# Агент мониторинга ru1: node-exporter + cadvisor (host-net) + openvpn-exporter.
# Порты 9100/8080/9176 закрыты iptables INPUT (только fr1 161.97.93.252). Скрейп — по публичному IP.
name: monitoring-agent

services:
  node-exporter:
    image: prom/node-exporter:latest
    network_mode: host
    pid: host
    restart: unless-stopped
    command:
      - '--path.procfs=/host/proc'
      - '--path.sysfs=/host/sys'
      - '--path.rootfs=/rootfs'
      - '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)'
    volumes:
      - /proc:/host/proc:ro
      - /sys:/host/sys:ro
      - /:/rootfs:ro

  cadvisor:
    image: gcr.io/cadvisor/cadvisor:latest
    network_mode: host
    restart: unless-stopped
    privileged: true
    devices:
      - /dev/kmsg
    volumes:
      - /:/rootfs:ro
      - /var/run:/var/run:ro
      - /sys:/sys:ro
      - /var/lib/docker/:/var/lib/docker:ro
      - /dev/disk/:/dev/disk:ro

  openvpn-exporter:
    image: kumina/openvpn-exporter:latest
    network_mode: host
    restart: unless-stopped
    command:
      - -openvpn.status_paths=/run/openvpn-server/status-openvpn.log,/var/log/openvpn-ru-status.log
    volumes:
      - /run/openvpn-server:/run/openvpn-server:ro
      - /var/log:/var/log:ro