tf/modules/swarm/prometheus/prometheus.tf

data "docker_registry_image" "prometheus" {
  name = "prom/prometheus"
}

locals {
  labels_prometheus = {
    "shepherd.auto-update"                                      = "true",
    "traefik.enable"                                            = "true"
    "traefik.http.services.prometheus.loadbalancer.server.port" = "9090",
    "traefik.http.routers.prometheus.rule"                      = "Host(`prometheus.chaoswest.tv`)",
    "traefik.http.routers.prometheus.tls"                       = "true",
    "traefik.http.routers.prometheus.tls.certresolver"          = "default",
    "traefik.http.routers.prometheus.middlewares"               = "prometheus-auth",
    "traefik.http.middlewares.prometheus-auth.basicauth.users"  = "prometheus:$2y$10$XK9vcKzVol9ZWJLiSbKruuFP2jBsVrFY8Vc4ANtm6JnhsXgbnfLYm"
  }
}

resource "docker_config" "prometheus" {
  name = "prometheus-yml-${replace(timestamp(), ":", ".")}"
  data = base64encode(file("${path.module}/cfg/prometheus.yml"))
  lifecycle {
    ignore_changes        = [name]
    create_before_destroy = true
  }
}

resource "docker_service" "prometheus" {
  name = "prometheus"

  dynamic "labels" {
    for_each = local.labels_prometheus
    content {
      label = labels.key
      value = labels.value
    }
  }

  task_spec {
    networks_advanced {
      name = data.docker_network.traefik.id
    }

    networks_advanced {
      name = docker_network.metrics.id
    }

    networks_advanced {
      name = docker_network.docker_socket_proxy.id
    }

    container_spec {
      image = "${data.docker_registry_image.prometheus.name}@${data.docker_registry_image.prometheus.sha256_digest}"

      configs {
        config_id   = docker_config.prometheus.id
        config_name = docker_config.prometheus.name
        file_name   = "/etc/prometheus/prometheus.yml"
        file_uid    = "0"
        file_gid    = "0"
        file_mode   = "0444"
      }

      mounts {
        target = "/prometheus"
        source = "/mnt/data/prometheus/"
        type   = "bind"
      }

      mounts {
        target = "/var/run/docker.sock"
        source = "/var/run/docker.sock"
        type   = "bind"
      }
    }
  }
}

data "hetznerdns_zone" "primary" {
  name = "chaoswest.tv"
}

resource "hetznerdns_record" "primary" {
  zone_id = data.hetznerdns_zone.primary.id
  name    = "prometheus"
  value   = "ax41-1.fsn.mon2.de."
  type    = "CNAME"
}