From b0f2fef58fc2a42c5891084f4d245a004e374112 Mon Sep 17 00:00:00 2001
From: ObNitram <mart1.guillemot@gmail.com>
Date: Sun, 18 Jan 2026 15:49:35 +0100
Subject: [PATCH] Add observability stack configuration for Grafana,
 Prometheus, Loki, and cAdvisor

---
 observability/compose.yaml                    | 153 ++++++++++++++++++
 .../prometheus/prometheus-compose.yaml        |  26 +++
 observability/stack.yaml                      |   8 +-
 3 files changed, 183 insertions(+), 4 deletions(-)
 create mode 100644 observability/compose.yaml
 create mode 100644 observability/prometheus/prometheus-compose.yaml

diff --git a/observability/compose.yaml b/observability/compose.yaml
new file mode 100644
index 0000000..fe97801
--- /dev/null
+++ b/observability/compose.yaml
@@ -0,0 +1,153 @@
+networks:
+  observability-network:
+    driver: overlay
+    attachable: false
+    internal: true
+    driver_opts:
+      encrypted: "true"
+
+  grafana-frontend-network:
+    driver: overlay
+    attachable: false
+    internal: true
+    driver_opts:
+      encrypted: "true"
+
+  proxy-docker-network:
+    external: true
+
+secrets:
+  grafana-admin-user:
+    file: ./secrets/grafana-admin-user.txt
+  grafana-admin-password:
+    file: ./secrets/grafana-admin-password.txt
+
+volumes:
+  grafana-storage: {}
+  prometheus-storage: {}
+  loki-storage: {}
+
+configs:
+  prometheus-config-v1:
+    file: ./prometheus/prometheus-compose.yaml
+
+services:
+  grafana:
+    image: ghcr.io/obnitram/observability/grafana:v1.0
+    environment:
+      GF_SECURITY_ADMIN_USER__FILE: /run/secrets/grafana-admin-user
+      GF_SECURITY_ADMIN_PASSWORD__FILE: /run/secrets/grafana-admin-password
+    secrets:
+      - grafana-admin-user
+      - grafana-admin-password
+    volumes:
+      - grafana-storage:/var/lib/grafana
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: any
+      labels:
+        - "traefik.enable=true"
+        - "traefik.http.routers.grafana.entrypoints=admin"
+        - "traefik.http.routers.grafana.rule=Host(`grafana.localhost`)"
+
+        - "traefik.http.routers.grafana.middlewares=compress-grafana"
+        - "traefik.http.middlewares.compress-grafana.compress=true"
+        - "traefik.http.middlewares.compress-grafana.compress.encodings=zstd, br, gzip"
+
+        - "traefik.http.routers.grafana.service=grafana"
+        - "traefik.http.services.grafana.loadbalancer.server.port=3000"
+    networks:
+      - proxy-docker-network
+      - grafana-frontend-network
+
+  prometheus:
+    image: ghcr.io/obnitram/observability/prometheus:v0.2
+    volumes:
+      - prometheus-storage:/prometheus
+    configs:
+      - source: prometheus-config-v1
+        target: /etc/prometheus/prometheus.yaml
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: any
+      placement:
+        constraints:
+          - node.role == manager
+      labels:
+        - "traefik.enable=true"
+        - "traefik.http.routers.prometheus.entrypoints=admin"
+        - "traefik.http.routers.prometheus.rule=Host(`prometheus.localhost`)"
+
+        - "traefik.http.routers.prometheus.middlewares=compress-prometheus"
+        - "traefik.http.middlewares.compress-prometheus.compress=true"
+        - "traefik.http.middlewares.compress-prometheus.compress.encodings=zstd, br, gzip"
+
+        - "traefik.http.routers.prometheus.service=prometheus"
+        - "traefik.http.services.prometheus.loadbalancer.server.port=9090"
+    networks:
+      - observability-network
+      - grafana-frontend-network
+      - proxy-docker-network
+
+  loki:
+    image: ghcr.io/obnitram/observability/loki:v0.1
+    volumes:
+      - loki-storage:/loki
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: any
+      placement:
+        constraints:
+          - node.role == manager
+    networks:
+      - observability-network
+      - grafana-frontend-network
+
+  cadvisor:
+    image: gcr.io/cadvisor/cadvisor:latest
+    volumes:
+      - /:/rootfs:ro
+      - /run:/run:ro
+      - /sys:/sys:ro
+      - /var/lib/docker/:/var/lib/docker:ro
+      - /dev/disk/:/dev/disk:ro
+    deploy:
+      mode: global
+      endpoint_mode: dnsrr
+      restart_policy:
+        condition: any
+    networks:
+      - observability-network
+
+  node_exporter:
+    image: quay.io/prometheus/node-exporter:latest
+    hostname: "{{.Node.Hostname}}"
+    command:
+      - "--path.rootfs=/host"
+    volumes:
+      - "/:/host:ro,rslave"
+    deploy:
+      mode: global
+      endpoint_mode: dnsrr
+      restart_policy:
+        condition: any
+    networks:
+      - observability-network
+
+  alloy:
+    image: ghcr.io/obnitram/observability/alloy:v0.1
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    deploy:
+      mode: global
+      endpoint_mode: dnsrr
+      restart_policy:
+        condition: any
+    networks:
+      - observability-network
diff --git a/observability/prometheus/prometheus-compose.yaml b/observability/prometheus/prometheus-compose.yaml
new file mode 100644
index 0000000..5ecb68a
--- /dev/null
+++ b/observability/prometheus/prometheus-compose.yaml
@@ -0,0 +1,26 @@
+# Prometheus main configuration
+
+global:
+  scrape_interval: 30s
+  evaluation_interval: 30s
+
+scrape_configs:
+  # Scrape Prometheus itself
+  - job_name: "prometheus"
+    static_configs:
+      - targets: ["prometheus:9090"]
+    metrics_path: /metrics
+
+  # Scrape cAdvisor
+  - job_name: "cadvisor"
+    static_configs:
+      - targets: ["cadvisor:8080"]
+
+  # Scrape Node Exporter
+  - job_name: "node_exporter"
+    static_configs:
+      - targets: ["node_exporter:9100"]
+
+  - job_name: "traefik"
+    static_configs:
+      - targets: ["traefik:9090"]
diff --git a/observability/stack.yaml b/observability/stack.yaml
index f5a5e8c..d3cf8bc 100644
--- a/observability/stack.yaml
+++ b/observability/stack.yaml
@@ -29,7 +29,7 @@ volumes:
 
