Add Prometheus, cAdvisor, and node-exporter to monitoring stack

[joshdev8]

Summary

• Adds prometheus, cadvisor, and node-exporter services on monitoring_network, with a new prometheus_data volume
• Moves docs/prometheus.example.yml to prometheus/prometheus.yml and rewrites it so cAdvisor + node-exporter are active scrape jobs; Telegraf and Tautulli are commented placeholders since neither exposes /metrics natively
• Updates README (Monitoring services table, mermaid diagram, monitoring_network membership) and CLAUDE.md (replaces "No Prometheus in the stack" note with current behavior, adds cAdvisor privileged: true / port 8080 caveat)

Test plan

• docker compose config validates with a stub .env
• docker compose up -d prometheus cadvisor node-exporter brings the three new services up cleanly on a host with the full .env
• Visit http://<host>:9090/targets and confirm cadvisor and node_exporter jobs are both UP
• In Grafana, add Prometheus (http://prometheus:9090) as a data source and confirm queries against container_cpu_usage_seconds_total and node_cpu_seconds_total return data
• Confirm nothing else on the host is bound to port 8080, 9090, or 9100 before bringing the stack up

🤖 Generated with Claude Code

Summary by CodeRabbit

• New Features

  • Added integrated monitoring stack: Prometheus plus exporters for container and host metrics.

• Documentation

  • Updated architecture diagram and monitoring docs to reflect the new monitoring components.

• Chores

  • Added Prometheus configuration and removed the old Prometheus example file.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 79a86de0-59a8-4183-9715-dabb864d759e

📥 Commits

Reviewing files that changed from the base of the PR and between 7ce18c2 and 1f479c1.

📒 Files selected for processing (1)

• prometheus/prometheus.yml

---

📝 Walkthrough

Walkthrough

Adds a Prometheus-based monitoring stack to the Compose environment: new services for Prometheus, cAdvisor, and node-exporter (with persistent Prometheus storage), an in-repo Prometheus config enabling cAdvisor/node-exporter scrapes (other jobs commented), removal of the old example config, and documentation updates reflecting the wiring and cAdvisor security notes.

Changes

Prometheus Monitoring Stack

Layer / File(s)	Summary
Prometheus service and storage docker-compose.yml (lines 86–141, 377), prometheus/prometheus.yml (lines 1–10)	Adds a prometheus service with config mount and prometheus_data TSDB volume, exposes port 9090, restart policy; prometheus/prometheus.yml sets scrape_interval and evaluation_interval to 15s and includes an alerting block (Alertmanager target commented).
Metric exporters (exporter services) docker-compose.yml (lines 86–141)	Adds cadvisor (runs privileged, host filesystem/device mounts, exposes 8080, notes host-bind) and node-exporter (exposes 9100, custom proc/sys/rootfs paths and filesystem exclusions). Both join monitoring_network and use restart unless-stopped.
Prometheus scrape configuration prometheus/prometheus.yml (lines 11–33)	Enables active scrape_configs for cAdvisor (cadvisor:8080) and node-exporter (node-exporter:9100); includes commented-out stubs for Telegraf and Tautulli scrape jobs.
Docs and wiring updates README.md (lines 98–101, 150–152, 176), CLAUDE.md (lines 26, 40–42)	Architecture diagram updated to show cAdvisor/node-exporter → Prometheus → Grafana flow; monitoring services table and monitoring_network membership expanded; notes added about cAdvisor requiring privileged: true, host mounts, and binding port 8080.
Example config cleanup docs/prometheus.example.yml (deleted)	Removes the prior example Prometheus YAML; repo now contains committed prometheus/prometheus.yml instead.

Sequence Diagram

sequenceDiagram
    participant Containers as Application Containers
    participant cAdvisor as cAdvisor (8080)
    participant NodeExp as node-exporter (9100)
    participant Prometheus as Prometheus (9090)
    participant Grafana as Grafana

    Containers->>cAdvisor: expose container metrics (host mounts, privileged)
    Containers->>NodeExp: host metrics available (proc/sys/rootfs)

    Prometheus->>cAdvisor: scrape cadvisor:8080
    Prometheus->>NodeExp: scrape node-exporter:9100
    Prometheus->>Prometheus: local config/evaluation

    Grafana->>Prometheus: query metrics for dashboards
    Grafana->>Grafana: render visualizations

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• joshdev8/AutoPlexx#26: Modifies Prometheus scrape job configuration for cAdvisor and node-exporter (overlaps scrape targets).
• joshdev8/AutoPlexx#22: Reorganizes monitoring services in docker-compose.yml and monitoring_network membership, overlapping with the compose wiring changed here.

Poem

🐇 Hops through ports and scraping light,
cAdvisor guards containers by night,
Node-exporter hums the host's song,
Prometheus listens steady and strong,
Grafana paints the metrics bright.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and concisely summarizes the main change: adding three new monitoring services (Prometheus, cAdvisor, and node-exporter) to the monitoring stack.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/monitoring-stack

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

docker-compose.yml (1)

91-92: ⚡ Quick win

Consider binding monitoring ports to loopback by default.

9090, 8080, and 9100 are exposed on all interfaces; binding to 127.0.0.1 reduces accidental external exposure if host firewalling is loose.

