Sync Prometheus config with working VM102 and NAS scrape targets.

Co-authored-by: Cursor <cursoragent@cursor.com>

ARCHITECTURE.md

@@ -1,150 +1,309 @@
 # Homelab architectuur
 
-Overzicht van hoe de diensten bij elkaar hangen na de verplaatsing van de **security stack** naar Proxmox VM 102. Vaste IP-referentie: [HOMELAB_IPS.md](HOMELAB_IPS.md).
+Volledig overzicht van hosts, Proxmox, NAS Docker en de security stack op VM 102.  
+Korte IP-lijst: [HOMELAB_IPS.md](HOMELAB_IPS.md) · Inventaris: [INVENTORY.md](INVENTORY.md) · Proxmox detail: [apps/proxmox/lxc-inventory.md](apps/proxmox/lxc-inventory.md).
 
-## Fysieke hosts
+---
+
+## 1. LAN-overzicht
 
 ```mermaid
 flowchart TB
-  subgraph lan [LAN 192.168.1.0/24]
+  subgraph core [Kern infrastructuur]
     NAS["Synology NAS\n192.168.1.211"]
-    VM102["Proxmox VM 102 Postgress\n192.168.1.105"]
+    PVE["Proxmox pve\n192.168.1.216 :8006"]
-    VM105["Proxmox VM 105 docker\n192.168.1.227"]
+    DELL["Proxmox dell-proxmox\n192.168.1.56 :8006"]
-    PVE216["Proxmox pve\n192.168.1.216"]
-    PVE56["Proxmox dell\n192.168.1.56"]
-    UDM["UniFi / gateway\n192.168.1.24"]
-    HA["Home Assistant\n192.168.1.235"]
   end
-  User["Browser / Git client"] --> NAS
+
+  subgraph vm102 [VM 102 Postgress]
+    VM102["192.168.1.105\nSecurity stack"]
+  end
+
+  subgraph vm105 [VM 105 docker]
+    VM227["192.168.1.227\noffice_desk_agent"]
+  end
+
+  subgraph network [Netwerk en DNS]
+    UDM["UniFi UDM\n192.168.1.24"]
+    AdGuard["AdGuard NAS\n:3001 / :53"]
+  end
+
+  subgraph smarthome [Smart home]
+    HA["Home Assistant\n192.168.1.235 :8123"]
+  end
+
+  subgraph storage [Storage / media elders]
+    TN["TrueNAS\n192.168.1.185"]
+  end
+
+  Internet((Internet)) --> UDM
+  UDM --> AdGuard
+  AdGuard --> NAS
+  AdGuard --> PVE
+  AdGuard --> DELL
+  AdGuard --> VM102
+  AdGuard --> HA
+  User["Browser / Git"] --> NAS
   User --> VM102
+  User --> PVE
+  User --> DELL
+  PVE --> VM102
+  DELL --> VM102
+  DELL --> VM227
+  NAS -->|"Gitea configs"| PVE
+  NAS -->|"Gitea configs"| DELL
 ```
 
