Add full NAS service catalog for disaster recovery.

Compose files and configs for postgres, adguard, duckdns, homarr, neo4j, portainer, remotely, and monitoring; RESTORE.md and sync-from-nas script. Sanitize pgAdmin secrets; document homelab-command as separate repo. Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-17 13:15:24 +02:00
parent b315f593ec
commit 21dbee4b53
32 changed files with 6567 additions and 32 deletions
@@ -0,0 +1,16 @@
+# Monitoring (Prometheus + Grafana + postgres-exporter)
+
+Prometheus-config staat in deze map. **Grafana-image** en dashboards bouw je vanuit [homelab-command](http://192.168.1.211:3000/mo/homelab-command):
+
+```bash
+cd /volume1/homes/mo/homelab-command
+export PG_PASSWORD='...'
+export GRAFANA_ADMIN_PASSWORD='...'
+docker build -f Dockerfile.grafana -t grafana-homelab:latest .
+docker compose -f docker-compose.grafana.yml up -d
+# of: sh scripts/recreate_monitoring_docker.sh
+```
+
+Na start: `docker network create homelab-monitor` en verbind postgres-homelab, neo4j, prometheus, exporter, grafana.
+
+Mesh (NATS + normalizer): `docker compose -f docker-compose.mesh.yml --env-file .env up -d` in homelab-command.
@@ -0,0 +1,77 @@
+# Grafana — aparte stack (projectmap: homelab-command).
+#
+# Start (vanuit deze map):
+#   export PG_PASSWORD='jouw_postgres_wachtwoord'
+#   docker compose -f docker-compose.grafana.yml up -d --build
+#
+# UI: http://<NAS-IP>:3002  (standaard host-poort; 3001 was bezet op deze host)
+#    login: admin / GRAFANA_ADMIN_PASSWORD
+#
+# Vereist: postgres container heet postgres-homelab en luistert intern op 5432.
+# Eénmalig (DNS tussen Prometheus en postgres-exporter op Synology bridge):
+#   sh scripts/docker_monitoring_join.sh homelab-monitor
+# Daarna: docker network connect homelab-monitor postgres-homelab   # als exporter DB niet bereikt
+#
+# Dashboards (Grafana.com IDs): PostgreSQL 9628, Proxmox 10347, Neo4j 10371,
+# Synology overview 14364, Node Exporter 1860 — onder folder "Infrastructure".
+# Prometheus scrape: postgres-exporter + optioneel Neo4j :2004 / Proxmox via targets/extra.yml.
+
+services:
+  prometheus:
+    image: prom/prometheus:v2.53.2
+    container_name: prometheus-homelab
+    restart: unless-stopped
+    ports:
+      - "${PROMETHEUS_PORT:-9090}:9090"
+    volumes:
+      - ./prometheus.yml:/etc/prometheus/prometheus.yml:ro
+      - ./prometheus/targets:/etc/prometheus/targets:ro
+      - prometheus-homelab-data:/prometheus
+    command:
+      - --config.file=/etc/prometheus/prometheus.yml
+      - --storage.tsdb.path=/prometheus
+      - --web.enable-lifecycle
+    networks:
+      - homelab-monitor
+
+  postgres-exporter:
+    image: prometheuscommunity/postgres-exporter:latest
+    container_name: postgres-exporter-homelab
+    restart: unless-stopped
+    ports:
+      - "${POSTGRES_EXPORTER_PORT:-9187}:9187"
+    environment:
+      DATA_SOURCE_NAME: "postgresql://${PG_USER:-mo}:${PG_PASSWORD}@postgres-homelab:5432/${PG_DATABASE:-homelab}?sslmode=disable"
+    networks:
+      - homelab-monitor
+
+  grafana:
+    # Bouw image vanuit homelab-command repo (zie docker/monitoring/README.md)
+    image: grafana-homelab:latest
+    container_name: grafana-homelab
+    restart: unless-stopped
+    ports:
+      - "${GRAFANA_PORT:-3002}:3000"
+    environment:
+      GF_SECURITY_ADMIN_USER: ${GRAFANA_ADMIN_USER:-admin}
+      GF_SECURITY_ADMIN_PASSWORD: ${GRAFANA_ADMIN_PASSWORD:-changeme_grafana}
+      GF_USERS_DEFAULT_THEME: dark
+      GF_SERVER_ROOT_URL: ${GRAFANA_ROOT_URL:-http://localhost:3002}
+      PG_USER: ${PG_USER:-mo}
+      PG_DATABASE: ${PG_DATABASE:-homelab}
+      HOMELAB_PG_PASSWORD: ${PG_PASSWORD:-}
+    volumes:
+      - grafana-homelab-data:/var/lib/grafana
+      # Grafana provisioning/dashboards: clone homelab-command en mount paden daar
+    depends_on:
+      - prometheus
+    networks:
+      - homelab-monitor
+
+volumes:
+  grafana-homelab-data:
+  prometheus-homelab-data:
+
+networks:
+  homelab-monitor:
+    driver: bridge
@@ -0,0 +1,31 @@
+# Security Mesh stack — NATS + Go-normalizer (Zeek/Suricata JSON → Postgres).
