small fix

make env configurable
first implementation of resti-exporter as metrics provider endpoint
2026-03-18 23:12:32 +01:00 · 2026-03-18 23:04:51 +01:00 · 2026-03-18 22:58:06 +01:00
7 changed files with 100 additions and 16 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -5,9 +5,9 @@ steps:
  - name: publish image
    image: plugins/docker
    settings:
-      username: abra-bot
+      username: 3wordchant
      password:
-        from_secret: git_coopcloud_tech_token_abra_bot
+        from_secret: git_coopcloud_tech_token_3wc
      repo: git.coopcloud.tech/coop-cloud/backup-bot-two
      tags: ${DRONE_SEMVER_BUILD}
      registry: git.coopcloud.tech
--- a/.env.sample
+++ b/.env.sample
@ -4,8 +4,6 @@ SECRET_RESTIC_PASSWORD_VERSION=v1

 COMPOSE_FILE=compose.yml

-#TIMEOUT=
-
 RESTIC_REPOSITORY=/backups/restic

 CRON_SCHEDULE='30 3 * * *'
@ -40,3 +38,10 @@ CRON_SCHEDULE='30 3 * * *'
 # it overwrites the RESTIC_REPOSITORY variable
 #SECRET_RESTIC_REPO_VERSION=v1
 #COMPOSE_FILE="$COMPOSE_FILE:compose.secret.yml"
+
+# Restic exporter - prometheus metrics
+#COMPOSE_FILE="$COMPOSE_FILE:compose.exporter.yml"
+#LETS_ENCRYPT_ENV=production
+#REFRESH_INTERVAL=86400 # once per day, be cautious with small numbers, as this can create traffic
+#METRICS_DOMAIN=backup.example.com
+#TIMEZONE=Europe/Berlin
--- a/README.md
+++ b/README.md
@ -79,8 +79,10 @@ Add the key to your `authorized_keys`:
 `ssh-copy-id -i backupkey <user>@<hostname>`
 Add your `SSH_KEY` as docker secret:
 ```
-cat backupkey | abra app secret insert <backupbot_name> ssh_key v1
+abra app secret insert <backupbot_name> ssh_key v1 """$(cat backupkey)
+"""
 ```
+> Attention: This command needs to be executed exactly as stated above, because it places a trailing newline at the end, if this is missing you will get the following error: `Load key "/run/secrets/ssh_key": error in libcrypto`

 ### Restic REST server Storage

--- a/compose.exporter.yml
+++ b/compose.exporter.yml
@ -0,0 +1,48 @@
+---
+version: "3.8"
+
+services:
+  restic-exporter:
+    image: ngosang/restic-exporter:2.0.2
+    environment:
+      - TZ=${TIMEZONE}
+      - RESTIC_REPOSITORY
+      - RESTIC_PASSWORD_FILE=/run/secrets/restic_password
+      - REFRESH_INTERVAL
+      - METRICS_DOMAIN
+    volumes:
+      - data:/data
+      - cache:/root/.cache/restic
+    secrets:
+      - restic_password
+    configs:
+      - source: entrypoint
+        target: /entrypoint.sh
+        mode: 666
+    entrypoint: /entrypoint.sh
+    command: /usr/local/bin/python -u /app/exporter.py
+    networks:
+      - proxy
+    deploy:
+      labels:
+        - "traefik.enable=true"
+        - "traefik.http.services.${STACK_NAME}-metrics.loadbalancer.server.port=8001"
+        - "traefik.http.routers.${STACK_NAME}-metrics.rule=Host(`${METRICS_DOMAIN}`)"
+        - "traefik.http.routers.${STACK_NAME}-metrics.entrypoints=web-secure"
+        - "traefik.http.routers.${STACK_NAME}-metrics.tls=true"
+        - "traefik.http.routers.${STACK_NAME}-metrics.tls.certresolver=${LETS_ENCRYPT_ENV}"
+        - "traefik.http.routers.${STACK_NAME}-metrics.middlewares=basicauth@file"
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8001/metrics"]
+      interval: 1m
+      timeout: 10s
+      retries: 60
+      start_period: 1m
+
+volumes:
+  cache:
+  data:
+
+networks:
+  proxy:
+    external: true
--- a/compose.ssh.yml
+++ b/compose.ssh.yml
@ -1,16 +1,34 @@
 ---
 version: "3.8"
+
+x-ssh_env: &ssh_env
+  - SSH_KEY_FILE=/run/secrets/ssh_key
+  - SSH_HOST_KEY
+
+x-ssh_secrets: &ssh_secrets
+  - source: ssh_key
+    mode: 0400
+
+x-ssh_configs: &ssh_configs
+  - source: ssh_config
+    target: /root/.ssh/config
+
 services:
  app:
    environment:
-      - SSH_KEY_FILE=/run/secrets/ssh_key
-      - SSH_HOST_KEY
+      *ssh_env
    secrets:
-      - source: ssh_key
-        mode: 0400
+      *ssh_secrets
    configs:
-      - source: ssh_config
-        target: /root/.ssh/config
+      *ssh_configs
+
+  restic-exporter:
+    environment:
+      *ssh_env
+    secrets:
+      *ssh_secrets
+    configs:
+      *ssh_configs

 secrets:
  ssh_key:
--- a/compose.yml
+++ b/compose.yml
@ -24,7 +24,7 @@ services:
    deploy:
      labels:
        - coop-cloud.${STACK_NAME}.version=2.3.0+2.3.0-beta
-        - coop-cloud.${STACK_NAME}.timeout=${TIMEOUT}
+        - coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-300}
        - coop-cloud.backupbot.enabled=true
    #entrypoint: ['tail', '-f','/dev/null']
    healthcheck:
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -2,14 +2,25 @@

 set -e

+echo "executing entrypoint.sh..."
+
 if [ -n "$SSH_HOST_KEY" ]
 then
+    echo "setting ssh known hosts"
    echo "$SSH_HOST_KEY" > /root/.ssh/known_hosts
 fi

-cron_schedule="${CRON_SCHEDULE:?CRON_SCHEDULE not set}"
+if [ -n "$CRON_SCHEDULE" ]
+then
+    echo "setting up cronjob..."
+    cron_schedule="${CRON_SCHEDULE:?CRON_SCHEDULE not set}"

-echo "$cron_schedule /cronjob.sh" | crontab -
-crontab -l
+    echo "$cron_schedule /cronjob.sh" | crontab -
+    crontab -l

-crond -f -d8 -L /dev/stdout
+    crond -f -d8 -L /dev/stdout
+else
+    # startup for exporter
+    apk --no-cache add curl
+    exec /sbin/tini -- "$@"
+fi
Author	SHA1	Message	Date
stevensting	2663968554	small fix All checks were successful continuous-integration/drone/push Build is passing Details continuous-integration/drone/pr Build is passing Details	2026-03-18 23:12:32 +01:00
stevensting	ac24ac336a	make env configurable All checks were successful continuous-integration/drone/push Build is passing Details continuous-integration/drone/pr Build is passing Details	2026-03-18 23:04:51 +01:00
stevensting	179039fe55	first implementation of resti-exporter as metrics provider endpoint All checks were successful continuous-integration/drone/push Build is passing Details continuous-integration/drone/pr Build is passing Details	2026-03-18 22:58:06 +01:00