feat: split restic exporter

README.md

@@ -132,6 +132,7 @@ Have a look at the Ansible roles and check how to configure them.
 | [resolv](roles/resolv/README.md)                                       | Manage resolv configuration.                                     |
 | [restic](roles/restic/README.md)                                       | Configure Restic backup jobs.                                    |
 | [restic_server](roles/restic_server/README.md)                         | Deploy Restic server container.                                  |
+| [restic_exporter](roles/restic_exporter/README.md)                     | Add nginx config for Restic exporter path.                       |
 | [s3cmd](roles/s3cmd/README.md)                                         | Install and configure s3cmd.                                     |
 | [simple_mail_forwarder](roles/simple_mail_forwarder/README.md)         | Deploy Simple Mail Forwarder container container.                |
 | [superset](roles/superset/README.md)                                   | Deploy Apache Superset container.                                |

plays/nginx.yml

@@ -18,6 +18,8 @@
       tags: bigbluebutton_exporter
     - role: n8n_exporter
       tags: n8n_exporter
+    - role: restic_exporter
+      tags: restic_exporter
     - role: loki
       tags: loki
     - role: acme_sh

roles/clean/defaults/main.yml

@@ -8,4 +8,4 @@ odoo_config_map:
 odoo_volume_name: "{{ odoo_hostname }}"
 postgres_volume_name: "{{ postgres_hostname }}"
 nginx_data_dir: "/usr/share/{{ nginx_hostname }}"
-metabase_config_map: [name: prod]
+metabase_config_map: [name: prod]

roles/docker/README.md

@@ -19,7 +19,7 @@ docker_build_dir: /tmp/build # defaults: /srv/build
 docker_log_driver: "local" # defaults: "json-file
 docker_log_max_size: "50m" # defaults: "10m"
 docker_log_max_file: "5" # defaults: "3"
-docker_login_username: janikvonrotz
+docker_login_username: example
 docker_login_password: # default: "{{ vault_docker_login_password }}"
 docker_login_users: # default: root
   - git-bot

roles/n8n_exporter/defaults/main.yml

@@ -1,4 +1,5 @@
 ---
 n8n_exporter_requires_package: "python3-passlib"
+n8n_exporter_proxy_basic_auth_username: n8n-exporter
 n8n_exporter_nginx_data_dir: "{{ nginx_data_dir }}/proxies"
 n8n_exporter_proxy_basic_auth_password: "{{ vault_n8n_exporter_proxy_basic_auth_password }}"

roles/prometheus/README.md

@@ -32,8 +32,8 @@ prometheus_bigbluebutton_exporter_basic_auth_username: bigbluebutton-exporter
 prometheus_bigbluebutton_exporter_basic_auth_password: # default: "{{ vault_prometheus_bigbluebutton_exporter_basic_auth_password }}"
 prometheus_postgres_exporter_basic_auth_username: postgres-exporter
 prometheus_postgres_exporter_basic_auth_password: # default: "{{ vault_prometheus_postgres_exporter_basic_auth_password }}"
-prometheus_restic_server_basic_auth_username: restic-server
-prometheus_restic_server_basic_auth_password: # default: "{{ vault_prometheus_restic_server_basic_auth_password }}"
+prometheus_restic_exporter_basic_auth_username: restic-exporter
+prometheus_restic_exporter_basic_auth_password: # default: "{{ vault_prometheus_restic_server_basic_auth_password }}"
 prometheus_mysqld_exporter_basic_auth_username: mysqld-exporter
 prometheus_mysqld_exporter_basic_auth_password: # default: "{{ vault_prometheus_mysqld_exporter_basic_auth_password }}"
 prometheus_odoo_exporter_basic_auth_username: odoo-exporter
@@ -56,6 +56,7 @@ nginx_proxies:
       include /etc/nginx/conf.d/proxies/nextcloud-exporter.nginx;
       include /etc/nginx/conf.d/proxies/bigbluebutton-exporter.nginx;
       include /etc/nginx/conf.d/proxies/postgres-exporter.nginx;
+      include /etc/nginx/conf.d/proxies/restic-exporter.nginx;
       include /etc/nginx/conf.d/proxies/mysqld-exporter.nginx;
       include /etc/nginx/conf.d/proxies/odoo-exporter.nginx;
       include /etc/nginx/conf.d/proxies/n8n-exporter.nginx;
@@ -82,7 +83,7 @@ The `prometheus.yml` template contains predefined srcape jobs that lookup proxy
 * **nextcloud https**: Targets are `nginx_proxies` with exporter `nextcloud`.
 * **bigbluebutton http**: Targets are `nginx_proxies` with exporter `bigbluebutton`.
 * **postgres https**:Targets are `nginx_proxies` with exporter `postgres`.
-* **restic-server https**: Targets are `nginx_proxies` with exporter `restic`.
+* **restic https**: Targets are `nginx_proxies` with exporter `restic`.
 * **mysqld https**: Targets are `nginx_proxies` with exporter `mysqld`.
 * **odoo https**: Targets are `nginx_proxies` with exporter `odoo`.
 * **n8n https**: Targets are `nginx_proxies` with exporter `n8n`.

