Compare commits
6 Commits
restic-exp
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
| 4d7d8fc577 | |||
ef4f0ec87e
|
|||
| 2f719bc1f7 | |||
| 833d87aa14 | |||
| 11f1c6bb55 | |||
| e972ca24d8 |
@ -5,9 +5,9 @@ steps:
|
||||
- name: publish image
|
||||
image: plugins/docker
|
||||
settings:
|
||||
username: 3wordchant
|
||||
username: abra-bot
|
||||
password:
|
||||
from_secret: git_coopcloud_tech_token_3wc
|
||||
from_secret: git_coopcloud_tech_token_abra_bot
|
||||
repo: git.coopcloud.tech/coop-cloud/backup-bot-two
|
||||
tags: ${DRONE_SEMVER_BUILD}
|
||||
registry: git.coopcloud.tech
|
||||
|
||||
@ -4,6 +4,8 @@ SECRET_RESTIC_PASSWORD_VERSION=v1
|
||||
|
||||
COMPOSE_FILE=compose.yml
|
||||
|
||||
#TIMEOUT=
|
||||
|
||||
RESTIC_REPOSITORY=/backups/restic
|
||||
|
||||
CRON_SCHEDULE='30 3 * * *'
|
||||
@ -38,10 +40,3 @@ CRON_SCHEDULE='30 3 * * *'
|
||||
# it overwrites the RESTIC_REPOSITORY variable
|
||||
#SECRET_RESTIC_REPO_VERSION=v1
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.secret.yml"
|
||||
|
||||
# Restic exporter - prometheus metrics
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.exporter.yml"
|
||||
#LETS_ENCRYPT_ENV=production
|
||||
#REFRESH_INTERVAL=86400 # once per day, be cautious with small numbers, as this can create traffic
|
||||
#METRICS_DOMAIN=backup.example.com
|
||||
#TIMEZONE=Europe/Berlin
|
||||
@ -79,10 +79,8 @@ Add the key to your `authorized_keys`:
|
||||
`ssh-copy-id -i backupkey <user>@<hostname>`
|
||||
Add your `SSH_KEY` as docker secret:
|
||||
```
|
||||
abra app secret insert <backupbot_name> ssh_key v1 """$(cat backupkey)
|
||||
"""
|
||||
cat backupkey | abra app secret insert <backupbot_name> ssh_key v1
|
||||
```
|
||||
> Attention: This command needs to be executed exactly as stated above, because it places a trailing newline at the end, if this is missing you will get the following error: `Load key "/run/secrets/ssh_key": error in libcrypto`
|
||||
|
||||
### Restic REST server Storage
|
||||
|
||||
|
||||
@ -1,48 +0,0 @@
|
||||
---
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
restic-exporter:
|
||||
image: ngosang/restic-exporter:2.0.2
|
||||
environment:
|
||||
- TZ=${TIMEZONE}
|
||||
- RESTIC_REPOSITORY
|
||||
- RESTIC_PASSWORD_FILE=/run/secrets/restic_password
|
||||
- REFRESH_INTERVAL
|
||||
- METRICS_DOMAIN
|
||||
volumes:
|
||||
- data:/data
|
||||
- cache:/root/.cache/restic
|
||||
secrets:
|
||||
- restic_password
|
||||
configs:
|
||||
- source: entrypoint
|
||||
target: /entrypoint.sh
|
||||
mode: 666
|
||||
entrypoint: /entrypoint.sh
|
||||
command: /usr/local/bin/python -u /app/exporter.py
|
||||
networks:
|
||||
- proxy
|
||||
deploy:
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.services.${STACK_NAME}-metrics.loadbalancer.server.port=8001"
|
||||
- "traefik.http.routers.${STACK_NAME}-metrics.rule=Host(`${METRICS_DOMAIN}`)"
|
||||
- "traefik.http.routers.${STACK_NAME}-metrics.entrypoints=web-secure"
|
||||
- "traefik.http.routers.${STACK_NAME}-metrics.tls=true"
|
||||
- "traefik.http.routers.${STACK_NAME}-metrics.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
- "traefik.http.routers.${STACK_NAME}-metrics.middlewares=basicauth@file"
|
||||
healthcheck:
|
||||
test: ["CMD", "curl", "-f", "http://localhost:8001/metrics"]
|
||||
interval: 1m
|
||||
timeout: 10s
|
||||
retries: 60
|
||||
start_period: 1m
|
||||
|
||||
volumes:
|
||||
cache:
|
||||
data:
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
external: true
|
||||
@ -1,34 +1,16 @@
|
||||
---
|
||||
version: "3.8"
|
||||
|
||||
x-ssh_env: &ssh_env
|
||||
- SSH_KEY_FILE=/run/secrets/ssh_key
|
||||
- SSH_HOST_KEY
|
||||
|
||||
x-ssh_secrets: &ssh_secrets
|
||||
- source: ssh_key
|
||||
mode: 0400
|
||||
|
||||
x-ssh_configs: &ssh_configs
|
||||
- source: ssh_config
|
||||
target: /root/.ssh/config
|
||||
|
||||
services:
|
||||
app:
|
||||
environment:
|
||||
*ssh_env
|
||||
- SSH_KEY_FILE=/run/secrets/ssh_key
|
||||
- SSH_HOST_KEY
|
||||
secrets:
|
||||
*ssh_secrets
|
||||
- source: ssh_key
|
||||
mode: 0400
|
||||
configs:
|
||||
*ssh_configs
|
||||
|
||||
restic-exporter:
|
||||
environment:
|
||||
*ssh_env
|
||||
secrets:
|
||||
*ssh_secrets
|
||||
configs:
|
||||
*ssh_configs
|
||||
- source: ssh_config
|
||||
target: /root/.ssh/config
|
||||
|
||||
secrets:
|
||||
ssh_key:
|
||||
|
||||
@ -24,7 +24,7 @@ services:
|
||||
deploy:
|
||||
labels:
|
||||
- coop-cloud.${STACK_NAME}.version=2.3.0+2.3.0-beta
|
||||
- coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-300}
|
||||
- coop-cloud.${STACK_NAME}.timeout=${TIMEOUT}
|
||||
- coop-cloud.backupbot.enabled=true
|
||||
#entrypoint: ['tail', '-f','/dev/null']
|
||||
healthcheck:
|
||||
|
||||
@ -2,25 +2,14 @@
|
||||
|
||||
set -e
|
||||
|
||||
echo "executing entrypoint.sh..."
|
||||
|
||||
if [ -n "$SSH_HOST_KEY" ]
|
||||
then
|
||||
echo "setting ssh known hosts"
|
||||
echo "$SSH_HOST_KEY" > /root/.ssh/known_hosts
|
||||
fi
|
||||
|
||||
if [ -n "$CRON_SCHEDULE" ]
|
||||
then
|
||||
echo "setting up cronjob..."
|
||||
cron_schedule="${CRON_SCHEDULE:?CRON_SCHEDULE not set}"
|
||||
cron_schedule="${CRON_SCHEDULE:?CRON_SCHEDULE not set}"
|
||||
|
||||
echo "$cron_schedule /cronjob.sh" | crontab -
|
||||
crontab -l
|
||||
echo "$cron_schedule /cronjob.sh" | crontab -
|
||||
crontab -l
|
||||
|
||||
crond -f -d8 -L /dev/stdout
|
||||
else
|
||||
# startup for exporter
|
||||
apk --no-cache add curl
|
||||
exec /sbin/tini -- "$@"
|
||||
fi
|
||||
crond -f -d8 -L /dev/stdout
|
||||
|
||||
Reference in New Issue
Block a user