16G** |
## Security Notes
- Grafana and Duplicati only accessible via localhost
- Add firewall rules to restrict access
- Change default passwords
- Enable 2FA where supported
- Review logs regularly
Reference in a new issue View git blame Copy permalink