m1ngsama/automa
1
0
Fork 0
mirror of https://github.com/m1ngsama/automa.git synced 2026-02-07 22:14:04 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
automa/infrastructure/README.md
m1ngsama 7bb3e05942 feat: add infrastructure services for monitoring and automation 
Add infrastructure layer with following components:

**Reverse Proxy & SSL:**
- Caddy: Auto HTTPS with Let's Encrypt, simple configuration
- Caddyfile with reverse proxy rules for Nextcloud and Grafana

**Monitoring Stack (Observability):**
- Prometheus: Metrics collection and time-series database
- Grafana: Visualization dashboards with datasource provisioning
- Loki: Lightweight log aggregation
- Promtail: Log collection agent for Docker containers
- cAdvisor: Container resource monitoring

**Automation:**
- Watchtower: Automatic Docker image updates (label-based)
- Duplicati: Remote backup with web UI and encryption support

**Security:**
- Fail2ban: Intrusion prevention and IP banning

**Key Features:**
- All services use official Alpine-based images (lightweight)
- Network isolation (automa-proxy, automa-monitoring)
- Resource limits and health checks configured
- Read-only configs where applicable
- Comprehensive README with setup instructions

**Resource Usage:**
- Total additional overhead: ~1.5GB RAM, ~16GB disk
- Follows KISS principles and Unix philosophy
- All services replaceable and independently scalable

Refs: #3
2026-01-19 16:32:00 +08:00

3.2 KiB
Raw Blame History

Infrastructure Services

Core infrastructure components for automa self-hosted platform.

Quick Start

1. Create Networks

docker network create automa-proxy
docker network create automa-monitoring

2. Setup Environment

# Copy global env file
cp ../.env.example ../.env

# Edit with your values
vim ../.env

Required variables:

DOMAIN=example.com
GRAFANA_ADMIN_PASSWORD=changeme
TZ=Asia/Shanghai

3. Start Infrastructure

# Start all at once
cd caddy && docker compose up -d && cd ..
cd monitoring && docker compose up -d && cd ..
cd watchtower && docker compose up -d && cd ..
cd duplicati && docker compose up -d && cd ..
cd fail2ban && docker compose up -d && cd ..

# Or use Makefile
make infra-up

4. Verify

docker ps
docker network ls | grep automa

Services

Caddy (Reverse Proxy)

  • Port: 80, 443
  • Web: N/A (proxy only)
  • Config: caddy/Caddyfile
  • Auto HTTPS via Let's Encrypt

Grafana (Monitoring Dashboard)

Import dashboards:

  • 11074 - Node Exporter
  • 193 - Docker
  • 12486 - Loki Logs

Prometheus (Metrics)

Loki (Logs)

  • Port: 3100 (internal)
  • No direct web UI (use Grafana)

Duplicati (Remote Backup)

Watchtower (Auto Update)

  • No ports exposed
  • Runs daily at midnight
  • Only updates containers with label: 
    labels:
  - "com.centurylinklabs.watchtower.enable=true"

Fail2ban (Security)

  • No ports exposed
  • Monitors logs and bans IPs
  • Config: fail2ban/data/jail.d/

Network Architecture

Internet
    ↓
Caddy (80/443)
    ↓
    ├─→ automa-proxy ─→ Nextcloud, Grafana
    └─→ automa-monitoring ─→ Prometheus, Loki, etc.

Updating Services

Manual Update

cd monitoring
docker compose pull
docker compose up -d

Auto Update (via Watchtower)

  • Runs daily automatically
  • Only updates labeled containers
  • To disable for a service, set label to false

Troubleshooting

Check logs

docker logs automa-caddy
docker logs automa-prometheus

Restart service

cd monitoring
docker compose restart grafana

Reset service

cd monitoring
docker compose down
docker compose up -d

Test Caddy config

docker exec -it automa-caddy caddy validate --config /etc/caddy/Caddyfile

Resource Usage

Typical usage per service:

Service CPU RAM Disk
Caddy 0.1 50M 50M
Prometheus 0.5 500M 10G
Grafana 0.1 200M 500M
Loki 0.2 300M 5G
Promtail 0.02 50M 10M
cAdvisor 0.1 100M 10M
Watchtower 0.01 30M 10M
Duplicati 0.05 100M 100M
Fail2ban 0.02 50M 100M
Total ~1.2 ~1.4G ~16G

Security Notes

  • Grafana and Duplicati only accessible via localhost
  • Add firewall rules to restrict access
  • Change default passwords
  • Enable 2FA where supported
  • Review logs regularly