ahuston-0/nix-dotfiles
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

add loki base

Browse Source
This commit is contained in:
ahuston-0 2024-11-16 21:55:50 -05:00
parent 9d8164f28d
commit 07af7d2cc2
No known key found for this signature in database
GPG Key ID: 47940175096C1330
5 changed files with 255 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
modules/base.nix
View File

@ -15,7 +15,7 @@
programs = { programs = {
zsh.enable = true; zsh.enable = true;
fish.enable = true; fish.enable = false;
}; };
users = { users = {

7
systems/palatine-hill/firewall.nix
View File

@ -2,10 +2,17 @@
{ {
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
# qbit
8081 8081
8082 8082
8443 8443
# hydra
3000 3000
# minio
8500
8501
]; ];
} }

242
systems/palatine-hill/loki.nix Normal file
View File

@ -0,0 +1,242 @@
{
config,
lib,
pkgs,
...
}:
let
vars = import ./vars.nix;
loki_storage = vars.primary_loki;
in
{
# loki: port 3030 (8030)
#
services = {
loki = {
enable = true;
configuration = {
server.http_listen_port = 3030;
# auth_enabled = false;
ingester = {
lifecycler = {
address = "127.0.0.1";
ring = {
kvstore = {
store = "inmemory";
};
replication_factor = 1;
};
};
chunk_idle_period = "1h";
max_chunk_age = "1h";
chunk_target_size = 999999;
chunk_retain_period = "30s";
max_transfer_retries = 0;
};
schema_config = {
configs = [
{
from = "2023-07-01";
store = "tsdb";
object_store = "aws";
schema = "v13";
index = {
prefix = "index_";
period = "24h";
};
}
];
};
storage_config = {
tsdb_shipper = {
active_index_directory = "${loki_storage}/boltdb-shipper-active";
cache_location = "${loki_storage}/boltdb-shipper-cache";
cache_ttl = "24h";
shared_store = "filesystem";
};
aws = {
directory = "${loki_storage}/chunks";
s3 = "s3://access_key:\${LOKI_S3_KEY}@custom_endpoint/bucket_name";
};
};
limits_config = {
reject_old_samples = true;
reject_old_samples_max_age = "168h";
};
chunk_store_config = {
max_look_back_period = "0s";
};
table_manager = {
retention_deletes_enabled = false;
retention_period = "0s";
};
compactor = {
working_directory = loki_storage;
shared_store = "filesystem";
compactor_ring = {
kvstore = {
store = "inmemory";
};
};
};
};
# user, group, dataDir, extraFlags, (configFile)
};
# promtail: port 3031 (8031)
#
promtail = {
enable = true;
configuration = {
server = {
http_listen_port = 3031;
grpc_listen_port = 0;
};
positions = {
filename = "/tmp/positions.yaml";
};
clients = [
{
url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}/loki/api/v1/push";
}
];
scrape_configs = [
{
job_name = "journal";
journal = {
max_age = "12h";
labels = {
job = "systemd-journal";
host = "pihole";
};
};
relabel_configs = [
{
source_labels = [ "__journal__systemd_unit" ];
target_label = "unit";
}
];
}
];
};
# extraFlags
};
# grafana: port 3010 (8010)
#
grafana = {
port = 3010;
# WARNING: this should match nginx setup!
# prevents "Request origin is not authorized"
rootUrl = "http://192.168.1.10:8010"; # helps with nginx / ws / live
protocol = "http";
addr = "127.0.0.1";
analytics.reporting.enable = false;
enable = true;
provision = {
enable = true;
datasources = [
{
name = "Prometheus";
type = "prometheus";
access = "proxy";
url = "http://127.0.0.1:${toString config.services.prometheus.port}";
}
{
name = "Loki";
type = "loki";
access = "proxy";
url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}";
}
];
};
};
};
/*
# nginx reverse proxy
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
# recommendedTlsSettings = true;
upstreams = {
"grafana" = {
servers = {
"127.0.0.1:${toString config.services.grafana.port}" = {};
};
};
"prometheus" = {
servers = {
"127.0.0.1:${toString config.services.prometheus.port}" = {};
};
};
"loki" = {
servers = {
"127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}" = {};
};
};
"promtail" = {
servers = {
"127.0.0.1:${toString config.services.promtail.configuration.server.http_listen_port}" = {};
};
};
};
virtualHosts.grafana = {
locations."/" = {
proxyPass = "http://grafana";
proxyWebsockets = true;
};
listen = [{
addr = "192.168.1.10";
port = 8010;
}];
};
virtualHosts.prometheus = {
locations."/".proxyPass = "http://prometheus";
listen = [{
addr = "192.168.1.10";
port = 8020;
}];
};
# confirm with http://192.168.1.10:8030/loki/api/v1/status/buildinfo
# (or) /config /metrics /ready
virtualHosts.loki = {
locations."/".proxyPass = "http://loki";
listen = [{
addr = "192.168.1.10";
port = 8030;
}];
};
virtualHosts.promtail = {
locations."/".proxyPass = "http://promtail";
listen = [{
addr = "192.168.1.10";
port = 8031;
}];
};
};
*/
systemd.services.loki.serviceConfig.environmentFile = config.sops.secrets."minio/loki".path;
sops.secrets = {
"minio/loki".owner = "root";
};
}

