jack/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
21 commits 1 branch 0 tags 692 KiB
Commit graph

4 commits

Author SHA1 Message Date
jack
a42ff4afc7 feat: configure Telegram alerting in AlertManager
All checks were successful
CI/CD / syntax-check (push) Successful in 1m28s
Details
CI/CD / deploy (push) Successful in 6m52s
Details 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-22 03:31:35 +07:00
jack
6ebd237894 feat: major infrastructure improvements
Some checks failed
CI/CD / deploy (push) Has been cancelled
Details
CI/CD / syntax-check (push) Successful in 1m7s
Details 
Reliability:
- Add swap role (2GB, swappiness=10, idempotent via /etc/fstab)
- Add mem_limit to plane-worker (512m) and plane-beat (256m)
- Add health checks to all services (traefik, vaultwarden, forgejo,
  plane-*, syncthing, prometheus, grafana, loki)

Code quality:
- Remove Traefik Docker labels (file provider used, labels were dead code)
- Add comment explaining file provider architecture

Observability:
- Add AlertManager with Telegram notifications
- Add Prometheus alert rules: CPU, RAM, disk, swap, container health
- Add Loki + Promtail for centralized log aggregation
- Add Loki datasource to Grafana
- Enable Traefik /ping endpoint for health checks

Backups:
- Add backup role: pg_dump for forgejo + plane DBs, tar for
  vaultwarden and forgejo data
- 7-day retention, daily cron at 03:00
- Backup script at /usr/local/bin/backup-services

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-22 03:28:16 +07:00
jack
972a76db4c feat: add monitoring stack (Prometheus + Grafana + cAdvisor + Node Exporter)
All checks were successful
CI/CD / syntax-check (push) Successful in 3m0s
Details
CI/CD / deploy (push) Successful in 6m51s
Details 
- Adds monitoring Docker network (internal)
- Prometheus scrapes node-exporter (host metrics) and cAdvisor (containers)
  with 30-day retention
- Grafana exposed at dashboard.csrx.ru with pre-provisioned datasource
  and two dashboards: Node Exporter Full (1860) and cAdvisor (14282)
- Vault secret: vault_grafana_admin_password

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-22 03:05:34 +07:00
jack
6afd298730 fix: commit encrypted vault file so CI can decrypt it
All checks were successful
CI/CD / syntax-check (push) Successful in 2m0s
Details
CI/CD / deploy (push) Successful in 7m43s
Details 
vault.yml was in .gitignore so CI jobs had no vault variables.
The file is AES-256 encrypted — safe to commit to a private repo.
The password stays in ~/.vault-password-file (still gitignored).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-22 00:19:44 +07:00