NixOS/system/services/telemetry/loki.nix

{ config, lib, ... }:
let
  cfg = config.profile.services.telemetry.loki;
  inherit (lib) mkIf;
  lokiDomain = "loki.tigor.web.id";
in
{
  config = mkIf cfg.enable {

    sops =
      let
        usernameKey = "loki/caddy/basic_auth/username";
        passwordKey = "loki/caddy/basic_auth/password";
      in
      {
        secrets =
          let
            opts = { sopsFile = ../../../secrets/telemetry.yaml; owner = "grafana"; };
          in
          {
            ${usernameKey} = opts;
            ${passwordKey} = opts;
          };
        templates = {
          "loki/caddy/basic_auth".content = /*sh*/ ''
            LOKI_USERNAME=${config.sops.placeholder.${usernameKey}}
            LOKI_PASSWORD=${config.sops.placeholder.${passwordKey}}
          '';
        };
      };

    systemd.services."caddy".serviceConfig = {
      EnvironmentFile = [ config.sops.templates."loki/caddy/basic_auth".path ];
    };
    services.caddy.virtualHosts.${lokiDomain}.extraConfig = /*caddy*/ ''
      basicauth {
        {$LOKI_USERNAME} {$LOKI_PASSWORD}
      }
      reverse_proxy ${config.services.loki.configuration.server.http_listen_address}:${toString config.services.loki.configuration.server.http_listen_port}
    '';

    services.loki =
      let
        dataDir = config.services.loki.dataDir;
      in
      {
        enable = true;
        configuration = {
          # https://grafana.com/docs/loki/latest/configure/examples/configuration-examples/
          auth_enabled = false;
          server = {
            http_listen_address = "0.0.0.0";
            http_listen_port = 3100;
            grpc_listen_port = 9095;
          };

          common = {
            path_prefix = dataDir;
            replication_factor = 1;
            ring = {
              instance_addr = "127.0.0.1";
              kvstore.store = "inmemory";
            };
          };

          schema_config = {
            configs = [
              {
                from = "2024-08-29";
                store = "tsdb";
                object_store = "filesystem";
                schema = "v13";
                index = {
                  prefix = "index_";
                  period = "24h";
                };
              }
            ];
          };

          storage_config = {
            filesystem = {
              directory = "${dataDir}/chunks";
            };
          };
        };
      };
    # https://grafana.com/docs/grafana/latest/datasources/loki/
    services.grafana.provision.datasources.settings.datasources = [
      {
        name = "Loki";
        type = "loki";
        access = "proxy";
        url = "http://${config.services.loki.configuration.server.http_listen_address}:${toString config.services.loki.configuration.server.http_listen_port}";
        basicAuth = true;
        basicAuthUser = "$__file{${config.sops.secrets."loki/caddy/basic_auth/username".path}}";
        jsonData = {
          timeout = 60;
          maxLines = 1000;
        };
        secureJsonData = {
          basicAuthPassword = "$__file{${config.sops.secrets."loki/caddy/basic_auth/password".path}}";
        };
      }
    ];
  };
}
telemetry: added loki 2024-08-29 11:51:08 +07:00			`{ config, lib, ... }:`
			`let`
			`cfg = config.profile.services.telemetry.loki;`
			`inherit (lib) mkIf;`
loki: now exposed to inernet with basic auth 2024-08-29 13:19:48 +07:00			`lokiDomain = "loki.tigor.web.id";`
telemetry: added loki 2024-08-29 11:51:08 +07:00			`in`
			`{`
			`config = mkIf cfg.enable {`
loki: now exposed to inernet with basic auth 2024-08-29 13:19:48 +07:00
			`sops =`
			`let`
			`usernameKey = "loki/caddy/basic_auth/username";`
			`passwordKey = "loki/caddy/basic_auth/password";`
			`in`
			`{`
			`secrets =`
			`let`
			`opts = { sopsFile = ../../../secrets/telemetry.yaml; owner = "grafana"; };`
			`in`
			`{`
			`${usernameKey} = opts;`
			`${passwordKey} = opts;`
			`};`
			`templates = {`
			`"loki/caddy/basic_auth".content = /sh/ ''`
			`LOKI_USERNAME=${config.sops.placeholder.${usernameKey}}`
			`LOKI_PASSWORD=${config.sops.placeholder.${passwordKey}}`
			`'';`
			`};`
			`};`

			`systemd.services."caddy".serviceConfig = {`
loki: environment files now uses array 2024-08-29 14:38:20 +07:00			`EnvironmentFile = [ config.sops.templates."loki/caddy/basic_auth".path ];`
loki: now exposed to inernet with basic auth 2024-08-29 13:19:48 +07:00			`};`
			`services.caddy.virtualHosts.${lokiDomain}.extraConfig = /caddy/ ''`
			`basicauth {`
			`{$LOKI_USERNAME} {$LOKI_PASSWORD}`
			`}`
			`reverse_proxy ${config.services.loki.configuration.server.http_listen_address}:${toString config.services.loki.configuration.server.http_listen_port}`
			`'';`

telemetry: added loki 2024-08-29 11:51:08 +07:00			`services.loki =`
			`let`
			`dataDir = config.services.loki.dataDir;`
			`in`
			`{`
			`enable = true;`
			`configuration = {`
			`# https://grafana.com/docs/loki/latest/configure/examples/configuration-examples/`
loki: now exposed to inernet with basic auth 2024-08-29 13:19:48 +07:00			`auth_enabled = false;`
telemetry: added loki 2024-08-29 11:51:08 +07:00			`server = {`
			`http_listen_address = "0.0.0.0";`
			`http_listen_port = 3100;`
			`grpc_listen_port = 9095;`
			`};`

			`common = {`
			`path_prefix = dataDir;`
			`replication_factor = 1;`
			`ring = {`
			`instance_addr = "127.0.0.1";`
			`kvstore.store = "inmemory";`
			`};`
			`};`

			`schema_config = {`
			`configs = [`
			`{`
			`from = "2024-08-29";`
			`store = "tsdb";`
			`object_store = "filesystem";`
			`schema = "v13";`
			`index = {`
			`prefix = "index_";`
			`period = "24h";`
			`};`
			`}`
			`];`
			`};`

			`storage_config = {`
			`filesystem = {`
			`directory = "${dataDir}/chunks";`
			`};`
			`};`
			`};`
			`};`
			`# https://grafana.com/docs/grafana/latest/datasources/loki/`
			`services.grafana.provision.datasources.settings.datasources = [`
			`{`
			`name = "Loki";`
			`type = "loki";`
			`access = "proxy";`
			`url = "http://${config.services.loki.configuration.server.http_listen_address}:${toString config.services.loki.configuration.server.http_listen_port}";`
loki: now exposed to inernet with basic auth 2024-08-29 13:19:48 +07:00			`basicAuth = true;`
			`basicAuthUser = "$__file{${config.sops.secrets."loki/caddy/basic_auth/username".path}}";`
telemetry: added loki 2024-08-29 11:51:08 +07:00			`jsonData = {`
			`timeout = 60;`
			`maxLines = 1000;`
			`};`
loki: now exposed to inernet with basic auth 2024-08-29 13:19:48 +07:00			`secureJsonData = {`
			`basicAuthPassword = "$__file{${config.sops.secrets."loki/caddy/basic_auth/password".path}}";`
			`};`
telemetry: added loki 2024-08-29 11:51:08 +07:00			`}`
			`];`
			`};`
			`}`