NixOS/system/services/telemetry/alloy.nix

{
  config,
  lib,
  inputs,
  unstable,
  ...
}:
let
  cfg = config.profile.services.telemetry.alloy;
  webguiListenAddress = "0.0.0.0:5319";
  otelcolHTTPListenAddress = "192.168.100.5:4318";
  otelcolGRPCListenAddress = "192.168.100.5:4317";
  domain = "alloy.tigor.web.id";
in
{
  imports = [
    # Grafana Alloy is still in unstable options.
    "${inputs.nixpkgs-unstable}/nixos/modules/services/monitoring/alloy.nix"
  ];

  config = lib.mkIf cfg.enable {
    services.alloy = {
      enable = true;
      extraFlags = [ ''--server.http.listen-addr=${webguiListenAddress}'' ];
      package = unstable.grafana-alloy;
    };
    services.caddy.virtualHosts.${domain}.extraConfig = ''
      @require_auth not remote_ip private_ranges

      basic_auth @require_auth {
        {$AUTH_USERNAME} {$AUTH_PASSWORD}
      }

      reverse_proxy ${webguiListenAddress}
    '';

    services.caddy.virtualHosts."otelhttp.tigor.web.id".extraConfig = ''
      @require_auth not remote_ip private_ranges

      basic_auth @require_auth {
        {$AUTH_USERNAME} {$AUTH_PASSWORD}
      }

      reverse_proxy ${otelcolHTTPListenAddress}
    '';

    services.caddy.virtualHosts."otelgrpc.tigor.web.id".extraConfig = ''
      @require_auth not remote_ip private_ranges

      basic_auth @require_auth {
        {$AUTH_USERNAME} {$AUTH_PASSWORD}
      }

      reverse_proxy ${otelcolGRPCListenAddress} {
        transport http {
            tls
            tls_insecure_skip_verify
        }
      }
    '';

    systemd.services.alloy.serviceConfig = {
      User = "root";
    };

    environment.etc."alloy/config.alloy".text =
      let
        lokiConfig = config.services.loki.configuration;
        tempoProtocols = config.services.tempo.settings.distributor.receivers.otlp.protocols;
        mimirServer = config.services.mimir.configuration.server;
      in
      # hcl
      ''
        otelcol.receiver.otlp "homeserver" {
            grpc {
                endpoint = "${otelcolGRPCListenAddress}"
            }

            http {
                endpoint = "${otelcolHTTPListenAddress}"
            }

            output {
                metrics = [otelcol.processor.batch.default.input]
                logs    = [otelcol.processor.batch.default.input]
                traces  = [otelcol.processor.batch.default.input]
            }
        }

        otelcol.processor.batch "default" {
            output {
                metrics = [otelcol.exporter.prometheus.mimir.input]
                logs    = [otelcol.exporter.loki.default.input]
                traces  = [otelcol.exporter.otlp.tempo.input]
            }
        }

        otelcol.exporter.loki "default" {
            forward_to = [loki.write.default.receiver]
        }

        otelcol.exporter.prometheus "mimir" {
            forward_to = [prometheus.remote_write.mimir.receiver]
        }

        loki.write "default" {
          endpoint {
            url = "http://${lokiConfig.server.http_listen_address}:${toString lokiConfig.server.http_listen_port}/loki/api/v1/push"
          }
        }

        loki.relabel "journal" {
            forward_to = []
            rule {
                source_labels = ["__journal__systemd_unit"]
                target_label  = "unit"
            }
            rule {
                source_labels = ["__journal__hostname"]
                target_label  = "host"
            }
            rule {
                source_labels = [ "__journal__systemd_user_unit" ]
                target_label = "user_unit"
            }
            rule {
                source_labels = [ "__journal__transport" ]
                target_label = "transport"
            }
            rule {
                source_labels = [ "__journal_priority_keyword" ]
                target_label = "severity"
            }
        }

        loki.source.journal "read" {
            forward_to = [loki.process.general_json_pipeline.receiver]
            relabel_rules = loki.relabel.journal.rules
            labels = {
                job = "systemd-journal",
                component = "loki.source.journal",
            }
        }

        loki.process "general_json_pipeline" {
            forward_to = [loki.write.default.receiver]

            stage.json {
                expressions = {
                    level = "level",
                }
            }

            stage.labels {
                values = {
                    level = "",
                }
            }
        }

        otelcol.exporter.otlp "tempo" {
            client {
                endpoint = "${tempoProtocols.grpc.endpoint}"
                tls {
                      insecure = true
                      insecure_skip_verify = true
                }
            }
        }

        prometheus.exporter.unix "system" {}

        prometheus.scrape "system" {
            targets     = prometheus.exporter.unix.system.targets
            forward_to  = [prometheus.remote_write.mimir.receiver]
        }

        prometheus.scrape "caddy" {
            targets = [{
                __address__ = "localhost:2019",
            }]

            job_name = "caddy"

