From 03dd0b5b1501d1b8960f9cc8d53e652c79c79c49 Mon Sep 17 00:00:00 2001
From: philip ramirez <philip@savant.io>
Date: Fri, 20 Mar 2026 22:42:20 -0400
Subject: [PATCH] Latest files

---
 docker-compose.yml                         | 66 ++++++++++++++++++++++
 infra/Makefile                             |  0
 infra/docker/monitoring/docker-compose.yml | 63 +++++++++++++++++++++
 infra/docker/traefik/docker-compose.yml    | 38 +++++++++++++
 infra/env/example.env                      | 35 ++++++++++++
 prometheus/prometheus.yml                  | 12 ++++
 6 files changed, 214 insertions(+)
 create mode 100644 docker-compose.yml
 create mode 100644 infra/Makefile
 create mode 100644 infra/docker/monitoring/docker-compose.yml
 create mode 100644 infra/docker/traefik/docker-compose.yml
 create mode 100644 infra/env/example.env
 create mode 100644 prometheus/prometheus.yml

diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..27c639b
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,66 @@
+services:
+  uptime-kuma:
+    image: louislam/uptime-kuma:1
+    container_name: uptime-kuma
+    restart: unless-stopped
+    volumes:
+      - uptime-kuma-data:/app/data
+    ports:
+      - "3001:3001"
+
+  prometheus:
+    image: prom/prometheus:latest
+    container_name: prometheus
+    restart: unless-stopped
+    volumes:
+      - ./prometheus:/etc/prometheus
+      - prometheus-data:/prometheus
+    command:
+      - "--config.file=/etc/prometheus/prometheus.yml"
+      - "--storage.tsdb.retention.time=15d"
+    ports:
+      - "9090:9090"
+
+  grafana:
+    image: grafana/grafana:latest
+    container_name: grafana
+    restart: unless-stopped
+    environment:
+      - GF_SECURITY_ADMIN_USER=admin
+      - GF_SECURITY_ADMIN_PASSWORD=admin   # change immediately
+    volumes:
+      - grafana-data:/var/lib/grafana
+#    ports:
+#      - "3000:3000"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.grafana.rule=Host(`grafana.vpn.savant.io`)"
+      - "traefik.http.routers.grafana.entrypoints=websecure"
+      - "traefik.http.routers.grafana.tls=true"
+      - "traefik.http.routers.grafana.tls.certresolver=cloudflare"
+      - "traefik.http.services.grafana.loadbalancer.server.port=3000"
+    networks:
+      - frontend
+      - default
+
+
+  node-exporter:
+    image: quay.io/prometheus/node-exporter:latest
+    container_name: node-exporter
+    command:
+      - '--path.rootfs=/host'
+    network_mode: host
+    pid: host
+    restart: unless-stopped
+    volumes:
+      - '/:/host:ro,rslave'
+
+volumes:
+  uptime-kuma-data:
+  prometheus-data:
+  grafana-data:
+
+networks:
+  frontend:
+    external: true
+
diff --git a/infra/Makefile b/infra/Makefile
new file mode 100644
index 0000000..e69de29
diff --git a/infra/docker/monitoring/docker-compose.yml b/infra/docker/monitoring/docker-compose.yml
new file mode 100644
index 0000000..b10f5e2
--- /dev/null
+++ b/infra/docker/monitoring/docker-compose.yml
@@ -0,0 +1,63 @@
+services:
+  uptime-kuma:
+    image: louislam/uptime-kuma:${UPTIME_KUMA_VERSION}
+    container_name: uptime-kuma
+    restart: unless-stopped
+    volumes:
+      - uptime-kuma-data:/app/data
+    ports:
+      - "${UPTIME_KUMA_PORT}:3001"
+
+  prometheus:
+    image: prom/prometheus:${PROMETHEUS_VERSION}
+    container_name: prometheus
+    restart: unless-stopped
+    volumes:
+      - ./prometheus.yml:/etc/prometheus/prometheus.yml:ro
+      - prometheus-data:/prometheus
+    command:
+      - "--config.file=/etc/prometheus/prometheus.yml"
+      - "--storage.tsdb.retention.time=${PROM_RETENTION}"
+    ports:
+      - "${PROMETHEUS_PORT}:9090"
+
+  grafana:
+    image: grafana/grafana:${GRAFANA_VERSION}
+    container_name: grafana