roles/restic_exporter/README.md

@@ -0,0 +1,33 @@
+# Restic Exporter role
+
+Add nginx config for Restic exporter path.
+
+## Usage
+
+Configure the role.
+
+```yml
+restic_exporter_requires_package: python2-passlib # default: python3-passlib
+restic_exporter_nginx_data_dir: /usr/share/nginx/proxies # default: "{{ nginx_data_dir }}/proxies"
+restic_exporter_proxy_basic_auth_username: exporter # default: restic-exporter
+restic_exporter_proxy_basic_auth_password: # default: "{{ vault_restic_exporter_proxy_basic_auth_password }}"
+```
+
+Ensure the nginx proxy includes the restic-exporter config:
+
+```yml
+nginx_proxies:
+  - src_hostname: server.example.com
+    ssl: true
+    exporter: restic
+    options: |
+      include /etc/nginx/conf.d/proxies/restic-exporter.nginx;
+```
+
+Include the role in your playbook.
+
+```yml
+- hosts: restic
+  roles:
+  - role: restic_exporter
+```

roles/restic_exporter/defaults/main.yml

@@ -0,0 +1,5 @@
+---
+restic_exporter_requires_package: python3-passlib
+restic_exporter_nginx_data_dir: "{{ nginx_data_dir }}/proxies"
+restic_exporter_proxy_basic_auth_username: restic-exporter
+restic_exporter_proxy_basic_auth_password: "{{ vault_restic_exporter_proxy_basic_auth_password }}"

roles/restic_exporter/tasks/main.yml

@@ -0,0 +1,6 @@
+---
+- name: Include {{ role_name }} tasks
+  ansible.builtin.include_tasks: "{{ role_name }}.yml"
+  when: restic_server_hostname is defined
+  tags:
+    - restic_exporter

roles/restic_exporter/tasks/restic_exporter.yml

@@ -0,0 +1,25 @@
+---
+- name: Ensure nginx data dir exists
+  ansible.builtin.file:
+    path: "{{ restic_exporter_nginx_data_dir }}"
+    state: directory
+
+- name: Gather package facts
+  ansible.builtin.package_facts:
+    manager: auto
+
+- name: Fail if package {{ restic_exporter_requires_package }} is not installed
+  ansible.builtin.fail:
+    msg: Package {{ restic_exporter_requires_package }} is not installed!
+  when: restic_exporter_requires_package not in ansible_facts.packages
+
+- name: Configure user access for {{ role_name }}
+  community.general.htpasswd:
+    path: "{{ restic_exporter_nginx_data_dir }}/restic-exporter.htpasswd"
+    name: "{{ restic_exporter_proxy_basic_auth_username }}"
+    password: "{{ restic_exporter_proxy_basic_auth_password }}"
+
+- name: Copy nginx {{ role_name }} conf
+  ansible.builtin.template:
+    src: restic-exporter.nginx
+    dest: "{{ restic_exporter_nginx_data_dir }}/restic-exporter.nginx"

roles/restic_server/templates/restic-server.nginx → roles/restic_exporter/templates/restic-exporter.nginx

@@ -1,7 +1,6 @@
 location /restic-server/ {
-    auth_basic "{{ restic_server_proxy_basic_auth_username }}";
+    auth_basic "{{ restic_exporter_proxy_basic_auth_username }}";
     auth_basic_user_file /etc/nginx/conf.d/proxies/restic-server.htpasswd;
     proxy_pass http://{{ restic_server_hostname }}:8000/;
     include /etc/nginx/conf.d/proxy-params.conf;
-    proxy_set_header Authorization "Basic {{ restic_server_basic_auth | string | b64encode }}";
 }

roles/restic_server/README.md

@@ -10,14 +10,11 @@ Configure the role.
 # https://hub.docker.com/r/restic/rest-server
 restic_server_image: restic/rest-server:0.12.1
 restic_server_description: "restic server" # default: "Restic Server"
+restic_server_requires_package: python2-passlib # default: python3-passlib
 restic_server_user: restic-user # default: restic
-restic_server_password: "{{ vault_restic_server_password }}"
+restic_server_password: # default: "{{ vault_restic_server_password }}"
 restic_server_hostname: restic01
-restic_server_requires_package: python2-passlib # default: python3-passlib
 restic_server_backup_dir: /path/to/mount
-restic_server_nginx_data_dir: /usr/share/nginx/proxies # default: "{{ nginx_data_dir }}/proxies"
-restic_server_proxy_basic_auth_username: exporter # default: restic-server
-restic_server_proxy_basic_auth_password: "{{ vault_restic_server_proxy_basic_auth_password }}"
 ```
 
 And include it in your playbook.

roles/restic_server/defaults/main.yml

@@ -1,7 +1,5 @@
 ---
+restic_server_description: Restic Server
 restic_server_requires_package: python3-passlib
 restic_server_user: restic
-restic_server_description: Restic Server
-restic_server_proxy_basic_auth_username: restic-server
-restic_server_nginx_data_dir: "{{ nginx_data_dir }}/proxies"
-restic_server_basic_auth: "{{ restic_server_user }}:{{ restic_server_password }}"
+restic_server_password: "{{ vault_restic_server_password }}"

roles/restic_server/tasks/main.yml

@@ -4,10 +4,3 @@
   when: restic_server_image is defined
   tags:
     - restic_server
-
-- name: Include {{ role_name }} nginx config tasks
-  ansible.builtin.include_tasks: "{{ role_name }}_nginx_config.yml"
-  when: restic_server_image is defined
-  tags:
-    - restic_server
-    - restic_server_nginx_config