            forward_to  = [prometheus.remote_write.mimir.receiver]
        }

        prometheus.remote_write "mimir" {
            endpoint {
                url = "http://${mimirServer.http_listen_address}:${toString mimirServer.http_listen_port}/api/v1/push"
            }
        }
      '';
  };
}
format: format codebase using nixfmt-rfc-style 2024-10-21 12:31:30 +07:00			`{`
			`config,`
			`lib,`
			`inputs,`
			`unstable,`
			`...`
			`}:`
telemetry: deployed alloy 2024-09-06 21:13:31 +07:00			`let`
			`cfg = config.profile.services.telemetry.alloy;`
			`webguiListenAddress = "0.0.0.0:5319";`
grafana: alloy and tempo now uses proper configurations 2024-10-29 21:45:05 +07:00			`otelcolHTTPListenAddress = "192.168.100.5:4318";`
			`otelcolGRPCListenAddress = "192.168.100.5:4317";`
telemetry: deployed alloy 2024-09-06 21:13:31 +07:00			`domain = "alloy.tigor.web.id";`
			`in`
			`{`
			`imports = [`
			`# Grafana Alloy is still in unstable options.`
			`"${inputs.nixpkgs-unstable}/nixos/modules/services/monitoring/alloy.nix"`
			`];`

			`config = lib.mkIf cfg.enable {`
			`services.alloy = {`
			`enable = true;`
format: format codebase using nixfmt-rfc-style 2024-10-21 12:31:30 +07:00			`extraFlags = [ ''--server.http.listen-addr=${webguiListenAddress}'' ];`
telemetry: deployed alloy 2024-09-06 21:13:31 +07:00			`package = unstable.grafana-alloy;`
			`};`
			`services.caddy.virtualHosts.${domain}.extraConfig = ''`
			`@require_auth not remote_ip private_ranges`

services: update caddy configs 2024-10-28 21:38:34 +07:00			`basic_auth @require_auth {`
			`{$AUTH_USERNAME} {$AUTH_PASSWORD}`
telemetry: deployed alloy 2024-09-06 21:13:31 +07:00			`}`
format: format codebase using nixfmt-rfc-style 2024-10-21 12:31:30 +07:00
telemetry: deployed alloy 2024-09-06 21:13:31 +07:00			`reverse_proxy ${webguiListenAddress}`
			`'';`

grafana: alloy and tempo now uses proper configurations 2024-10-29 21:45:05 +07:00			`services.caddy.virtualHosts."otelhttp.tigor.web.id".extraConfig = ''`
			`@require_auth not remote_ip private_ranges`

			`basic_auth @require_auth {`
			`{$AUTH_USERNAME} {$AUTH_PASSWORD}`
			`}`

			`reverse_proxy ${otelcolHTTPListenAddress}`
			`'';`

			`services.caddy.virtualHosts."otelgrpc.tigor.web.id".extraConfig = ''`
			`@require_auth not remote_ip private_ranges`

			`basic_auth @require_auth {`
			`{$AUTH_USERNAME} {$AUTH_PASSWORD}`
			`}`

alloy: add tls_insecure_skip_verify to otelgrpc.tigor.web.id 2024-10-29 21:56:27 +07:00			`reverse_proxy ${otelcolGRPCListenAddress} {`
			`transport http {`
			`tls`
			`tls_insecure_skip_verify`
			`}`
			`}`
grafana: alloy and tempo now uses proper configurations 2024-10-29 21:45:05 +07:00			`'';`

caddy: added metrics for caddy access log 2024-09-16 10:32:43 +07:00			`systemd.services.alloy.serviceConfig = {`
			`User = "root";`
			`};`

telemetry: deployed alloy 2024-09-06 21:13:31 +07:00			`environment.etc."alloy/config.alloy".text =`
			`let`
			`lokiConfig = config.services.loki.configuration;`
grafana: alloy and tempo now uses proper configurations 2024-10-29 21:45:05 +07:00			`tempoProtocols = config.services.tempo.settings.distributor.receivers.otlp.protocols;`
grafana: registered Mimir datasource 2024-09-07 10:41:59 +07:00			`mimirServer = config.services.mimir.configuration.server;`
telemetry: deployed alloy 2024-09-06 21:13:31 +07:00			`in`
format: format codebase using nixfmt-rfc-style 2024-10-21 12:31:30 +07:00			`# hcl`
			`''`
telemetry: deployed alloy 2024-09-06 21:13:31 +07:00			`otelcol.receiver.otlp "homeserver" {`
			`grpc {`
grafana: alloy and tempo now uses proper configurations 2024-10-29 21:45:05 +07:00			`endpoint = "${otelcolGRPCListenAddress}"`
telemetry: deployed alloy 2024-09-06 21:13:31 +07:00			`}`

			`http {`
grafana: alloy and tempo now uses proper configurations 2024-10-29 21:45:05 +07:00			`endpoint = "${otelcolHTTPListenAddress}"`
telemetry: deployed alloy 2024-09-06 21:13:31 +07:00			`}`