6
systems/palatine-hill/secrets.yaml
View File

@ -18,6 +18,8 @@ docker:
foundry: ENC[AES256_GCM,data:K2dviECCTJTzDzMsnmJRmccA7AE7G9vy1yLvjYLFg4eLTsTLo0zatbtmqls5JIeDMTLdTBcELz+YpWYq1y9pY/nuzFfx1X77w3JwklAe7lYZ8vaTKS/ohvt3M/u3qC9Z1P2t/Uc=,iv:UdPMh+GVR1CkUSTb266DUC0E2bLmBn/cQK9V0962X8g=,tag:XC/a2B88QFeuAPuLriFN4A==,type:str] foundry: ENC[AES256_GCM,data:K2dviECCTJTzDzMsnmJRmccA7AE7G9vy1yLvjYLFg4eLTsTLo0zatbtmqls5JIeDMTLdTBcELz+YpWYq1y9pY/nuzFfx1X77w3JwklAe7lYZ8vaTKS/ohvt3M/u3qC9Z1P2t/Uc=,iv:UdPMh+GVR1CkUSTb266DUC0E2bLmBn/cQK9V0962X8g=,tag:XC/a2B88QFeuAPuLriFN4A==,type:str]
nextcloud: ENC[AES256_GCM,data:Zg9TjF7H3gb73P1sYVuFTMzwuvPxQcS3l3Oy6uwI0k7yg643Pg8NKU/Vq+3znzwbZFUbUnmyZp20oS9JZeSoYDLle4FbEPvbZwE7T0xMQYXhGIFHUExKACBZvTIj+mI5ltcVgeMOS0nIt7OLr1tlQaT6/BdmVbBhU9ln2E7CRemjE1cqZE7GGCiMtRJ9eY1BM/z2PnfQGNn+gOlVs37yCz4Kt7CO3ZG1MweB/OxHqVPPxwhwoMneKWTYVou+eV6oeMyQA/PujLtW5fYdqq0rIGTl5Dt+PsbiqWjVIeL2I9mAFYpaXCJHVCLmKLRiD5RFjvnluvxl12fQg6SAnjGGsLC7f4e1Rn3fADWA/Wxn6xr51ZTtfTmIUFNhiXmrqp2D/uzZD3lrfriqVPajzsQipV8BVcvSWtzWrJEJkHUxXpiGspO3i6YPO5O0odu1zbM9EFx1NkxrT+OmPxfCSXQ/2C4h9KkABu/BDxMNQRzuks47h8VHlxGG3yt8PYBfygiedkUo4mx/tT704omTZALivtZ62X6Ey9Z/r3MtuoxeFpGDilG+U99hBIMoF47ICWZJhK+GoRpW4rrT2lkxAK1tV8bmKdAJAUsOT72qGLA3liVy,iv:3mOZtR1VH43DY5muW/jaTfoV93I+cl4ZbWFEZSe9gZM=,tag:nMZfN1718/fufrRHcHp3nA==,type:str] nextcloud: ENC[AES256_GCM,data:Zg9TjF7H3gb73P1sYVuFTMzwuvPxQcS3l3Oy6uwI0k7yg643Pg8NKU/Vq+3znzwbZFUbUnmyZp20oS9JZeSoYDLle4FbEPvbZwE7T0xMQYXhGIFHUExKACBZvTIj+mI5ltcVgeMOS0nIt7OLr1tlQaT6/BdmVbBhU9ln2E7CRemjE1cqZE7GGCiMtRJ9eY1BM/z2PnfQGNn+gOlVs37yCz4Kt7CO3ZG1MweB/OxHqVPPxwhwoMneKWTYVou+eV6oeMyQA/PujLtW5fYdqq0rIGTl5Dt+PsbiqWjVIeL2I9mAFYpaXCJHVCLmKLRiD5RFjvnluvxl12fQg6SAnjGGsLC7f4e1Rn3fADWA/Wxn6xr51ZTtfTmIUFNhiXmrqp2D/uzZD3lrfriqVPajzsQipV8BVcvSWtzWrJEJkHUxXpiGspO3i6YPO5O0odu1zbM9EFx1NkxrT+OmPxfCSXQ/2C4h9KkABu/BDxMNQRzuks47h8VHlxGG3yt8PYBfygiedkUo4mx/tT704omTZALivtZ62X6Ey9Z/r3MtuoxeFpGDilG+U99hBIMoF47ICWZJhK+GoRpW4rrT2lkxAK1tV8bmKdAJAUsOT72qGLA3liVy,iv:3mOZtR1VH43DY5muW/jaTfoV93I+cl4ZbWFEZSe9gZM=,tag:nMZfN1718/fufrRHcHp3nA==,type:str]
redis: ENC[AES256_GCM,data:/3gCgqE5Jiplaw3SlbeA5dmOkCD5frZ9dhRYwhFGAbQ=,iv:8setdgbXwOfOOkEwqG70GjTYUty5clRmzdpPYfUcA9c=,tag:guSVDvr2ou9dLnVAfxfN7w==,type:str] redis: ENC[AES256_GCM,data:/3gCgqE5Jiplaw3SlbeA5dmOkCD5frZ9dhRYwhFGAbQ=,iv:8setdgbXwOfOOkEwqG70GjTYUty5clRmzdpPYfUcA9c=,tag:guSVDvr2ou9dLnVAfxfN7w==,type:str]