+    restart: unless-stopped
+    environment:
+      - GF_SECURITY_ADMIN_USER=${GRAFANA_USER}
+      - GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_PASSWORD}
+    volumes:
+      - grafana-data:/var/lib/grafana
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.grafana.rule=Host(`${GRAFANA_HOST}`)"
+      - "traefik.http.routers.grafana.entrypoints=${TRAEFIK_ENTRYPOINT}"
+      - "traefik.http.routers.grafana.tls=true"
+      - "traefik.http.routers.grafana.tls.certresolver=${TRAEFIK_RESOLVER}"
+      - "traefik.http.services.grafana.loadbalancer.server.port=3000"
+    networks:
+      - frontend
+      - default
+
+  node-exporter:
+    image: quay.io/prometheus/node-exporter:${NODE_EXPORTER_VERSION}
+    container_name: node-exporter
+    restart: unless-stopped
+    network_mode: host
+    pid: host
+    command:
+      - '--path.rootfs=/host'
+    volumes:
+      - '/:/host:ro,rslave'
+
+volumes:
+  uptime-kuma-data:
+  prometheus-data:
+  grafana-data:
+
+networks:
+  frontend:
+    external: true
+
diff --git a/infra/docker/traefik/docker-compose.yml b/infra/docker/traefik/docker-compose.yml
new file mode 100644
index 0000000..d8965b7
--- /dev/null
+++ b/infra/docker/traefik/docker-compose.yml
@@ -0,0 +1,38 @@
+services:
+  traefik:
+    image: traefik:${TRAEFIK_VERSION}
+    container_name: traefik
+    restart: unless-stopped
+    security_opt:
+      - no-new-privileges:true
+    cap_drop:
+      - ALL
+    environment:
+      - TZ=${TZ}
+      - CF_DNS_API_TOKEN=${CF_DNS_API_TOKEN}
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.middlewares.auth.basicauth.users=${BASIC_AUTH}"
+      - "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_HOST}`)"
+      - "traefik.http.routers.traefik.entrypoints=${TRAEFIK_ENTRYPOINT}"
+      - "traefik.http.routers.traefik.middlewares=auth"
+      - "traefik.http.routers.traefik.tls=true"
+      - "traefik.http.routers.traefik.tls.certresolver=${TRAEFIK_RESOLVER}"
+      - "traefik.http.services.traefik.loadbalancer.server.port=8080"
+    networks:
+      - frontend
+    ports:
+      - "${HTTP_PORT}:80"
+      - "${HTTPS_PORT}:443"
+      - "${TRAEFIK_DASHBOARD_BIND}:8080"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - ${TRAEFIK_CONFIG}:/etc/traefik/traefik.yml:ro
+      - ${TRAEFIK_MIDDLEWARES}:/middlewares.yml:ro
+      - ${ACME_FILE}:/acme.json
+      - ${LETSENCRYPT_DIR}:/letsencrypt
+
+networks:
+  frontend:
+    external: true
+
diff --git a/infra/env/example.env b/infra/env/example.env
new file mode 100644
index 0000000..459a37c
--- /dev/null
+++ b/infra/env/example.env
@@ -0,0 +1,35 @@
+TZ=America/New_York
+
+# Versions
+TRAEFIK_VERSION=v3.6
+GRAFANA_VERSION=latest
+PROMETHEUS_VERSION=latest
+UPTIME_KUMA_VERSION=1
+NODE_EXPORTER_VERSION=latest
+
+# Ports
+HTTP_PORT=80
+HTTPS_PORT=443
+TRAEFIK_DASHBOARD_BIND=10.77.20.6:8080
+PROMETHEUS_PORT=9090
+UPTIME_KUMA_PORT=3001
+
+# Domains
+TRAEFIK_HOST=traefik.vpn.savant.io
+GRAFANA_HOST=grafana.vpn.savant.io
+
+# Auth
+BASIC_AUTH=user:hashedpassword
+GRAFANA_USER=admin
+GRAFANA_PASSWORD=change_me
+
+# Traefik
+TRAEFIK_ENTRYPOINT=websecure
+TRAEFIK_RESOLVER=cloudflare
+
+# Paths
+TRAEFIK_CONFIG=/opt/traefik/traefik.yml
+TRAEFIK_MIDDLEWARES=/opt/traefik/middlewares.yml
+ACME_FILE=/opt/traefik/acme.json
+LETSENCRYPT_DIR=/opt/traefik/letsencrypt
+
diff --git a/prometheus/prometheus.yml b/prometheus/prometheus.yml
new file mode 100644
index 0000000..7ce8f3c
--- /dev/null
+++ b/prometheus/prometheus.yml
@@ -0,0 +1,12 @@
+global:
+  scrape_interval: 15s
+
+scrape_configs:
+  - job_name: "prometheus"
+    static_configs:
+      - targets: ["localhost:9090"]
+
+  - job_name: "node-exporter"
+    static_configs:
+      - targets: ["10.77.20.6:9100"]
+