			`output {`
grafana: registered Mimir datasource 2024-09-07 10:41:59 +07:00			`metrics = [otelcol.processor.batch.default.input]`
telemetry: deployed alloy 2024-09-06 21:13:31 +07:00			`logs = [otelcol.processor.batch.default.input]`
alloy: integrated with tempo 2024-09-07 08:59:44 +07:00			`traces = [otelcol.processor.batch.default.input]`
telemetry: deployed alloy 2024-09-06 21:13:31 +07:00			`}`
			`}`

			`otelcol.processor.batch "default" {`
			`output {`
grafana: registered Mimir datasource 2024-09-07 10:41:59 +07:00			`metrics = [otelcol.exporter.prometheus.mimir.input]`
telemetry: deployed alloy 2024-09-06 21:13:31 +07:00			`logs = [otelcol.exporter.loki.default.input]`
alloy: integrated with tempo 2024-09-07 08:59:44 +07:00			`traces = [otelcol.exporter.otlp.tempo.input]`
telemetry: deployed alloy 2024-09-06 21:13:31 +07:00			`}`
			`}`

			`otelcol.exporter.loki "default" {`
			`forward_to = [loki.write.default.receiver]`
			`}`

grafana: registered Mimir datasource 2024-09-07 10:41:59 +07:00			`otelcol.exporter.prometheus "mimir" {`
			`forward_to = [prometheus.remote_write.mimir.receiver]`
			`}`

telemetry: deployed alloy 2024-09-06 21:13:31 +07:00			`loki.write "default" {`
			`endpoint {`
telemetry: removed promtail in favor of Alloy 2024-09-09 17:53:38 +07:00			`url = "http://${lokiConfig.server.http_listen_address}:${toString lokiConfig.server.http_listen_port}/loki/api/v1/push"`
telemetry: deployed alloy 2024-09-06 21:13:31 +07:00			`}`
			`}`
alloy: integrated with tempo 2024-09-07 08:59:44 +07:00
telemetry: removed promtail in favor of Alloy 2024-09-09 17:53:38 +07:00			`loki.relabel "journal" {`
			`forward_to = []`
			`rule {`
			`source_labels = ["__journal__systemd_unit"]`
			`target_label = "unit"`
			`}`
			`rule {`
			`source_labels = ["__journal__hostname"]`
			`target_label = "host"`
			`}`
			`rule {`
			`source_labels = [ "__journal__systemd_user_unit" ]`
			`target_label = "user_unit"`
			`}`
			`rule {`
			`source_labels = [ "__journal__transport" ]`
			`target_label = "transport"`
			`}`
			`rule {`
			`source_labels = [ "__journal_priority_keyword" ]`
			`target_label = "severity"`
			`}`
			`}`

			`loki.source.journal "read" {`
alloy: added json pipeline 2024-09-17 13:13:30 +07:00			`forward_to = [loki.process.general_json_pipeline.receiver]`
telemetry: removed promtail in favor of Alloy 2024-09-09 17:53:38 +07:00			`relabel_rules = loki.relabel.journal.rules`
			`labels = {`
			`job = "systemd-journal",`
			`component = "loki.source.journal",`
			`}`
			`}`

alloy: added json pipeline 2024-09-17 13:13:30 +07:00			`loki.process "general_json_pipeline" {`
			`forward_to = [loki.write.default.receiver]`

			`stage.json {`
			`expressions = {`
			`level = "level",`
			`}`
			`}`

			`stage.labels {`
			`values = {`
			`level = "",`
			`}`
			`}`
			`}`

alloy: integrated with tempo 2024-09-07 08:59:44 +07:00			`otelcol.exporter.otlp "tempo" {`
			`client {`
grafana: alloy and tempo now uses proper configurations 2024-10-29 21:45:05 +07:00			`endpoint = "${tempoProtocols.grpc.endpoint}"`
			`tls {`
			`insecure = true`
			`insecure_skip_verify = true`
			`}`
alloy: integrated with tempo 2024-09-07 08:59:44 +07:00			`}`
			`}`
grafana: registered Mimir datasource 2024-09-07 10:41:59 +07:00
telemetry: removed promtail in favor of Alloy 2024-09-09 17:53:38 +07:00			`prometheus.exporter.unix "system" {}`

			`prometheus.scrape "system" {`
			`targets = prometheus.exporter.unix.system.targets`
			`forward_to = [prometheus.remote_write.mimir.receiver]`
			`}`

caddy: exposed metrics 2024-09-10 12:09:50 +07:00			`prometheus.scrape "caddy" {`
			`targets = [{`
			`__address__ = "localhost:2019",`
			`}]`

			`job_name = "caddy"`

			`forward_to = [prometheus.remote_write.mimir.receiver]`
			`}`

grafana: registered Mimir datasource 2024-09-07 10:41:59 +07:00			`prometheus.remote_write "mimir" {`
			`endpoint {`
telemetry: removed promtail in favor of Alloy 2024-09-09 17:53:38 +07:00			`url = "http://${mimirServer.http_listen_address}:${toString mimirServer.http_listen_port}/api/v1/push"`
grafana: registered Mimir datasource 2024-09-07 10:41:59 +07:00			`}`
			`}`
telemetry: deployed alloy 2024-09-06 21:13:31 +07:00			`'';`
			`};`
			`}`