Moved qbitclients to gluetun network

Added grafana, prometheus and snmp exporter for madrigal and node exporter for aya01

Signed-off-by: TuDatTr <tuan-dat.tran@tudattr.dev>

roles/docker/templates/aya01/compose.yaml

@@ -103,7 +103,6 @@ services:
       - "traefik.http.routers.{{ zoneminder_host }}.rule=Host(`{{ zoneminder_host}}.{{ aya01_host }}.{{ local_domain }}`)"
       - "traefik.http.services.{{ zoneminder_host }}.loadbalancer.server.port=80"
 
-
   syncthing:
     image: syncthing/syncthing
     container_name: syncthing
@@ -334,68 +333,6 @@ services:
       - "traefik.http.routers.{{ bin_host }}.rule=Host(`{{ bin_host }}.{{ aya01_host }}.{{ local_domain }}`)"
       - "traefik.http.services.{{ bin_host }}.loadbalancer.server.port={{ bin_port }}"
 
-  qbittorrentvpn:
-    image: dyonr/qbittorrentvpn
-    container_name: {{ qbit_host }}
-    restart: unless-stopped
-    privileged: true
-    depends_on:
-      - sonarr
-      - radarr
-      - lidarr
-    networks:
-      - net
-    ports:
-      - "{{ qbit_port }}:8080"
-    environment:
-      - PUID={{ puid }}
-      - PGID={{ pgid }}
-      - TZ={{ timezone }}
-      - VPN_TYPE={{ qbit_type }}
-      - LAN_NETWORK={{ qbit_lan }}
-      - NAME_SERVERS={{ qbit_dns }}
-      - ENABLE_SSL={{ qbit_ssl }}
-      - VPN_USERNAME={{ vault_qbit_vpn_user }}
-      - VPN_PASSWORD={{ vault_qbit_vpn_password }}
-    volumes:
-      - {{ qbit_remote_config }}:/config
-      - {{ qbit_downloads }}:/downloads
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.{{ qbit_host }}.rule=Host(`{{ qbit_host }}.{{ aya01_host }}.{{ local_domain }}`)"
-      - "traefik.http.services.{{ qbit_host }}.loadbalancer.server.port=8080"
-
-
-  qbittorrentvpnprivate:
-    image: dyonr/qbittorrentvpn
-    container_name: {{ qbit_private_host }}
-    restart: unless-stopped
-    privileged: true
-    depends_on:
-      - sonarr
-      - radarr
-      - lidarr
-    networks:
-      - net
-    ports:
-      - "{{ qbit_private_port }}:8080"
-    environment:
-      - PUID={{ puid }}
-      - PGID={{ pgid }}
-      - TZ={{ timezone }}
-      - VPN_TYPE={{ qbit_type }}
-      - LAN_NETWORK={{ qbit_lan }}
-      - NAME_SERVERS={{ qbit_dns }}
-      - ENABLE_SSL={{ qbit_ssl }}
-      - VPN_USERNAME={{ vault_qbit_vpn_user }}
-      - VPN_PASSWORD={{ vault_qbit_vpn_password }}
-    volumes:
-      - {{ qbit_private_remote_config }}:/config
-      - {{ qbit_downloads }}:/downloads
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.{{ qbit_private_host }}.rule=Host(`{{ qbit_private_host }}.{{ aya01_host }}.{{ local_domain }}`)"
-      - "traefik.http.services.{{ qbit_private_host }}.loadbalancer.server.port=8080"
   tautulli:
     image: lscr.io/linuxserver/tautulli:latest
     container_name: tautulli
@@ -417,6 +354,125 @@ services:
       - "traefik.http.routers.{{ tautulli_host }}.rule=Host(`{{ tautulli_host }}.{{ aya01_host }}.{{ local_domain }}`)"
       - "traefik.http.services.{{ tautulli_host }}.loadbalancer.server.port={{ tautulli_port }}"
 