Suggested diff

-      - "9090:9090"
+      - "127.0.0.1:9090:9090"
...
-      - "8080:8080"
+      - "127.0.0.1:8080:8080"
...
-      - "9100:9100"
+      - "127.0.0.1:9100:9100"

Also applies to: 110-111, 129-130

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docker-compose.yml` around lines 91 - 92, Ports 9090, 8080, and 9100 are
published to all interfaces; change the port mappings to bind to loopback by
prefixing with 127.0.0.1 (e.g. replace "9090:9090" with "127.0.0.1:9090:9090")
so the services are only accessible from localhost; update every occurrence of
the mappings for 9090, 8080 and 9100 in the docker-compose.yml (the entries that
currently read "9090:9090", "8080:8080", "9100:9100") accordingly and keep the
host:container order intact.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docker-compose.yml`:
- Line 99: Replace the hardcoded host bind
"./prometheus/prometheus.yml:/etc/prometheus/prometheus.yml:ro" in the
docker-compose volume entry with a ${USERDIR}-rooted path from the .env file
(e.g., "${USERDIR}/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml:ro")
so the Prometheus config mount follows the repo convention; update the volume
line in docker-compose.yml where the Prometheus bind is defined to reference
${USERDIR} instead of a relative ./ path.

In `@prometheus/prometheus.yml`:
- Around line 12-15: The active self-scrape job "prometheus" violates repo
policy—remove or comment out the job_name: "prometheus" block (the
static_configs/targets ["localhost:9090"]) so only the allowed active jobs
remain; ensure the file keeps active jobs for cadvisor and node_exporter and
that telegraf and tautulli entries remain commented out unless their metrics
endpoints are configured.

---

Nitpick comments:
In `@docker-compose.yml`:
- Around line 91-92: Ports 9090, 8080, and 9100 are published to all interfaces;
change the port mappings to bind to loopback by prefixing with 127.0.0.1 (e.g.
replace "9090:9090" with "127.0.0.1:9090:9090") so the services are only
accessible from localhost; update every occurrence of the mappings for 9090,
8080 and 9100 in the docker-compose.yml (the entries that currently read
"9090:9090", "8080:8080", "9100:9100") accordingly and keep the host:container
order intact.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 653272de-b500-403d-829c-bfcc858e5818

📥 Commits

Reviewing files that changed from the base of the PR and between 3a07357 and 7ce18c2.

📒 Files selected for processing (5)

• CLAUDE.md
• README.md
• docker-compose.yml
• docs/prometheus.example.yml
• prometheus/prometheus.yml

💤 Files with no reviewable changes (1)

• docs/prometheus.example.yml

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Use ${USERDIR}-rooted bind path for Prometheus config mount.

This path breaks the repo’s bind-mount convention and user-specific layout contract.

Suggested diff

-      - ./prometheus/prometheus.yml:/etc/prometheus/prometheus.yml:ro
+      - ${USERDIR}/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml:ro

As per coding guidelines: docker-compose.yml: All bind mount volume paths must be rooted at ${USERDIR} from .env, not hardcoded host paths, to respect user-specific storage layouts.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- ./prometheus/prometheus.yml:/etc/prometheus/prometheus.yml:ro
	- ${USERDIR}/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml:ro

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docker-compose.yml` at line 99, Replace the hardcoded host bind
"./prometheus/prometheus.yml:/etc/prometheus/prometheus.yml:ro" in the
docker-compose volume entry with a ${USERDIR}-rooted path from the .env file
(e.g., "${USERDIR}/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml:ro")
so the Prometheus config mount follows the repo convention; update the volume
line in docker-compose.yml where the Prometheus bind is defined to reference
${USERDIR} instead of a relative ./ path.

[joshdev8]

Skipping. prometheus/prometheus.yml is committed to the repo and is the same for every user — it is not user-specific state. The relative path ./prometheus/prometheus.yml resolves against the compose project directory (the repo root, where users run docker compose), so it works out of the box. Switching to ${USERDIR}/prometheus/prometheus.yml would force every user to copy the file into their USERDIR before docker compose up would succeed, which the README does not document. The CLAUDE.md ${USERDIR} rule is about user data bind mounts (/config, /media, etc.), not committed config-as-code.

[coderabbitai]

@joshdev8, that's a well-reasoned distinction — you're right. The ${USERDIR} convention is meant for user-specific runtime state (config dirs, media libraries, data directories, etc.), not for config-as-code files that are version-controlled in the repo itself. ./prometheus/prometheus.yml is the correct approach here since it resolves relative to the compose project root and works for all users without any extra setup. I'll update my understanding for future reviews.

---

✏️ Learnings added

Learnt from: joshdev8
Repo: joshdev8/AutoPlexx PR: 39
File: docker-compose.yml:99-99
Timestamp: 2026-05-13T18:25:49.929Z
Learning: In the `joshdev8/AutoPlexx` repo (`docker-compose.yml`), the `${USERDIR}` bind-mount convention applies only to **user-specific runtime state** (e.g., `/config`, `/media`, `/data` directories). Committed config-as-code files (e.g., `prometheus/prometheus.yml` checked into the repo) should use relative paths like `./prometheus/prometheus.yml`, which resolve from the compose project root. Do NOT flag relative repo-root paths as violations of the `${USERDIR}` rule.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.