---
# Self-contained Alloy stack on /opt/alloy. Runs independently from the
# host's main service (kestra/infisical/mcp/etc) so a service-side compose
# down doesn't take logging with it.
services:
  alloy:
    image: grafana/alloy:latest
    container_name: alloy
    restart: unless-stopped
    command:
      - run
      - /etc/alloy/config.alloy
      - --storage.path=/var/lib/alloy/data
      - --server.http.listen-addr=0.0.0.0:12345
    ports:
      - "12345:12345"
    # Share the host's PID namespace so prometheus.exporter.unix reads
    # /proc with the host kernel's cgroup view (cgroup-aware MemAvailable).
    # Without this, /proc/meminfo returns hybrid values: MemTotal from the
    # host cgroup but Cached/SReclaimable from the container, leading to
    # a ~25% MemAvailable inflation. See docs/audit/alloy-consolidation-2026-05-21.md.
    pid: host
    volumes:
      - /opt/alloy/config.alloy:/etc/alloy/config.alloy:ro
      - /var/lib/alloy:/var/lib/alloy
      - /var/log/journal:/var/log/journal:ro
      - /run/log/journal:/run/log/journal:ro
      - /etc/machine-id:/etc/machine-id:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      # Host metric collection for prometheus.exporter.unix (node_exporter replacement)
      - /:/host/rootfs:ro,rslave
      - /proc:/host/proc:ro
      - /sys:/host/sys:ro