+  {{ gluetun_host }}:
+    image: qmcgaw/gluetun
+    container_name: {{ gluetun_host }}
+    restart: unless-stopped
+    networks:
+      - net
+    cap_add:
+      - NET_ADMIN
+    devices:
+      - /dev/net/tun:/dev/net/tun
+    ports:
+      - {{ torrentleech_port }}:{{ torrentleech_port }}
+      - {{ qbit_port }}:{{ qbit_port }}
+    volumes:
+      - {{ gluetun_config }}:/gluetun
+    environment:
+      - PUID={{puid}}
+      - PGID={{pgid}}
+      - TZ={{ timezone }}
+      - VPN_SERVICE_PROVIDER=protonvpn
+      - UPDATER_VPN_SERVICE_PROVIDERS=protonvpn
+      - UPDATER_PERIOD=24h
+      - SERVER_COUNTRIES={{ gluetun_country }}
+      - OPENVPN_USER={{ vault_qbit_vpn_user }}+pmp
+      - OPENVPN_PASSWORD={{ vault_qbit_vpn_password }}
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.{{ gluetun_host }}.rule=Host(`{{ gluetun_host }}.{{ aya01_host }}.{{ local_domain }}`)"
+      - "traefik.http.services.{{ gluetun_host }}.loadbalancer.server.port={{ gluetun_port }}"
+      - "traefik.http.routers.{{ torrentleech_host }}.service={{ torrentleech_host }}"
+      - "traefik.http.routers.{{ torrentleech_host }}.rule=Host(`{{ torrentleech_host }}.{{ aya01_host }}.{{ local_domain }}`)"
+      - "traefik.http.services.{{ torrentleech_host }}.loadbalancer.server.port={{ torrentleech_port }}"
+      - "traefik.http.routers.{{ qbit_host }}.service={{ qbit_host }}"
+      - "traefik.http.routers.{{ qbit_host }}.rule=Host(`{{ qbit_host }}.{{ aya01_host }}.{{ local_domain }}`)"
+      - "traefik.http.services.{{ qbit_host }}.loadbalancer.server.port={{ qbit_port }}"
+
+  {{ torrentleech_host }}:
+    image: qbittorrentofficial/qbittorrent-nox
+    container_name: {{ torrentleech_host }}
+    restart: unless-stopped
+    depends_on:
+      - gluetun
+      - sonarr
+      - radarr
+      - lidarr
+    network_mode: "container:{{ gluetun_host }}"
+    environment:
+      - PUID={{ puid }}
+      - PGID={{ pgid }}
+      - TZ={{ timezone }}
+      - QBT_EULA="accept"
+      - QBT_WEBUI_PORT="{{ torrentleech_port }}"
+    volumes:
+      - {{ torrentleech_remote_config }}:/config
+      - {{ qbit_downloads }}:/downloads
+
+  {{qbit_host}}:
+    image: qbittorrentofficial/qbittorrent-nox
+    container_name: {{ qbit_host }}
+    restart: unless-stopped
+    depends_on:
+      - gluetun
+      - sonarr
+      - radarr
+      - lidarr
+    network_mode: "container:{{ gluetun_host }}"
+    environment:
+      - PUID={{ puid }}
+      - PGID={{ pgid }}
+      - TZ={{ timezone }}
+      - QBT_EULA="accept"
+      - QBT_WEBUI_PORT="{{ qbit_port }}"
+    volumes:
+      - {{ qbit_remote_config }}:/config
+      - {{ qbit_downloads }}:/downloads
+
+  {{ prometheus_host }}:
+    image: prom/prometheus
+    container_name: {{ prometheus_host }}
+    restart: unless-stopped
+    depends_on:
+      - pihole
+    networks:
+      - net
+    environment:
+      - PUID={{ puid }}
+      - PGID={{ pgid}}
+      - TZ={{ timezone }}
+    volumes:
+      - {{ prometheus_config }}:/etc/prometheus/
+    ports:
+      - {{ prometheus_port }}:9090
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.{{ prometheus_host }}.rule=Host(`{{ prometheus_host }}.{{ aya01_host }}.{{ local_domain }}`)"
+      - "traefik.http.services.{{ prometheus_host }}.loadbalancer.server.port={{ prometheus_port }}"
+
+  {{ grafana_host }}:
+    image: grafana/grafana-oss
+    container_name: {{ grafana_host }}
+    restart: unless-stopped
+    depends_on:
+      - {{ prometheus_host }}
+    networks:
+      - net
+    environment:
+      - PUID={{ grafana_puid }}
+      - PGID={{ grafana_pgid }}
+      - TZ={{ timezone }}
+    volumes:
+      - {{ grafana_data }}:/var/lib/grafana/
+      - {{ grafana_config }}:/etc/grafana/
+    ports:
+      - {{ grafana_port }}:3000
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.{{ grafana_host }}.rule=Host(`{{ grafana_host }}.{{ aya01_host }}.{{ local_domain }}`)"
+      - "traefik.http.services.{{ grafana_host }}.loadbalancer.server.port={{ grafana_port }}"
+
 networks:
   zoneminder:
     driver: bridge

roles/docker/templates/aya01/prometheus/prometheus.yml.j2

@@ -8,37 +8,32 @@ global:
   # Attach these labels to any time series or alerts when communicating with
   # external systems (federation, remote storage, Alertmanager).
   external_labels:
-      monitor: 'tudattr'
-
-# Alertmanager configuration
-alerting:
-  alertmanagers:
-  - static_configs:
-    - targets: ['localhost:9093']
+      monitor: '{{ user }}'
 
 # Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
 rule_files:
   # - "first_rules.yml"
   # - "second_rules.yml"
 
-# A scrape configuration containing exactly one endpoint to scrape:
-# Here it's Prometheus itself.
 scrape_configs:
-  # The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
-  - job_name: 'prometheus'
-
-    # Override the global default and scrape targets from this job every 5 seconds.
+  - job_name: 'node'
     scrape_interval: 10s
     scrape_timeout: 10s
     tls_config:
       insecure_skip_verify: true
-    # metrics_path defaults to '/metrics'
-    # scheme defaults to 'http'.
-
-    #static_configs:
-      #- targets: ['localhost:9090']
-  - job_name: 'mikrotik'
+    static_configs:
+    - targets: ['{{ aya01_ip }}:{{node_exporter_port}}']
+  - job_name: Mikrotik
     static_configs:
       - targets:
-          - "{{aya01_ip}}:{{ e_mikrotik_port }}"
-
+        - {{ snmp_exporter_target }}
+    metrics_path: /snmp
+    params:
+      module: [mikrotik]
+    relabel_configs:
+      - source_labels: [__address__]
+        target_label: __param_target
+      - source_labels: [__param_target]
+        target_label: instance
+      - target_label: __address__
+        replacement: {{ aya01_ip }}:{{ snmp_exporter_port }} # The SNMP exporter's real hostname:port.

roles/docker/templates/mii/swag/site-confs/code-server.subdomain.conf

@@ -0,0 +1,22 @@
+## Version 2023/02/05
+# make sure that your code-server container is named code-server
+# make sure that your dns has a cname set for code-server
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name {{ code_host }}.{{ remote_domain }};
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    location / {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        proxy_pass http://{{aya01_ip}}:{{ code_port }};
+        proxy_set_header   Upgrade $http_upgrade;
+        proxy_set_header   Connection "upgrade";
+    }
+}