Grafana Dashboards

Dashboards live in code/docker/grafana/dashboards/*.json and are loaded by the provider in code/docker/grafana/provisioning/dashboards/dashboards.yml (folder: Homelab). Data sources are provisioned in datasources/datasources.yml: Prometheus (default), Loki, and Prometheus-Annotations (second Prometheus DS configured for POST — lets OOM events render as red vertical annotations on every dashboard).

The default home dashboard is set via GF_DASHBOARDS_DEFAULT_HOME_DASHBOARD_PATH=/var/lib/grafana/dashboards/node-exporter.json.

How to iterate on a dashboard

1. Edit live in Grafana UI (grafana.h5h.me). allowUiUpdates: true is set in the provider.
2. Export: dashboard gear → Share → Export → Save to file. Use Export for sharing externally: off so data-source UIDs stay bound.
3. Drop the JSON into code/docker/grafana/dashboards/<name>.json, commit.
4. make update-service s=grafana to re-apply.

disableDeletion: false is intentional — delete via git, not UI.

Catalogue

node-exporter.json — Default home

• Host CPU / memory / load / filesystem / network.
• Data source: Prometheus.
• Panels depend on metrics from the node-exporter job (node_cpu_seconds_total, node_memory_*, node_filesystem_*).
• On macOS (Docker Desktop/OrbStack), these values reflect the Linux VM allocated to Docker, not the full physical Mac. If Grafana shows ~4 GiB RAM and ~5 GiB swap, increase the Docker VM memory/swap allocation in your container runtime settings.

Docker container dashboard

• Not currently provisioned.
• The previous docker.json file in this repo was a malformed export payload (not a valid dashboard schema) and could trigger dashboard load failures.
• If this view is needed, re-import a valid dashboard JSON and wire container_* metrics (typically via cAdvisor) before enabling it.

postgres.json — Databases

• Covers Authentik, Immich, Nextcloud Postgres instances.
• Panels: active connections, transaction rate, cache hit ratio, slow queries.
• Data source: Prometheus (requires postgres_exporter — verify a scrape exists before relying on this; not currently provisioned in prometheus.yml).

traefik.json — Edge

• Request rate and latency per router, status-code breakdown.
• Data sources: Prometheus (traefik_* metrics on :8082) + Loki ({job="traefik-access"} for log drill-down).
• Pair this with HighUnauthorizedRate / HighServerErrorRate alerts.

security-access.json — Security signal

• CrowdSec decisions, 401/403 rate, top banned IPs.
• Data source: Loki (CrowdSec log stream + Traefik access log).
• The OOM annotation (via Prometheus-Annotations DS) decorates this dashboard so you can correlate denied requests with infra flap.

Known gap

postgres.json references pg_* metrics but no postgres_exporter sidecar is defined in docker-compose.yml. Either:

• Add an exporter per DB (Authentik, Immich, Nextcloud), add scrape jobs to prometheus/prometheus.yml, and keep the dashboard, or
• Remove postgres.json until an exporter is wired.

Tracked in known_issues.md.