-## Security stack (productie op VM 102)
+---
 
-Het hart van monitoring, syslog, graph en agent-draait op **één VM**. De NAS toont nog dashboards in Homarr/Homepage en beheert Git + metrics.
+## 2. Proxmox — twee clusters
+
+Configs in repo: `apps/proxmox/hosts/pve/` en `apps/proxmox/hosts/dell-proxmox/`.  
+Pull live LXC-configs: `python3 scripts/pull-lxc-from-proxmox.py` (vanaf NAS).
+
+```mermaid
+flowchart TB
+  subgraph pve216 [pve — 192.168.1.216]
+    direction TB
+    PVE_API["Web UI :8006"]
+    subgraph pve_lxc [LXC running]
+      L104[vaultwarden .5]
+      L105[linkwarden .142]
+      L107[pve-scripts .23]
+      L117[Proxy .165]
+      L118[paymenter .45]
+      L119[nodecast .99]
+      L120[homepage .192]
+      L121[nginxproxymanager]
+      L100[autocaliweb]
+      L102[clawbot]
+    end
+    subgraph pve_vm [QEMU]
+      Q101[W11 — stopped]
+      Q111[Syno-latest — stopped]
+    end
+  end
+
+  subgraph dell56 [dell-proxmox — 192.168.1.56]
+    direction TB
+    DELL_API["Web UI :8006"]
+    subgraph dell_qemu [QEMU running]
+      Q102["102 Postgress\n→ .105 security"]
+      Q104[kassa-dev]
+      Q105["105 docker\n→ .227 office agent"]
+      Q114[DeepseekTUI]
+    end
+    subgraph dell_lxc [LXC running]
+      D107[Virtualmin 192.168.5.24]
+      D109[nginxproxymanager .173]
+      D111[pegaprox .249]
+    end
+    subgraph dell_stopped [QEMU stopped]
+      Q101s[opnsense]
+      Q103[Synology]
+    end
+  end
+
+  NAS["NAS .211\nbeheer / Gitea"] --> PVE_API
+  NAS --> DELL_API
+```
+
+### Proxmox — tabel (belangrijkste systemen)
+
+| Host | IP | VMID | Naam | Type | IP app | Rol |
+|------|-----|------|------|------|--------|-----|
+| **dell** | .56 | 102 | Postgress | QEMU | **.105** | Postgres, Neo4j, Homelab Command, syslog, NATS, agent |
+| **dell** | .56 | 105 | docker | QEMU | **.227** | Office desk agent :8000 |
+| **dell** | .56 | 104 | kassa-dev | QEMU | — | Kassa dev |
+| **dell** | .56 | 114 | DeepseekTUI | QEMU | — | Deepseek TUI |
+| **dell** | .56 | 107 | Virtualmin | LXC | 192.168.5.24 | Web hosting |
+| **dell** | .56 | 109 | nginxproxymanager | LXC | .173 | Reverse proxy |
+| **dell** | .56 | 111 | pegaprox | LXC | .249 | Proxy |
+| **pve** | .216 | 120 | homepage | LXC | .192 | Homepage dashboard :3000 |
+| **pve** | .216 | 104 | vaultwarden | LXC | .5 | Wachtwoorden |
+| **pve** | .216 | 105 | linkwarden | LXC | .142 | Bookmarks |
+| **pve** | .216 | 119 | nodecast-tv | LXC | .107 | Media |
+| **pve** | .216 | 117 | Proxy | LXC | .165 | Proxy |
+| **pve** | .216 | 118 | paymenter | LXC | .45 | Billing |
+| **pve** | .216 | 121 | nginxproxymanager | LXC | — | NPM |
+
+> Veel LXCs staan **stopped** (immich, n8n, tunarr, …) — zie [lxc-inventory.md](apps/proxmox/lxc-inventory.md).
+
+---
+
+## 3. Synology NAS — Docker
 
 ```mermaid
 flowchart LR
-  subgraph sources [Data-bronnen LAN]
+  subgraph nas211 [NAS 192.168.1.211]
-    UniFi[UniFi controller .24]
+    direction TB
-    SyslogDev[Routers / switches / APs]
+    subgraph infra [Infra en Git]
+      Gitea[Gitea :3000\nSSH :2222]
+      Portainer[Portainer :9000]
+      DuckDNS[DuckDNS]
+    end
+    subgraph data [Data en DNS]
+      PgAdmin[pgAdmin :5434]
+      PGBak[(Postgres backup :5433)]
+      AdGuard[AdGuard :3001]
+    end
+    subgraph monitor [Monitoring]
+      Prom[Prometheus :9090]
+      Graf[Grafana :3002]
+      PGexp[postgres-exporter :9187]
+    end
+    subgraph apps [Apps]
+      Homarr[Homarr :4755]
+      Remote[Remotely :8080]
+      Excal[Excalidraw :3765]
+    end
+  end
+
+  PgAdmin -->|SQL| VM102PG[(Postgres VM102 :5433)]
+  Graf --> VM102PG
+  PGexp --> VM102PG
+  Prom --> PGexp
+  Prom --> Neo4jVM[Neo4j .105 :2004]
+```
+
+| Service | Poort | Verbonden met |
+|---------|-------|----------------|
+| Gitea | 3000 | Config-repo's (`homelab-configs`, `homelab-command`) |
+| pgAdmin | 5434 | Postgres **productie** op .105:5433 |
+| AdGuard | 3001, 53 | LAN DNS-filter |
+| Prometheus + Grafana | 9090, 3002 | Scrape VM102 + NAS |
+| Postgres (backup) | 5433 | Oude kopie; rollback |
+| Homarr / Homepage links | 4755 | Wijzen naar .105 voor security |
+
+---
+
+## 4. Security stack (productie VM 102)
+
+```mermaid
+flowchart LR
+  subgraph sources [Ingest bronnen]
+    UniFi[UniFi .24]
+    SyslogDev[Switches / APs / routers]
     Zeek[Zeek / Suricata]
   end
 
-  subgraph vm102 [VM 102 — 192.168.1.105]
+  subgraph vm105 [192.168.1.105 — VM 102]
     UI[homelab-command :8765]
     SyslogUDP[Syslog UDP :5514]
     PG[(postgres-homelab :5433)]
-    Neo[(Neo4j :49153 / UI :49154)]
+    Neo[(Neo4j :49153\nBrowser :49154)]
     NATS[NATS :4222]
     Mesh[mesh-normalizer]
     Agent[el-kadi-security-agent]
   end
 
-  subgraph nas [NAS — 192.168.1.211]
+  SyslogDev -->|UDP| SyslogUDP
-    Gitea[Gitea :3000]
-    PgAdmin[pgAdmin :5434]
-    Graf[Grafana :3002]
-    Prom[Prometheus :9090]
-    PGexp[postgres-exporter :9187]
-    AdGuard[AdGuard :3001]
-    PGBkp[(postgres-homelab backup :5433)]
-  end
-
-  User2[Gebruiker] --> UI
-  User2 --> PgAdmin
-  PgAdmin --> PG
-  Graf --> PG
-  Prom --> PGexp
-  PGexp --> PG
-
-  SyslogDev -->|UDP 5514| SyslogUDP
   UniFi -->|API| UI
-  Zeek -->|NATS publish| NATS
+  Zeek -->|NATS| NATS
   NATS --> Mesh
   SyslogUDP --> PG
   UI --> PG
   UI --> Neo
   Mesh --> PG
   Agent --> PG
-  AdGuard -->|DNS stats API| UI
+  UI -->|DNS stats| AdGuardNAS[AdGuard .211]
-
-  PG -.->|rollback kopie| PGBkp
 ```
 
