add Container Loki

.gitignore

@@ -1,2 +1,17 @@
+# General Files
 .vscode
-cache/
+cache/
+
+# Ansible Files
+ansible/inventory/
+*.secret
+ansible/.vault-*
+ansible/.ansible
+
+# Packer Files
+packer/credentials.pkr.hcl
+
+# OpenTofu Files
+opentofu/.terraform/
+opentofu/.terraform.lock.hcl
+opentofu/terraform.tfstate

ansible.cfg

@@ -1,5 +1,5 @@
 [defaults]
-inventory = ./inventory/
+inventory = ./ansible/inventory/
 host_key_checking = False
 retry_files_enabled = False
 private_key_file = ~/.ssh/ansible_key
@@ -11,7 +11,7 @@ fact_caching_connection = ./cache
 fact_caching_timeout = 86400
 
 # Rollen-Pfade
-roles_path = ./roles/
+roles_path = ./ansible/roles/
 
 # Vault-Einstellungen
 vault_password_file = ./vault.secret

ansible/.gitignore

@@ -1,16 +0,0 @@
-# Ignore inventory file. This are Submodules
-inventory/
-
-# Ignore .secret files.... you know, there secret...
-*.secret
-.vault-*
-
-# Ignore Caching
-cache/
-
-# Ignore Testplaybook
-playbooks/global/testserver.yml
-
-# Ignore unneccessary Files
-.vscode
-.ansible

ansible/playbooks/heyer.systems/docker1.yml

@@ -51,3 +51,13 @@
       tags:
         - booklore
         - docker-container
+
+    - role: deploy_container_grafana
+      tags:
+        - grafana
+        - docker-container
+
+    - role: deploy_container_loki
+      tags:
+        - loki
+        - docker-container

ansible/roles/deploy_container_grafana/defaults/main.yml

@@ -0,0 +1,3 @@
+---
+container_grafana_version: latest
+container_grafana_domain: grafana.example.com

ansible/roles/deploy_container_grafana/tasks/main.yml

@@ -0,0 +1,24 @@
+---
+- name: Ensure data directories exist
+  ansible.builtin.file:
+    path: "{{ container_base_dir }}/"
+    state: directory
+    mode: '0755'
+  become: false
+
+- name: Deploy Docker Compose and .env files
+  ansible.builtin.template:
+    src: "{{ item.src }}"
+    dest: "{{ container_base_dir }}/{{ item.dest }}"
+    mode: '0644'
+  loop:
+    - { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' }
+    - { src: '.env.j2', dest: '.env' }
+  become: false
+
+- name: Start Container
+  community.docker.docker_compose_v2:
+    project_src: "{{ container_base_dir }}"
+    pull: always
+    docker_host: "unix:///run/user/1000/docker.sock"
+  become: false

ansible/roles/deploy_container_grafana/templates/.env.j2

@@ -0,0 +1,2 @@
+GRAFANA_VERSION={{ container_grafana_version }}
+GRAFANA_DOMAIN={{ container_grafana_domain }}

ansible/roles/deploy_container_grafana/templates/docker-compose.yml.j2

@@ -0,0 +1,32 @@
+---
+services:
+  grafana:
+    image: grafana/grafana:${GRAFANA_VERSION}
+    container_name: grafana
+    restart: unless-stopped
+    networks:
+      traefik:
+    volumes:
+     - 'grafana_storage:/var/lib/grafana'
+    environment:
+     - GF_SERVER_ROOT_URL=https://${GRAFANA_DOMAIN}/
+     - GF_PLUGINS_PREINSTALL=grafana-clock-panel
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=traefik"
+      - "traefik.http.routers.grafana.entrypoints=http"
+      - "traefik.http.routers.grafana.rule=Host(`${GRAFANA_DOMAIN}`)"
+      - "traefik.http.middlewares.grafana-https-redirect.redirectscheme.scheme=https"
+      - "traefik.http.routers.grafana.middlewares=grafana-https-redirect"
+      - "traefik.http.routers.grafana-secure.entrypoints=https"
+      - "traefik.http.routers.grafana-secure.rule=Host(`${GRAFANA_DOMAIN}`)"
+      - "traefik.http.routers.grafana-secure.tls=true"
+      - "traefik.http.routers.grafana-secure.service=grafana"
+      - "traefik.http.services.grafana.loadbalancer.server.port=3000"
+
+volumes:
+  grafana_storage: {}
+
+networks:
+  traefik:
+    external: true

