Lots of stuff

templates/caddy/full/Makefile

@@ -8,11 +8,16 @@ caddy\:restart:
 	docker exec caddy caddy reload --config /etc/caddy/Caddyfile
 	@echo "Caddy configuration reloaded successfully."
 
-caddy\:crowdsec-key
+caddy\:crowdsec-key:
 	@echo "Generating new CrowdSec API key..."
 	docker exec crowdsec cscli bouncers add caddy-bouncer
 	@echo "\n=== IMPORTANT ===\nCopy the API_KEY from the output above and replace the value of CROWDSEC_API_KEY in your .env file."
 
+caddy\:generate-password:
+	@echo "Generating new password..."
+	docker exec -it caddy caddy hash-password
+	@echo "\n=== IMPORTANT ===\nCopy the password from the output above and replace the value of PROMETHEUS_PASSWORD in your Caddyfile."
+
 caddy\:logs:
 	@echo "Showing Caddy logs..."
 	docker compose logs -f caddy

templates/caddy/full/caddy/Caddyfile

@@ -42,11 +42,17 @@
 #   reverse_proxy * http://{CONTAINER_NAME}:{CONTAINER_PORT}
 # }
 
-# Example: Bypassing WAF for given API path (Useful for allowing prometheus query)
+# Example: Bypassing WAF for given API path
+# NEEDED FOR PROMETHEUS
 # api.example2.com {
+#   basic_auth {
+#     agala {$PROMETHEUS_PASSWORD}
+#   }
+#
 #   @waf {
 #     not path /api/v1/*
 #   }
+#
 #   handle @waf {
 #     coraza_waf {
 #       directives `

templates/caddy/full/docker-compose.yml

@@ -1,6 +1,6 @@
 services:
   crowdsec:
-    image: crowdsecurity/crowdsec:latest
+    image: crowdsecurity/crowdsec:v1.6.4
     container_name: crowdsec
     volumes:
       - ./crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml

templates/monitoring/docker-compose.yml

@@ -1,7 +1,7 @@
 services:
   # PORT 9099
   prometheus:
-    image: prom/prometheus:latest
+    image: prom/prometheus:v3.1.0
     container_name: prometheus
     restart: always
     volumes:
@@ -12,12 +12,26 @@ services:
 
   # PORT 9100
   node_exporter:
-    image: prom/node-exporter:latest
+    image: prom/node-exporter:v1.8.2
     container_name: node-exporter
     restart: always
     networks:
       - monitoring_net
 
+  # PORT 8080
+  cadvisor:
+    image: gcr.io/cadvisor/cadvisor:v0.49.2
+    container_name: cadvisor
+    volumes:
+      - /:/rootfs:ro
+      - /var/run:/var/run:ro
+      - /sys:/sys:ro
+      - /var/lib/docker/:/var/lib/docker:ro
+      - /dev/disk/:/dev/disk:ro
+    restart: unless-stopped
+    networks:
+      - monitoring_net
+
 networks:
   monitoring_net:
     external: true

templates/monitoring/prometheus.yml

@@ -1,5 +1,5 @@
 global:
-  scrape_interval: 5s
+  scrape_interval: 15s
 
 scrape_configs:
 
@@ -18,3 +18,7 @@ scrape_configs:
   - job_name: 'caddy'
     static_configs:
       - targets: ['caddy:2019']
+
+  - job_name: 'cadvisor'
+    static_configs:
+      - targets: ['cadvisor:8080']