-## Datastromen
+| Datastroom | Protocol | Doel |
+|------------|----------|------|
+| Syslog | UDP 5514 → .105 | `mesh.syslog_entries` |
+| UniFi poll | HTTPS .24 | `mesh.unifi_polls` |
+| Mesh events | NATS 4222 | `mesh.network_flows` |
+| Agent | loop 300s | `agent.*` |
+| Dashboard | HTTP 8765 | UI + API |
 
-| Stroom | Van | Naar | Poort / protocol |
+---
-|--------|-----|------|------------------|
-| Dashboard UI | Browser | VM 102 | HTTP 8765 |
-| SQL (homelab DB) | homelab-command, agent, mesh | Postgres VM 102 | 5433 |
-| Syslog ingest | Netwerkapparaten | homelab-command | UDP 5514 → `mesh.syslog_entries` |
-| Zeek/Suricata events | Sensors | NATS → mesh-normalizer | 4222 → Postgres |
-| Netwerk-topologie | homelab-command | Neo4j VM 102 | Bolt 49153 |
-| DB beheer | pgAdmin (NAS) | Postgres VM 102 | 5433 |
-| Metrics | Prometheus (NAS) | postgres-exporter → VM 102 | 9187 scrape |
-| Git configs | Ontwikkelaar | Gitea (NAS) | 3000 / SSH 2222 |
 
