108 lines
3.1 KiB
Nix
108 lines
3.1 KiB
Nix
{ config, lib, ... }:
|
|
let
|
|
cfg = config.profile.services.telemetry.loki;
|
|
inherit (lib) mkIf;
|
|
lokiDomain = "loki.tigor.web.id";
|
|
in
|
|
{
|
|
config = mkIf cfg.enable {
|
|
|
|
sops =
|
|
let
|
|
usernameKey = "loki/caddy/basic_auth/username";
|
|
passwordKey = "loki/caddy/basic_auth/password";
|
|
in
|
|
{
|
|
secrets =
|
|
let
|
|
opts = { sopsFile = ../../../secrets/telemetry.yaml; owner = "grafana"; };
|
|
in
|
|
{
|
|
${usernameKey} = opts;
|
|
${passwordKey} = opts;
|
|
};
|
|
templates = {
|
|
"loki/caddy/basic_auth".content = /*sh*/ ''
|
|
LOKI_USERNAME=${config.sops.placeholder.${usernameKey}}
|
|
LOKI_PASSWORD=${config.sops.placeholder.${passwordKey}}
|
|
'';
|
|
};
|
|
};
|
|
|
|
systemd.services."caddy".serviceConfig = {
|
|
EnvironmentFile = [ config.sops.templates."loki/caddy/basic_auth".path ];
|
|
};
|
|
services.caddy.virtualHosts.${lokiDomain}.extraConfig = /*caddy*/ ''
|
|
basicauth {
|
|
{$LOKI_USERNAME} {$LOKI_PASSWORD}
|
|
}
|
|
reverse_proxy ${config.services.loki.configuration.server.http_listen_address}:${toString config.services.loki.configuration.server.http_listen_port}
|
|
'';
|
|
|
|
services.loki =
|
|
let
|
|
dataDir = config.services.loki.dataDir;
|
|
in
|
|
{
|
|
enable = true;
|
|
configuration = {
|
|
# https://grafana.com/docs/loki/latest/configure/examples/configuration-examples/
|
|
auth_enabled = false;
|
|
server = {
|
|
http_listen_address = "0.0.0.0";
|
|
http_listen_port = 3100;
|
|
grpc_listen_port = 9095;
|
|
};
|
|
|
|
common = {
|
|
path_prefix = dataDir;
|
|
replication_factor = 1;
|
|
ring = {
|
|
instance_addr = "127.0.0.1";
|
|
kvstore.store = "inmemory";
|
|
};
|
|
};
|
|
|
|
schema_config = {
|
|
configs = [
|
|
{
|
|
from = "2024-08-29";
|
|
store = "tsdb";
|
|
object_store = "filesystem";
|
|
schema = "v13";
|
|
index = {
|
|
prefix = "index_";
|
|
period = "24h";
|
|
};
|
|
}
|
|
];
|
|
};
|
|
|
|
storage_config = {
|
|
filesystem = {
|
|
directory = "${dataDir}/chunks";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
# https://grafana.com/docs/grafana/latest/datasources/loki/
|
|
services.grafana.provision.datasources.settings.datasources = [
|
|
{
|
|
name = "Loki";
|
|
type = "loki";
|
|
access = "proxy";
|
|
url = "http://${config.services.loki.configuration.server.http_listen_address}:${toString config.services.loki.configuration.server.http_listen_port}";
|
|
basicAuth = true;
|
|
basicAuthUser = "$__file{${config.sops.secrets."loki/caddy/basic_auth/username".path}}";
|
|
jsonData = {
|
|
timeout = 60;
|
|
maxLines = 1000;
|
|
};
|
|
secureJsonData = {
|
|
basicAuthPassword = "$__file{${config.sops.secrets."loki/caddy/basic_auth/password".path}}";
|
|
};
|
|
}
|
|
];
|
|
};
|
|
}
|