 services:
   grafana:
-    image: ghcr.io/hyntaria/observability/grafana:v1.0
+    image: ghcr.io/obnitram/observability/grafana:v1.0
     environment:
       GF_SECURITY_ADMIN_USER__FILE: /run/secrets/grafana-admin-user
       GF_SECURITY_ADMIN_PASSWORD__FILE: /run/secrets/grafana-admin-password
@@ -59,7 +59,7 @@ services:
       - grafana-frontend-network
 
   prometheus:
-    image: ghcr.io/hyntaria/observability/prometheus:v0.2
+    image: ghcr.io/obnitram/observability/prometheus:v0.2
     command:
       - "--config.file=/etc/prometheus/prometheus.yml"
       - "--storage.tsdb.path=/prometheus"
@@ -90,7 +90,7 @@ services:
       - proxy-swarm-network
 
   loki:
-    image: ghcr.io/hyntaria/observability/loki:v0.1
+    image: ghcr.io/obnitram/observability/loki:v0.1
     volumes:
       - loki-storage:/loki
     deploy:
@@ -137,7 +137,7 @@ services:
       - observability-network
 
   alloy:
-    image: ghcr.io/hyntaria/observability/alloy:v0.1
+    image: ghcr.io/obnitram/observability/alloy:v0.1
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
     deploy: