feat(docker): add timezone mounts to all containers for log sync

Add /etc/localtime:/etc/localtime:ro volume mount to: - alertmanager, authelia, traefik - exporters (node-exporter, cadvisor) - fail2ban, lldap, postfix - forgejo, forgejo_runner - grafana, loki, prometheus - watchtower, app_core (postgres, redis) Ensures container logs use host timezone for consistent timestamps.
2026-03-06 15:13:52 -05:00 · 2026-03-06 15:13:52 -05:00 · dbe7b1b6b2
commit dbe7b1b6b2
parent 8da2501612
14 changed files with 17 additions and 0 deletions
--- a/roles/alertmanager/templates/docker-compose.yml.j2
+++ b/roles/alertmanager/templates/docker-compose.yml.j2
@ -7,6 +7,7 @@ services:
    volumes:
      - ./alertmanager.yml:/etc/alertmanager/alertmanager.yml:ro
      - alertmanager_data:/alertmanager
+      - /etc/localtime:/etc/localtime:ro
    networks:
      - monitoring
      - proxy
--- a/roles/app_core/templates/docker-compose.yml.j2
+++ b/roles/app_core/templates/docker-compose.yml.j2
@ -7,6 +7,7 @@ services:
      POSTGRES_DB: "app"
    volumes:
      - postgres_data:/var/lib/postgresql/data
+      - /etc/localtime:/etc/localtime:ro
    networks:
      - app
    restart: unless-stopped
@ -16,6 +17,7 @@ services:
    command: ["redis-server", "--appendonly", "yes"]
    volumes:
      - redis_data:/data
+      - /etc/localtime:/etc/localtime:ro
    networks:
      - app
    restart: unless-stopped
--- a/roles/authelia/templates/docker-compose.yml.j2
+++ b/roles/authelia/templates/docker-compose.yml.j2
@ -3,6 +3,7 @@ services:
    image: authelia/authelia:latest
    volumes:
      - /opt/authelia:/config
+      - /etc/localtime:/etc/localtime:ro
    networks:
      - proxy
    restart: unless-stopped
--- a/roles/exporters/templates/docker-compose.yml.j2
+++ b/roles/exporters/templates/docker-compose.yml.j2
@ -6,6 +6,7 @@ services:
    pid: host
    volumes:
      - /:/host:ro,rslave
+      - /etc/localtime:/etc/localtime:ro
    networks:
      - internal
    restart: unless-stopped
@ -21,6 +22,7 @@ services:
      - /var/run:/var/run:rw
      - /sys:/sys:ro
      - /var/lib/docker/:/var/lib/docker:ro
+      - /etc/localtime:/etc/localtime:ro
    networks:
      - internal
    restart: unless-stopped
--- a/roles/fail2ban/templates/docker-compose.yml.j2
+++ b/roles/fail2ban/templates/docker-compose.yml.j2
@ -11,6 +11,7 @@ services:
      - ./db:/data
      - /var/log:/var/log:ro
      - /var/lib/docker/containers:/var/lib/docker/containers:ro
+      - /etc/localtime:/etc/localtime:ro
    network_mode: host
    privileged: true
    cap_add:
--- a/roles/forgejo/templates/docker-compose.yml.j2
+++ b/roles/forgejo/templates/docker-compose.yml.j2
@ -5,6 +5,7 @@ services:
  #   command: ["redis-server", "--appendonly", "yes"]
  #   volumes:
  #     - redis_data:/data
+  #     - /etc/localtime:/etc/localtime:ro
  #   networks:
  #     - forgejo
  #   restart: unless-stopped
@ -42,6 +43,7 @@ services:
    volumes:
      - forgejo_data:/data
      - ./robots.txt:/data/forgejo/public/robots.txt:ro
+      - /etc/localtime:/etc/localtime:ro
    ports:
      - "2222:22"
    networks:
--- a/roles/forgejo_runner/templates/docker-compose.yml.j2
+++ b/roles/forgejo_runner/templates/docker-compose.yml.j2
@ -8,6 +8,7 @@ services:
    volumes:
      - ./data:/data
      - /var/run/docker.sock:/var/run/docker.sock
+      - /etc/localtime:/etc/localtime:ro
    restart: unless-stopped
    command: forgejo-runner daemon
    labels:
--- a/roles/grafana/templates/docker-compose.yml.j2
+++ b/roles/grafana/templates/docker-compose.yml.j2
@ -34,6 +34,7 @@ services:
    volumes:
      - grafana_data:/var/lib/grafana
      - ./provisioning:/etc/grafana/provisioning:ro
+      - /etc/localtime:/etc/localtime:ro
    networks:
      - monitoring
      - proxy
--- a/roles/lldap/templates/docker-compose.yml.j2
+++ b/roles/lldap/templates/docker-compose.yml.j2
@ -9,6 +9,7 @@ services:
      LLDAP_LDAP_USER_PASS: "{{ lldap_admin_password }}"
    volumes:
      - lldap_data:/data
+      - /etc/localtime:/etc/localtime:ro
    ports:
      - "127.0.0.1:17170:17170"
    networks:
--- a/roles/loki/templates/docker-compose.yml.j2
+++ b/roles/loki/templates/docker-compose.yml.j2
@ -7,6 +7,7 @@ services:
    volumes:
      - ./loki-config.yml:/etc/loki/config.yml:ro
      - loki_data:/loki
+      - /etc/localtime:/etc/localtime:ro
    networks:
      - monitoring
    restart: unless-stopped
--- a/roles/postfix/templates/docker-compose.yml.j2
+++ b/roles/postfix/templates/docker-compose.yml.j2
@ -22,6 +22,7 @@ services:
      POSTFIX_mynetworks: "127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"
    volumes:
      - /opt/postfix/ssl:/etc/ssl:ro
+      - /etc/localtime:/etc/localtime:ro
    ports:
      - "25:25"
    networks:
--- a/roles/prometheus/templates/docker-compose.yml.j2
+++ b/roles/prometheus/templates/docker-compose.yml.j2
@ -9,6 +9,7 @@ services:
      - ./prometheus.yml:/etc/prometheus/prometheus.yml:ro
      - ./alerts.yml:/etc/prometheus/alerts.yml:ro
      - prometheus_data:/prometheus
+      - /etc/localtime:/etc/localtime:ro
    networks:
      - monitoring
      - proxy
--- a/roles/traefik/templates/home-docker-compose.yml.j2
+++ b/roles/traefik/templates/home-docker-compose.yml.j2
@ -23,6 +23,7 @@ services:
    volumes:
      - {{ traefik_dir }}/letsencrypt:/letsencrypt
      - {{ traefik_dir }}/dynamic:/etc/traefik/dynamic
+      - /etc/localtime:/etc/localtime:ro
    networks:
      - proxy
    restart: always
--- a/roles/watchtower/templates/docker-compose.yml.j2
+++ b/roles/watchtower/templates/docker-compose.yml.j2
@ -6,6 +6,7 @@ services:
      DOCKER_API_VERSION: "1.44"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
+      - /etc/localtime:/etc/localtime:ro
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true