-## NAS — overige Docker (niet op VM 102)
+## 5. Overige LAN-systemen
+
+Deze draaien **niet** op NAS of VM 102, maar staan in Homarr/Homepage en worden door de security agent gemonitord waar nodig.
 
 ```mermaid
 flowchart TB
-  NAS["192.168.1.211"]
+  subgraph lan_other [Andere vaste systemen]
-  NAS --> Gitea
+    HA["Home Assistant .235"]
-  NAS --> AdGuard
+    TN["TrueNAS .185\nFrigate :30058"]
-  NAS --> Portainer
+    UDM["UniFi .24"]
-  NAS --> Homarr
+    NC["Nextcloud cloud.el-kadi.nl"]
-  NAS --> Homepage
+    MO150["Diverse apps .150\nPortainer, DSM, …"]
-  NAS --> PromGraf[Prometheus + Grafana]
+    MO117["Change detection .117"]
-  NAS --> PgAdmin
+    MO203["Minarca .203"]
-  NAS --> PGbak[Postgres backup]
+    Wazuh["Wazuh .73"]
+  end
+
+  AgentVM[security-agent .105] -.->|HTTP checks| HA
+  AgentVM -.-> UDM
+  UI105[homelab-command .105] -.->|Proxmox API| PVE216[.216]
+  UI105 -.-> DELL56[.56]
 ```
 
-| Service | Poort | Opmerking |
+| IP | Systeem | Opmerking |
-|---------|-------|-----------|
+|----|---------|-----------|
-| Gitea | 3000 | Config-repo's, Git SSH 2222 |
+| 192.168.1.235 | Home Assistant | Smart home |
-| AdGuard | 3001 | DNS (dashboard haalt stats op) |
+| 192.168.1.185 | TrueNAS / Frigate | NVR / camera AI |
-| Portainer | 9000 | Containerbeheer NAS |
+| 192.168.1.24 | UniFi | Gateway + controller |
-| Homarr / Homepage | 4755 / 3010 | Links naar `.105` voor security |
+| 192.168.1.150 | mo-nas / apps | Meerdere kleine services |
-| Grafana | 3002 | Postgres-datasource → `.105:5433` |
+| 192.168.1.192 | Homepage LXC | Op pve CT 120 |
-| Prometheus | 9090 | Scrapes o.a. Neo4j `.105:2004` |
+| 192.168.1.173 | NPM | dell LXC 109 |
-| postgres (backup) | 5433 | Oude kopie; stoppen na validatie |
+| 192.168.1.107 | nodecast | pve LXC 119 |
+| 192.168.5.24 | Virtualmin | dell LXC (ander subnet) |
 
-## Proxmox VM 105 docker (apart)
+---
 
-| VM | IP | Rol |
+## 6. Beheer- en config-flow
-|----|-----|-----|
-| 102 Postgress | 192.168.1.105 | Security + Postgres + Neo4j |
-| 105 docker | 192.168.1.227 | `office_desk_agent` :8000 (Proxmox/office tooling) |
-
-## Repo-structuur (Gitea)
 
 ```mermaid
-flowchart LR
+sequenceDiagram
-  Gitea["Gitea :3000\n192.168.1.211"]
+  participant Dev as Ontwikkelaar
-  Gitea --> CFG[homelab-configs\nDocker compose per app]
+  participant Gitea as Gitea NAS :3000
-  Gitea --> CMD[homelab-command\nDashboard broncode]
+  participant NAS as NAS Docker
-  CFG --> DeployNAS[Deploy NAS apps]
+  participant VM as VM102 .105
-  CFG --> DeployVM[Documentatie VM 102]
+  participant PVE as Proxmox .56/.216
-  CMD --> BuildVM[Build op VM 102\n~/homelab-command]
+
+  Dev->>Gitea: push homelab-configs
+  Dev->>VM: ssh mo@.105 deploy homelab-command
+  Dev->>PVE: Web UI / API beheer VMs
+  NAS->>VM: postgres-exporter scrape
+  NAS->>Gitea: clone configs voor restore
+  VM->>PVE: Proxmox API in dashboard
 ```
 
-| Repository | Inhoud |
+| Actie | Waar |
-|------------|--------|
+|-------|------|
-| `homelab-configs` | Compose, env-voorbeelden, Homarr/Homepage, monitoring |
+| Git configs | Gitea op NAS |
-| `homelab-command` | FastAPI dashboard, mesh-ingest, Grafana-dockerfile |
+| Security productie | VM 102 (.105) |
+| Proxmox beheer | .216 (pve) en .56 (dell) |
+| DNS | AdGuard op NAS |
+| DB GUI | pgAdmin NAS → Postgres .105 |
 
