telemetry: deployed alloy

options/services.nix

@@ -51,6 +51,10 @@ in
         type = types.bool;
         default = config.profile.services.telemetry.enable;
       };
+      alloy.enable = mkOption {
+        type = types.bool;
+        default = config.profile.services.telemetry.enable;
+      };
     };
   };
 }

system/podman/soulseek.nix

@@ -46,10 +46,6 @@ in
       };
     };
 
-    # systemd.services."caddy".serviceConfig = {
-    #   EnvironmentFile = [ config.sops.templates.${basic_auth.template}.path ];
-    # };
-
     system.activationScripts."podman-${name}" = ''
       mkdir -p ${rootVolume}/{config,downloads,incomplete}
       chown ${uid}:${gid} ${rootVolume} ${rootVolume}/{config,downloads,incomplete}

system/services/telemetry/alloy.nix

@@ -0,0 +1,95 @@
+{ config, lib, inputs, unstable, ... }:
+let
+  cfg = config.profile.services.telemetry.alloy;
+  webguiListenAddress = "0.0.0.0:5319";
+  domain = "alloy.tigor.web.id";
+in
+{
+  imports = [
+    # Grafana Alloy is still in unstable options.
+    "${inputs.nixpkgs-unstable}/nixos/modules/services/monitoring/alloy.nix"
+  ];
+
+  config = lib.mkIf cfg.enable {
+    services.alloy = {
+      enable = true;
+      extraFlags = [
+        ''--server.http.listen-addr=${webguiListenAddress}''
+      ];
+      package = unstable.grafana-alloy;
+    };
+
+
+    sops = {
+      secrets =
+        let
+          opts = { };
+        in
+        {
+          "caddy/basic_auth/username" = opts;
+          "caddy/basic_auth/password" = opts;
+        };
+      templates = {
+        "alloy-basic-auth".content = /*sh*/ ''
+          ALLOY_USERNAME=${config.sops.placeholder."caddy/basic_auth/username"}
+          ALLOY_PASSWORD=${config.sops.placeholder."caddy/basic_auth/password"}
+        '';
+      };
+    };
+
+    services.caddy.virtualHosts.${domain}.extraConfig = ''
+      @require_auth not remote_ip private_ranges
+
+      basicauth @require_auth {
+        {$ALLOY_USERNAME} {$ALLOY_PASSWORD}
+      }
+    
+      reverse_proxy ${webguiListenAddress}
+    '';
+
+    systemd.services.caddy.serviceConfig.EnvironmentFile = [
+      config.sops.templates."alloy-basic-auth".path
+    ];
+
+
+    environment.etc."alloy/config.alloy".text =
+      let
+        lokiConfig = config.services.loki.configuration;
+      in
+        /*hcl*/ ''
+        otelcol.receiver.otlp "homeserver" {
+            grpc {
+                endpoint = "0.0.0.0:5317"
+            }
+
+            http {
+                endpoint = "0.0.0.0:5318"
+            }
+
+            output {
+                // metrics = [otelcol.processor.batch.default.input]
+                logs    = [otelcol.processor.batch.default.input]
+                // traces  = [otelcol.processor.batch.default.input]
+            }
+        }
+
+        otelcol.processor.batch "default" {
+            output {
+                // metrics = [otelcol.exporter.loki.default.input]
+                logs    = [otelcol.exporter.loki.default.input]
+                // traces  = [otelcol.exporter.otlp.default.input]
+            }
+        }
+
+        otelcol.exporter.loki "default" {
+            forward_to = [loki.write.default.receiver]
+        }
+
+        loki.write "default" {
+          endpoint {
+            url = "http://${lokiConfig.server.http_listen_address}:${toString lokiConfig.server.http_listen_port}"
+          }
+        }
+      '';
+  };
+}

system/services/telemetry/default.nix

@@ -4,5 +4,6 @@
     ./grafana.nix
     ./loki.nix
     ./tempo.nix
+    ./alloy.nix
   ];
 }