From a90840b1dcfbdecc47079d61676aba8189222624 Mon Sep 17 00:00:00 2001
From: Tobias Reisinger <tobias@msrg.cc>
Date: Wed, 13 Dec 2023 01:11:54 +0100
Subject: [PATCH] Add docker_log monitoring to telegraf

---
 .../group_vars/all/compose_defaults.yml       |  6 +++++
 _ansible/roles/acme-dns/vars/main.yml         |  1 +
 _ansible/roles/coder/vars/main.yml            |  7 +++--
 .../roles/telegraf/templates/telegraf.conf.j2 | 14 +++++++---
 _ansible/roles/telegraf/vars/main.yml         | 26 +++++++++++++++++++
 _ansible/roles/tinytinyrss/vars/main.yml      |  6 ++---
 _ansible/templates/docker-compose.yml.j2      |  4 +++
 backup/Dockerfile                             |  7 ++---
 8 files changed, 58 insertions(+), 13 deletions(-)

diff --git a/_ansible/inventory/group_vars/all/compose_defaults.yml b/_ansible/inventory/group_vars/all/compose_defaults.yml
index 5af6c7a..826a799 100644
--- a/_ansible/inventory/group_vars/all/compose_defaults.yml
+++ b/_ansible/inventory/group_vars/all/compose_defaults.yml
@@ -25,3 +25,9 @@ compose_file_volumes:
   services:
     app:
       volumes: "{{ compose.volumes }}"
+
+compose_file_monitoring_label:
+  services:
+    app:
+      labels:
+        com.influxdata.telegraf.enable: true
diff --git a/_ansible/roles/acme-dns/vars/main.yml b/_ansible/roles/acme-dns/vars/main.yml
index 4c2cc7b..67baabe 100644
--- a/_ansible/roles/acme-dns/vars/main.yml
+++ b/_ansible/roles/acme-dns/vars/main.yml
@@ -15,6 +15,7 @@ svc:
 
 compose:
   watchtower: true
+  monitoring: true
   image: joohoi/acme-dns
   volumes:
     - ./config:/etc/acme-dns:ro
diff --git a/_ansible/roles/coder/vars/main.yml b/_ansible/roles/coder/vars/main.yml
index e8d252c..863ef64 100644
--- a/_ansible/roles/coder/vars/main.yml
+++ b/_ansible/roles/coder/vars/main.yml
@@ -26,7 +26,10 @@ compose:
   watchtower: true
   image: ghcr.io/coder/coder:latest
   env: true
-  group_add:
-  - "972" # docker group on host
   volumes:
   - /var/run/docker.sock:/var/run/docker.sock
+  file:
+    services:
+      app:
+        group_add:
+        - "972" # docker group on host
diff --git a/_ansible/roles/telegraf/templates/telegraf.conf.j2 b/_ansible/roles/telegraf/templates/telegraf.conf.j2
index 503474f..9b4c404 100644
--- a/_ansible/roles/telegraf/templates/telegraf.conf.j2
+++ b/_ansible/roles/telegraf/templates/telegraf.conf.j2
@@ -18,9 +18,9 @@
 
 [[inputs.prometheus]]
   urls = [
-    {%- for url in svc.prometheus.urls -%}
-		"{{ url }}",
-	{%- endfor -%}
+  {%- for url in svc.prometheus.urls -%}
+    "{{ url }}",
+  {%- endfor -%}
   ]
 
   bearer_token_string = "{{ svc.prometheus.bearer_token }}"
@@ -30,3 +30,11 @@
   ignored_databases = ["postgres", "template0", "template1"]
   prepared_statements = true
 
+[[inputs.docker_log]]
+  endpoint = "{{ svc.docker_log.endpoint }}"
+
+  docker_label_include = [
+    "com.influxdata.telegraf.enable"
+  ]
+
+  source_tag = {{ svc.docker_log.source_tag|lower }}
diff --git a/_ansible/roles/telegraf/vars/main.yml b/_ansible/roles/telegraf/vars/main.yml
index 727c9d1..b25e529 100644
--- a/_ansible/roles/telegraf/vars/main.yml
+++ b/_ansible/roles/telegraf/vars/main.yml
@@ -18,12 +18,38 @@ svc:
     host: "{{ postgres.host }}"
     port: "{{ postgres.port }}"
     database: "telegraf"
+  docker_log:
+    endpoint: "unix:///var/run/docker.sock"
+    # from_beginning: false
+    # timeout: "5s"
+
+    # container_name_include: []
+    # container_name_exclude: []
+
+    # docker_label_include: []
+    # docker_label_exclude: []
+
+    ## Set the source tag for the metrics to the container ID hostname, eg first 12 chars
+    source_tag: false
+
+    ## Optional TLS Config
+    # tls_ca: "/etc/telegraf/ca.pem"
+    # tls_cert: "/etc/telegraf/cert.pem"
+    # tls_key: "/etc/telegraf/key.pem"
+    ## Use TLS but skip chain & host verification
+    # insecure_skip_verify: false
 
 compose:
   watchtower: false
   image: telegraf:1.28
   volumes:
+    - /var/run/docker.sock:/var/run/docker.sock
     - ./telegraf.conf:/etc/telegraf/telegraf.conf:ro
   file:
+    services:
+      app:
+        user: telegraf
+        group_add:
+        - "972" # docker group on host
     volumes:
       data:
diff --git a/_ansible/roles/tinytinyrss/vars/main.yml b/_ansible/roles/tinytinyrss/vars/main.yml
index 55f8a22..a5c4cff 100644
--- a/_ansible/roles/tinytinyrss/vars/main.yml
+++ b/_ansible/roles/tinytinyrss/vars/main.yml
@@ -26,10 +26,10 @@ compose:
     - app:/var/www/html:ro
     - ./nginx.conf:/etc/nginx/nginx.conf
   file:
-    app:
-      depends_on:
-        - tt-rss
     services:
+      app:
+        depends_on:
+          - tt-rss
       tt-rss:
         image: cthulhoo/ttrss-fpm-pgsql-static
         restart: always
diff --git a/_ansible/templates/docker-compose.yml.j2 b/_ansible/templates/docker-compose.yml.j2
index 5a5f260..0a2d43a 100644
--- a/_ansible/templates/docker-compose.yml.j2
+++ b/_ansible/templates/docker-compose.yml.j2
@@ -9,4 +9,8 @@
     {%- set compose_file = compose_file | combine(compose_file_volumes, recursive=True) -%}
 {%- endif -%}
 
+{%- if compose.monitoring | default(False) -%}
+    {%- set compose_file = compose_file | combine(compose_file_monitoring_label, recursive=True) -%}
+{%- endif -%}
+
 {{ compose_file | to_nice_yaml }}
diff --git a/backup/Dockerfile b/backup/Dockerfile
index feddb01..5cb0994 100644
--- a/backup/Dockerfile
+++ b/backup/Dockerfile
@@ -1,6 +1,3 @@
-FROM ubuntu
+FROM restic/restic
 
-ENV DEBIAN_FRONTEND=noninteractive
-
-RUN apt update -y \
-	&& apt install -y curl restic
+RUN apk add curl