-## Snelle URL-lijst
+---
+
+## 7. Snelle URL-lijst
 
 | Wat | URL |
 |-----|-----|
-| Security dashboard | http://192.168.1.105:8765/dashboard |
+| **Security dashboard** | http://192.168.1.105:8765/dashboard |
-| Neo4j Browser | http://192.168.1.105:49154 |
+| **Neo4j Browser** | http://192.168.1.105:49154 |
-| pgAdmin | http://192.168.1.211:5434 |
+| **Proxmox pve** | https://192.168.1.216:8006 |
-| Gitea | http://192.168.1.211:3000 |
+| **Proxmox dell** | https://192.168.1.56:8006 |
-| Grafana | http://192.168.1.211:3002 |
+| **NAS DSM / apps** | http://192.168.1.211:5000 |
-| Portainer | http://192.168.1.211:9000 |
+| **Gitea** | http://192.168.1.211:3000 |
+| **pgAdmin** | http://192.168.1.211:5434 |
+| **Grafana** | http://192.168.1.211:3002 |
+| **AdGuard** | http://192.168.1.211:3001 |
+| **Portainer NAS** | http://192.168.1.211:9000 |
+| **Homarr** | http://192.168.1.211:4755 |
+| **Home Assistant** | http://192.168.1.235:8123 |
+| **UniFi** | https://192.168.1.24 |
+| **Office agent** | http://192.168.1.227:8000 |
 
-## Rollback
+---
 
-- Postgres: zie [homelab-command/docs/POSTGRES_ROLLBACK.md](http://192.168.1.211:3000/mo/homelab-command/src/branch/main/docs/POSTGRES_ROLLBACK.md) (in homelab-command repo) — `PG_HOST` terug naar `.211`, NAS-container herstarten.
+## 8. Rollback Postgres
+
+Zie repo `homelab-command` → `docs/POSTGRES_ROLLBACK.md`: `PG_HOST` terug naar `.211` en NAS-container `postgres-homelab` herstarten.

HOMELAB_IPS.md

@@ -1,30 +1,65 @@
 # Homelab IP-adressen (referentie)
 
-## Waar draait wat?
+## Kernhosts
 
-| IP | Host | Services |
+| IP | Host | Rol |
-|----|------|----------|
+|----|------|-----|
-| **192.168.1.105** | Proxmox VM 102 `Postgress` | Postgres :5433, Neo4j :49153–49155, Dashboard :8765, Syslog UDP :5514, NATS :4222, Security agent |
+| **192.168.1.211** | Synology NAS | Gitea, AdGuard, Portainer, Grafana, Prometheus, pgAdmin, Homarr, Postgres backup |
-| **192.168.1.211** | Synology NAS | Gitea :3000, pgAdmin :5434, Grafana :3002, Prometheus :9090, AdGuard :3001, Portainer :9000, Postgres **backup** :5433 |
+| **192.168.1.105** | Proxmox VM 102 `Postgress` | **Productie security:** Postgres, Neo4j, Dashboard, syslog, NATS, agent |
 | **192.168.1.227** | Proxmox VM 105 `docker` | Office desk agent :8000 |
-| **192.168.1.216** | Proxmox pve | API :8006 |
+| **192.168.1.216** | Proxmox **pve** | Hypervisor API :8006, veel LXC (vaultwarden, homepage, …) |
-| **192.168.1.56** | Proxmox dell | API :8006 |
+| **192.168.1.56** | Proxmox **dell-proxmox** | Hypervisor API :8006, VM 102/105, NPM, Virtualmin |
 
-## Standaard URLs (productie)
+## Netwerk en smart home
 
-- Dashboard: http://192.168.1.105:8765/dashboard
+| IP | Systeem |
-- Neo4j Browser: http://192.168.1.105:49154
+|----|---------|
-- pgAdmin: http://192.168.1.211:5434 (server → `192.168.1.105:5433`)
+| 192.168.1.24 | UniFi controller / gateway |
-- Gitea: http://192.168.1.211:3000
+| 192.168.1.235 | Home Assistant :8123 |
 