ansible/roles/deploy_container_grafana/vars/main.yml

@@ -0,0 +1 @@
+container_base_dir: /opt/docker/grafana

ansible/roles/deploy_container_loki/defaults/main.yml

@@ -0,0 +1,3 @@
+---
+container_loki_version: latest
+container_loki_domain: loki.example.com

ansible/roles/deploy_container_loki/tasks/main.yml

@@ -0,0 +1,27 @@
+---
+- name: Ensure data directories exist
+  ansible.builtin.file:
+    path: "{{ container_base_dir }}/{{ item.dir }}"
+    state: directory
+    mode: '0755'
+  become: false
+  loop:
+    - {dir: "data"}
+
+- name: Deploy Docker Compose and .env files
+  ansible.builtin.template:
+    src: "{{ item.src }}"
+    dest: "{{ container_base_dir }}/{{ item.dest }}"
+    mode: '0644'
+  loop:
+    - { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' }
+    - { src: '.env.j2', dest: '.env' }
+    - { src: 'local-config.yaml.j2', dest: 'data/local-config.yaml' }
+  become: false
+
+- name: Start Container
+  community.docker.docker_compose_v2:
+    project_src: "{{ container_base_dir }}"
+    pull: always
+    docker_host: "unix:///run/user/1000/docker.sock"
+  become: false

ansible/roles/deploy_container_loki/templates/.env.j2

@@ -0,0 +1,2 @@
+LOKI_VERSION={{ container_loki_version }}
+LOKI_DOMAIN={{ container_loki_domain }}

ansible/roles/deploy_container_loki/templates/docker-compose.yml.j2

@@ -0,0 +1,26 @@
+---
+services:
+  loki:
+    image: grafana/loki:${LOKI_VERSION}
+    container_name: loki
+    networks:
+      traefik:
+    volumes:
+      - ./data/local-config.yaml:/etc/loki/local-config.yaml
+    command: -config.file=/etc/loki/local-config.yaml
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=traefik"
+      - "traefik.http.routers.loki.entrypoints=http"
+      - "traefik.http.routers.loki.rule=Host(`${LOKI_DOMAIN}`)"
+      - "traefik.http.middlewares.loki-https-redirect.redirectscheme.scheme=https"
+      - "traefik.http.routers.loki.middlewares=loki-https-redirect"
+      - "traefik.http.routers.loki-secure.entrypoints=https"
+      - "traefik.http.routers.loki-secure.rule=Host(`${LOKI_DOMAIN}`)"
+      - "traefik.http.routers.loki-secure.tls=true"
+      - "traefik.http.routers.loki-secure.service=loki"
+      - "traefik.http.services.loki.loadbalancer.server.port=3100"
+
+networks:
+  traefik:
+    external: true

ansible/roles/deploy_container_loki/templates/local-config.yaml.j2

@@ -0,0 +1,32 @@
+auth_enabled: false
+
+server:
+  http_listen_port: 3100
+
+common:
+  instance_addr: 0.0.0.0
+  path_prefix: /loki
+  storage:
+    filesystem:
+      chunks_directory: /loki/chunks
+      rules_directory: /loki/rules
+  replication_factor: 1
+  ring:
+    kvstore:
+      store: inmemory
+
+schema_config:
+  configs:
+    - from: 2020-10-24
+      store: tsdb
+      object_store: filesystem
+      schema: v13
+      index:
+        prefix: index_
+        period: 24h
+
+ruler:
+  alertmanager_url: http://localhost:9093
+
+analytics:
+  reporting_enabled: false

ansible/roles/deploy_container_loki/vars/main.yml

@@ -0,0 +1 @@
+container_base_dir: /opt/docker/loki

opentofu/.gitignore

@@ -1,3 +0,0 @@
-.terraform/
-.terraform.lock.hcl
-terraform.tfstate