minio:
loki: ENC[AES256_GCM,data:zxzN8Yo1gzH3qBqbEOgbEsSXun9EsA==,iv:gu4BRGwBD3KmzMeFpwaEwpx7aBuMFB1ZBhEYx9wZuc0=,tag:BGaD1SoEkwbFY3RJdaVZzw==,type:str]
server-validation: server-validation:
webhook: ENC[AES256_GCM,data:d8drMmXcbWCGwOanYr6jUCz5+d1bgTrPKMl4yxFi49oapqFUFSQo2pA3bP9DA2n0b63ZJp1IDyJGBRGjFUsSC8EkKQsYMIm962o++D4h7/l9GZU2TBcn5VgvSldETgwloMg92i3zEApNCeZTtwFwJuJTwmUsZmg528Kj7SBcDw4H18dW8MMfgzBTkZUh,iv:F/UtYjWNoG1la1xaNevRXP/4lNT2TgYfmukbncHILDA=,tag:fJpdG5di6j8Wm54KLHZEsg==,type:str] webhook: ENC[AES256_GCM,data:d8drMmXcbWCGwOanYr6jUCz5+d1bgTrPKMl4yxFi49oapqFUFSQo2pA3bP9DA2n0b63ZJp1IDyJGBRGjFUsSC8EkKQsYMIm962o++D4h7/l9GZU2TBcn5VgvSldETgwloMg92i3zEApNCeZTtwFwJuJTwmUsZmg528Kj7SBcDw4H18dW8MMfgzBTkZUh,iv:F/UtYjWNoG1la1xaNevRXP/4lNT2TgYfmukbncHILDA=,tag:fJpdG5di6j8Wm54KLHZEsg==,type:str]
sops: sops:
@ -35,8 +37,8 @@ sops:
d241ZnZ2MWg3YVNBbkh2S0NqeE5PdFEKWqnQH4kZszkKZTSgur0c5hGMoMx9zBdz d241ZnZ2MWg3YVNBbkh2S0NqeE5PdFEKWqnQH4kZszkKZTSgur0c5hGMoMx9zBdz
tSvUbe2+WKX7q6y7XqsD1KjFI+POVDF+YN7H9ja96+JqvKRteXNhCg== tSvUbe2+WKX7q6y7XqsD1KjFI+POVDF+YN7H9ja96+JqvKRteXNhCg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-02T22:44:22Z" lastmodified: "2024-11-06T02:50:49Z"
mac: ENC[AES256_GCM,data:8SO1wP5wWDTqut+GWtYv2rMjcLhOZmzeUViXxOHuKiqUr0mrNIonsRpZi/qVNmWkJ3svjrt6N1cyoGXcLzg+mcj7AA7jsARUhrG8awXjISW0n0LUz4TTIXvecVHmw6iKdMNt+5IvhQd3u+UM1WJxf8ELfy5D+z1NWjJ6YOcIEDw=,iv:xn4MGMS4k+BA50FuzCpmUfC3e790X1uLdbtSHUfO7r8=,tag:r0C/HNl3NGt6i89nRRAFoQ==,type:str] mac: ENC[AES256_GCM,data:+M+Xcdfh4zekUJlM2lcE5dr/Uj8scMxgOpoR1QVNUTe069vXJzipPHJgohFIkDXiemBG9oloDDJj2uwHf9z141Xe+6a2cPns5ebt2dflptRpmleh0XDPVg83eKqRjLZUAMUsdPd+54wKl66N9/8a6WvfN1JEhcUDMGJ7dYTFRWk=,iv:G8Z/mX7PAKGKdE8q9s7ASgS4xdfaxi9kyeANwdUTT5E=,tag:XWpzd/11SG6RBElXfrYyrg==,type:str]
pgp: pgp:
- created_at: "2024-09-05T06:10:49Z" - created_at: "2024-09-05T06:10:49Z"
enc: |- enc: |-

1
systems/palatine-hill/vars.nix
View File

@ -15,4 +15,5 @@ rec {
primary_nextcloud = "${zfs_primary}/nextcloud"; primary_nextcloud = "${zfs_primary}/nextcloud";
primary_redis = "${zfs_primary}/redis"; primary_redis = "${zfs_primary}/redis";
primary_torr = "${zfs_primary}/torr"; primary_torr = "${zfs_primary}/torr";
primary_loki = "${zfs_primary}/loki";
} }