-## Env-variabelen (`.env` in repo)
+## Proxmox LXC (selectie, running)
+
+| IP | Hostnaam | Proxmox |
+|----|----------|---------|
+| 192.168.1.192 | homepage | pve CT 120 |
+| 192.168.1.173 | nginxproxymanager | dell CT 109 |
+| 192.168.1.249 | pegaprox | dell CT 111 |
+| 192.168.5.24 | Virtualmin | dell CT 107 |
+| 192.168.1.142 | linkwarden | pve CT 105 |
+| 192.168.1.107 | nodecast-tv | pve CT 119 |
+
+Volledige LXC-tabel: [apps/proxmox/lxc-inventory.md](apps/proxmox/lxc-inventory.md).
+
+## Overige LAN (Homepage / monitoring)
+
+| IP | Systeem |
+|----|---------|
+| 192.168.1.185 | TrueNAS / Frigate |
+| 192.168.1.150 | mo-nas, diverse apps |
+| 192.168.1.117 | Change detection |
+| 192.168.1.230 | Proxmox (extra node in Homepage) |
+
+## Env-variabelen (`homelab-configs/.env.example`)
 
 ```env
 NAS_IP=192.168.1.211
 VM102_IP=192.168.1.105
 PG_HOST=192.168.1.105
+PROXMOX_HOST_PVE=192.168.1.216
+PROXMOX_HOST_DELL=192.168.1.56
 ```
 
+## Productie-URLs
+
+| Service | URL |
+|---------|-----|
+| Security dashboard | http://192.168.1.105:8765/dashboard |
+| Neo4j | http://192.168.1.105:49154 |
+| Proxmox pve | https://192.168.1.216:8006 |
+| Proxmox dell | https://192.168.1.56:8006 |
+| Gitea | http://192.168.1.211:3000 |
+| pgAdmin | http://192.168.1.211:5434 |
+
 ## Syslog
 
-Remote syslog → **192.168.1.105:5514** (niet `.211`).
+Remote syslog → **192.168.1.105:5514**

README.md

@@ -1,6 +1,9 @@
 # Homelab Infrastructure Configuration
 
-Private Gitea-repo met **alle configs per applicatie** voor Synology NAS (`192.168.1.211`) en Proxmox VM 102 (`192.168.1.105`). Zie [HOMELAB_IPS.md](HOMELAB_IPS.md).
+Private Gitea-repo met **alle configs per applicatie** voor Synology NAS (`192.168.1.211`) en Proxmox VM 102 (`192.168.1.105`).
+
+- **Architectuur-diagrammen:** [ARCHITECTURE.md](ARCHITECTURE.md) (Proxmox, NAS, security stack, LAN)
+- **IP-lijst:** [HOMELAB_IPS.md](HOMELAB_IPS.md)
 