+# Start vanuit homelab-command: docker compose -f docker-compose.mesh.yml --env-file .env.mesh up -d
+# Stop bestaande NATS op poort 4222 of wijzig poorten hieronder.
+
+services:
+  nats:
+    image: nats:2.10-alpine
+    command: ["-js", "-m", "8222"]
+    ports:
+      - "${NATS_CLIENT_PORT:-4222}:4222"
+      - "${NATS_HTTP_PORT:-8222}:8222"
+    restart: unless-stopped
+
+  mesh-normalizer:
+    image: mesh-normalizer:local
+    build:
+      context: ./mesh-ingest
+      dockerfile: Dockerfile
+    environment:
+      NATS_URL: nats://nats:4222
+      MESH_DEFAULT_TENANT_ID: ${MESH_DEFAULT_TENANT_ID:-00000000-0000-4000-8000-000000000001}
+      PG_HOST: ${PG_HOST:-172.17.0.1}
+      PG_PORT: ${PG_PORT:-5433}
+      PG_USER: ${PG_USER:-mo}
+      PG_PASSWORD: ${PG_PASSWORD:-}
+      PG_DATABASE: ${PG_DATABASE:-homelab}
+    depends_on:
+      - nats
+    restart: unless-stopped
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
@@ -0,0 +1,44 @@
+# Prometheus — scrape targets op Docker bridge (naast postgres-homelab, neo4j, …).
+global:
+  scrape_interval: 15s
+  evaluation_interval: 15s
+
+scrape_configs:
+  - job_name: prometheus
+    static_configs:
+      - targets: ["localhost:9090"]
+
+  - job_name: postgres-exporter
+    static_configs:
+      - targets: ["postgres-exporter-homelab:9187"]
+        labels:
+          instance: postgres-homelab
+
+  # Neo4j 4.4+ enterprise metrics.prometheus.enabled → endpoint op poort 2004
+  - job_name: neo4j
+    scrape_interval: 30s
+    metrics_path: /metrics
+    static_configs:
+      - targets: ["neo4j:2004"]
+        labels:
+          instance: neo4j
+
+  # Proxmox VE — prometheus-pve-exporter; vul monitoring/prometheus/targets/extra.yml
+  - job_name: proxmox-pve
+    scrape_interval: 30s
+    file_sd_configs:
+      - files:
+          - /etc/prometheus/targets/extra.yml
+        refresh_interval: 1m
+
+  # Synology / SNMP: zet targets in monitoring/prometheus/targets/snmp.yml en uncomment hieronder.
+  # - job_name: snmp
+  #   scrape_interval: 60s
+  #   metrics_path: /snmp
+  #   params:
+  #     module: [synology]
+  #   static_configs:
+  #     - targets:
+  #         - 192.168.1.211
+  #       labels:
+  #         job: snmp-nas
@@ -0,0 +1,9 @@
+# Voeg hier scrape-targets toe (YAML array van scrape_configs entries wordt NIET ondersteund —
+# dit bestand is voor **file_sd** formaat: lijst van static_configs targets).
+#
+# Voorbeeld Proxmox (prometheus-pve-exporter op host of VM):
+# - targets:
+#     - '192.168.1.10:9221'
+#   labels:
+#     instance: pve
+[]
@@ -0,0 +1,7 @@
+# Hernoem naar extra.yml of merge handmatig. Formaat: lijst van static config groepen.
+#
+# Proxmox VE exporter (github.com/prometheus-pve/prometheus-pve-exporter):
+- targets:
+    - "192.168.1.50:9221"
+  labels:
+    instance: proxmox
@@ -0,0 +1,2 @@
+# SNMP exporter targets (Synology via snmp_exporter). Leeg = geen scrapes.
+[]
@@ -0,0 +1,5 @@
+# snmp_exporter (poort 9116) die naar je Synology SNMP wijst.
+- targets:
+    - "snmp-exporter:9116"
+  labels:
+    job: synology