From 07af7d2cc2371b6c427b490ef577042914ee5ed5 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sat, 16 Nov 2024 21:55:50 -0500 Subject: [PATCH] add loki base --- modules/base.nix | 2 +- systems/palatine-hill/firewall.nix | 7 + systems/palatine-hill/loki.nix | 242 +++++++++++++++++++++++++++++ systems/palatine-hill/secrets.yaml | 6 +- systems/palatine-hill/vars.nix | 1 + 5 files changed, 255 insertions(+), 3 deletions(-) create mode 100644 systems/palatine-hill/loki.nix diff --git a/modules/base.nix b/modules/base.nix index 14c783f..c24efdb 100644 --- a/modules/base.nix +++ b/modules/base.nix @@ -15,7 +15,7 @@ programs = { zsh.enable = true; - fish.enable = true; + fish.enable = false; }; users = { diff --git a/systems/palatine-hill/firewall.nix b/systems/palatine-hill/firewall.nix index 73937fc..6ebb38b 100644 --- a/systems/palatine-hill/firewall.nix +++ b/systems/palatine-hill/firewall.nix @@ -2,10 +2,17 @@ { networking.firewall.allowedTCPPorts = [ + # qbit 8081 8082 8443 + + # hydra 3000 + + # minio + 8500 + 8501 ]; } diff --git a/systems/palatine-hill/loki.nix b/systems/palatine-hill/loki.nix new file mode 100644 index 0000000..246019f --- /dev/null +++ b/systems/palatine-hill/loki.nix @@ -0,0 +1,242 @@ +{ + config, + lib, + pkgs, + ... +}: + +let + vars = import ./vars.nix; + loki_storage = vars.primary_loki; +in +{ + # loki: port 3030 (8030) + # + services = { + loki = { + enable = true; + configuration = { + server.http_listen_port = 3030; + # auth_enabled = false; + + ingester = { + lifecycler = { + address = "127.0.0.1"; + ring = { + kvstore = { + store = "inmemory"; + }; + replication_factor = 1; + }; + }; + chunk_idle_period = "1h"; + max_chunk_age = "1h"; + chunk_target_size = 999999; + chunk_retain_period = "30s"; + max_transfer_retries = 0; + }; + + schema_config = { + configs = [ + { + from = "2023-07-01"; + store = "tsdb"; + object_store = "aws"; + schema = "v13"; + index = { + prefix = "index_"; + period = "24h"; + }; + } + ]; + }; + + storage_config = { + tsdb_shipper = { + active_index_directory = "${loki_storage}/boltdb-shipper-active"; + cache_location = "${loki_storage}/boltdb-shipper-cache"; + cache_ttl = "24h"; + shared_store = "filesystem"; + }; + + aws = { + directory = "${loki_storage}/chunks"; + s3 = "s3://access_key:\${LOKI_S3_KEY}@custom_endpoint/bucket_name"; + }; + }; + + limits_config = { + reject_old_samples = true; + reject_old_samples_max_age = "168h"; + }; + + chunk_store_config = { + max_look_back_period = "0s"; + }; + + table_manager = { + retention_deletes_enabled = false; + retention_period = "0s"; + }; + + compactor = { + working_directory = loki_storage; + shared_store = "filesystem"; + compactor_ring = { + kvstore = { + store = "inmemory"; + }; + }; + }; + }; + # user, group, dataDir, extraFlags, (configFile) + }; + + # promtail: port 3031 (8031) + # + promtail = { + enable = true; + configuration = { + server = { + http_listen_port = 3031; + grpc_listen_port = 0; + }; + positions = { + filename = "/tmp/positions.yaml"; + }; + clients = [ + { + url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}/loki/api/v1/push"; + } + ]; + scrape_configs = [ + { + job_name = "journal"; + journal = { + max_age = "12h"; + labels = { + job = "systemd-journal"; + host = "pihole"; + }; + }; + relabel_configs = [ + { + source_labels = [ "__journal__systemd_unit" ]; + target_label = "unit"; + } + ]; + } + ]; + }; + # extraFlags + }; + + # grafana: port 3010 (8010) + # + grafana = { + port = 3010; + # WARNING: this should match nginx setup! + # prevents "Request origin is not authorized" + rootUrl = "http://192.168.1.10:8010"; # helps with nginx / ws / live + + protocol = "http"; + addr = "127.0.0.1"; + analytics.reporting.enable = false; + enable = true; + + provision = { + enable = true; + datasources = [ + { + name = "Prometheus"; + type = "prometheus"; + access = "proxy"; + url = "http://127.0.0.1:${toString config.services.prometheus.port}"; + } + { + name = "Loki"; + type = "loki"; + access = "proxy"; + url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}"; + } + ]; + }; + }; + }; + + /* + # nginx reverse proxy + services.nginx = { + enable = true; + recommendedProxySettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + # recommendedTlsSettings = true; + + upstreams = { + "grafana" = { + servers = { + "127.0.0.1:${toString config.services.grafana.port}" = {}; + }; + }; + "prometheus" = { + servers = { + "127.0.0.1:${toString config.services.prometheus.port}" = {}; + }; + }; + "loki" = { + servers = { + "127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}" = {}; + }; + }; + "promtail" = { + servers = { + "127.0.0.1:${toString config.services.promtail.configuration.server.http_listen_port}" = {}; + }; + }; + }; + + virtualHosts.grafana = { + locations."/" = { + proxyPass = "http://grafana"; + proxyWebsockets = true; + }; + listen = [{ + addr = "192.168.1.10"; + port = 8010; + }]; + }; + + virtualHosts.prometheus = { + locations."/".proxyPass = "http://prometheus"; + listen = [{ + addr = "192.168.1.10"; + port = 8020; + }]; + }; + + # confirm with http://192.168.1.10:8030/loki/api/v1/status/buildinfo + # (or) /config /metrics /ready + virtualHosts.loki = { + locations."/".proxyPass = "http://loki"; + listen = [{ + addr = "192.168.1.10"; + port = 8030; + }]; + }; + + virtualHosts.promtail = { + locations."/".proxyPass = "http://promtail"; + listen = [{ + addr = "192.168.1.10"; + port = 8031; + }]; + }; + }; + */ + + systemd.services.loki.serviceConfig.environmentFile = config.sops.secrets."minio/loki".path; + sops.secrets = { + "minio/loki".owner = "root"; + }; +} diff --git a/systems/palatine-hill/secrets.yaml b/systems/palatine-hill/secrets.yaml index 879127b..038064a 100644 --- a/systems/palatine-hill/secrets.yaml +++ b/systems/palatine-hill/secrets.yaml @@ -18,6 +18,8 @@ docker: foundry: ENC[AES256_GCM,data:K2dviECCTJTzDzMsnmJRmccA7AE7G9vy1yLvjYLFg4eLTsTLo0zatbtmqls5JIeDMTLdTBcELz+YpWYq1y9pY/nuzFfx1X77w3JwklAe7lYZ8vaTKS/ohvt3M/u3qC9Z1P2t/Uc=,iv:UdPMh+GVR1CkUSTb266DUC0E2bLmBn/cQK9V0962X8g=,tag:XC/a2B88QFeuAPuLriFN4A==,type:str] nextcloud: ENC[AES256_GCM,data:Zg9TjF7H3gb73P1sYVuFTMzwuvPxQcS3l3Oy6uwI0k7yg643Pg8NKU/Vq+3znzwbZFUbUnmyZp20oS9JZeSoYDLle4FbEPvbZwE7T0xMQYXhGIFHUExKACBZvTIj+mI5ltcVgeMOS0nIt7OLr1tlQaT6/BdmVbBhU9ln2E7CRemjE1cqZE7GGCiMtRJ9eY1BM/z2PnfQGNn+gOlVs37yCz4Kt7CO3ZG1MweB/OxHqVPPxwhwoMneKWTYVou+eV6oeMyQA/PujLtW5fYdqq0rIGTl5Dt+PsbiqWjVIeL2I9mAFYpaXCJHVCLmKLRiD5RFjvnluvxl12fQg6SAnjGGsLC7f4e1Rn3fADWA/Wxn6xr51ZTtfTmIUFNhiXmrqp2D/uzZD3lrfriqVPajzsQipV8BVcvSWtzWrJEJkHUxXpiGspO3i6YPO5O0odu1zbM9EFx1NkxrT+OmPxfCSXQ/2C4h9KkABu/BDxMNQRzuks47h8VHlxGG3yt8PYBfygiedkUo4mx/tT704omTZALivtZ62X6Ey9Z/r3MtuoxeFpGDilG+U99hBIMoF47ICWZJhK+GoRpW4rrT2lkxAK1tV8bmKdAJAUsOT72qGLA3liVy,iv:3mOZtR1VH43DY5muW/jaTfoV93I+cl4ZbWFEZSe9gZM=,tag:nMZfN1718/fufrRHcHp3nA==,type:str] redis: ENC[AES256_GCM,data:/3gCgqE5Jiplaw3SlbeA5dmOkCD5frZ9dhRYwhFGAbQ=,iv:8setdgbXwOfOOkEwqG70GjTYUty5clRmzdpPYfUcA9c=,tag:guSVDvr2ou9dLnVAfxfN7w==,type:str] +minio: + loki: ENC[AES256_GCM,data:zxzN8Yo1gzH3qBqbEOgbEsSXun9EsA==,iv:gu4BRGwBD3KmzMeFpwaEwpx7aBuMFB1ZBhEYx9wZuc0=,tag:BGaD1SoEkwbFY3RJdaVZzw==,type:str] server-validation: webhook: ENC[AES256_GCM,data:d8drMmXcbWCGwOanYr6jUCz5+d1bgTrPKMl4yxFi49oapqFUFSQo2pA3bP9DA2n0b63ZJp1IDyJGBRGjFUsSC8EkKQsYMIm962o++D4h7/l9GZU2TBcn5VgvSldETgwloMg92i3zEApNCeZTtwFwJuJTwmUsZmg528Kj7SBcDw4H18dW8MMfgzBTkZUh,iv:F/UtYjWNoG1la1xaNevRXP/4lNT2TgYfmukbncHILDA=,tag:fJpdG5di6j8Wm54KLHZEsg==,type:str] sops: @@ -35,8 +37,8 @@ sops: d241ZnZ2MWg3YVNBbkh2S0NqeE5PdFEKWqnQH4kZszkKZTSgur0c5hGMoMx9zBdz tSvUbe2+WKX7q6y7XqsD1KjFI+POVDF+YN7H9ja96+JqvKRteXNhCg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-02T22:44:22Z" - mac: ENC[AES256_GCM,data:8SO1wP5wWDTqut+GWtYv2rMjcLhOZmzeUViXxOHuKiqUr0mrNIonsRpZi/qVNmWkJ3svjrt6N1cyoGXcLzg+mcj7AA7jsARUhrG8awXjISW0n0LUz4TTIXvecVHmw6iKdMNt+5IvhQd3u+UM1WJxf8ELfy5D+z1NWjJ6YOcIEDw=,iv:xn4MGMS4k+BA50FuzCpmUfC3e790X1uLdbtSHUfO7r8=,tag:r0C/HNl3NGt6i89nRRAFoQ==,type:str] + lastmodified: "2024-11-06T02:50:49Z" + mac: ENC[AES256_GCM,data:+M+Xcdfh4zekUJlM2lcE5dr/Uj8scMxgOpoR1QVNUTe069vXJzipPHJgohFIkDXiemBG9oloDDJj2uwHf9z141Xe+6a2cPns5ebt2dflptRpmleh0XDPVg83eKqRjLZUAMUsdPd+54wKl66N9/8a6WvfN1JEhcUDMGJ7dYTFRWk=,iv:G8Z/mX7PAKGKdE8q9s7ASgS4xdfaxi9kyeANwdUTT5E=,tag:XWpzd/11SG6RBElXfrYyrg==,type:str] pgp: - created_at: "2024-09-05T06:10:49Z" enc: |- diff --git a/systems/palatine-hill/vars.nix b/systems/palatine-hill/vars.nix index 5c6732c..d8613a7 100644 --- a/systems/palatine-hill/vars.nix +++ b/systems/palatine-hill/vars.nix @@ -15,4 +15,5 @@ rec { primary_nextcloud = "${zfs_primary}/nextcloud"; primary_redis = "${zfs_primary}/redis"; primary_torr = "${zfs_primary}/torr"; + primary_loki = "${zfs_primary}/loki"; }