 **Snel herstellen:** [RESTORE.md](RESTORE.md)  
 **Volledige inventaris:** [INVENTORY.md](INVENTORY.md)  

apps/monitoring/docker-compose.monitoring.yml

@@ -0,0 +1,70 @@
+# Monitoring stack — Prometheus + postgres-exporter + Grafana
+# Start: cd monitoring && docker compose up -d --build
+# UI: Grafana http://192.168.1.211:3002 · Prometheus http://192.168.1.211:9090
+
+services:
+  prometheus:
+    image: prom/prometheus:v2.53.2
+    container_name: prometheus-homelab
+    restart: unless-stopped
+    ports:
+      - "9090:9090"
+    volumes:
+      - ./prometheus.yml:/etc/prometheus/prometheus.yml:ro
+      - ./prometheus/targets:/etc/prometheus/targets:ro
+      - prometheus-homelab-data:/prometheus
+    command:
+      - --config.file=/etc/prometheus/prometheus.yml
+      - --storage.tsdb.path=/prometheus
+      - --web.enable-lifecycle
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+    networks:
+      - homelab-monitor
+
+  postgres-exporter:
+    image: prometheuscommunity/postgres-exporter:latest
+    container_name: postgres-exporter
+    restart: unless-stopped
+    ports:
+      - "9187:9187"
+    environment:
+      DATA_SOURCE_NAME: "postgresql://mo:${PG_PASSWORD:-WaQTUw2t}@192.168.1.105:5433/homelab?sslmode=disable"
+    networks:
+      - homelab-monitor
+
+  grafana:
+    build:
+      context: ..
+      dockerfile: Dockerfile.grafana
+    image: grafana-homelab:latest
+    container_name: grafana-homelab
+    restart: unless-stopped
+    ports:
+      - "3002:3000"
+    environment:
+      GF_SECURITY_ADMIN_USER: admin
+      GF_SECURITY_ADMIN_PASSWORD: ${GRAFANA_ADMIN_PASSWORD:-WaQTUw2t}
+      GF_USERS_DEFAULT_THEME: dark
+      GF_SERVER_ROOT_URL: http://192.168.1.211:3002
+      PG_USER: mo
+      PG_DATABASE: homelab
+      HOMELAB_PG_PASSWORD: ${PG_PASSWORD:-WaQTUw2t}
+    volumes:
+      - grafana-homelab-data:/var/lib/grafana
+      - ../grafana/provisioning/dashboards:/etc/grafana/provisioning/dashboards:ro
+      - ../grafana/dashboards/homelab:/var/lib/grafana/dashboards/homelab:ro
+      - ../grafana/dashboards/imported:/var/lib/grafana/dashboards/imported:ro
+    depends_on:
+      - prometheus
+    networks:
+      - homelab-monitor
+
+volumes:
+  prometheus-homelab-data:
+  grafana-homelab-data:
+
+networks:
+  homelab-monitor:
+    name: homelab-monitor
+    driver: bridge

apps/monitoring/prometheus.yml

@@ -1,4 +1,4 @@
-# Prometheus — scrape targets op Docker bridge (naast postgres-homelab, neo4j, …).
+# Prometheus — homelab metrics (NAS stack scrapet LAN + bridge targets).
 global:
   scrape_interval: 15s
   evaluation_interval: 15s
@@ -10,35 +10,29 @@ scrape_configs:
 
   - job_name: postgres-exporter
     static_configs:
-      - targets: ["postgres-exporter-homelab:9187"]
+      - targets: ["postgres-exporter:9187"]
         labels:
           instance: postgres-vm102
 
-  # Neo4j 4.4+ enterprise metrics.prometheus.enabled → endpoint op poort 2004
+  # Neo4j Community 2026 heeft geen Prometheus :2004 — gebruik Neo4j dashboard via Postgres/Grafana SQL.
-  - job_name: neo4j
+  # Enterprise: zet server.metrics.prometheus.enabled=true en scrape :2004.
-    scrape_interval: 30s
-    metrics_path: /metrics
-    static_configs:
-      - targets: ["192.168.1.105:2004"]
-        labels:
-          instance: neo4j
 
-  # Proxmox VE — prometheus-pve-exporter; vul monitoring/prometheus/targets/extra.yml
+  - job_name: node-exporter
-  - job_name: proxmox-pve
+    scrape_interval: 30s
+    static_configs:
+      - targets: ["192.168.1.105:9100"]
+        labels:
+          instance: vm102-postgress
+          role: security
+      - targets: ["192.168.1.211:9100"]
+        labels:
+          instance: synology-nas
+          role: nas
+
+  # Proxmox: vul targets in prometheus/targets/extra.yml (prometheus-pve-exporter :9221)
+  - job_name: proxmox
     scrape_interval: 30s
     file_sd_configs:
       - files:
           - /etc/prometheus/targets/extra.yml
         refresh_interval: 1m
-
-  # Synology / SNMP: zet targets in monitoring/prometheus/targets/snmp.yml en uncomment hieronder.
-  # - job_name: snmp
-  #   scrape_interval: 60s
-  #   metrics_path: /snmp
-  #   params:
-  #     module: [synology]
-  #   static_configs:
-  #     - targets:
-  #         - 192.168.1.211
-  #       labels:
-  #         job: snmp-nas