feat(services/self_host): adding the loki services w/ alloy

services/self_host/monitor.nix

@@ -8,6 +8,8 @@
 let
   cfg = config.service.selfhost.monitor;
   dashboardsDir = ../../assets/grafana_dashboards;
+  oidc-secret = config.age.secrets.grafana-oidc-secret.path;
+  encryption-key = config.age.secrets.grafana-secret-key.path;
   monitored = [
     "nginx"
     "grafana"
@@ -15,7 +17,8 @@ let
 in
   {
   config = lib.mkIf cfg {
-    services.grafana = {
+    services = {
+      grafana = {
         enable = true;
         package = pkgs.grafana;
         dataDir = "/var/lib/grafana";
@@ -61,7 +64,7 @@ in
             name = "Enium";
             allow_sign_up = true;
             client_id = "grafana";
-          client_secret = "$__file{${config.age.secrets.grafana-oidc-secret.path}}";
+            client_secret = "$__file{${oidc-secret}}";
             scopes = "openid profile email groups";
             auth_url = "https://auth.enium.eu/ui/oauth2";
             token_url = "https://auth.enium.eu/oauth2/token";
@@ -84,33 +87,14 @@ in
             disable_signout_menu = false;
           };
           security = {
+            secret_key = "$__file{${encryption-key}}";
             cookie_secure = true;
             cookie_samesite = "none";
             allow_embedding = true;
           };
         };
       };
-
-    environment.etc."process-exporter.json".text = builtins.toJSON {
-      procMatchers = lib.map (svc: {
-        name = svc;
-        cmdline = [
-          "${svc}:"
-        ];
-      }) monitored;
-    };
-
-    systemd.services.process_exporter = {
-      description = "Prometheus Process Exporter";
-      after = [ "network.target" ];
-      wantedBy = [ "multi-user.target" ];
-      serviceConfig = {
-        ExecStart = "${pkgs.prometheus-process-exporter}/bin/process-exporter --config.path /etc/process-exporter.json";
-        Restart = "always";
-      };
-    };
-
-    services.prometheus = {
+      prometheus = {
         enable = true;
         checkConfig = false;
         exporters = {
@@ -205,10 +189,119 @@ in
         ];
         ruleFiles = lib.mkForce [ "/etc/prometheus/services.rules" ];
       };
+      loki = {
+        enable = true;
+        configuration = {
+          auth_enabled = false;
+          server = {
+            http_listen_port = 3100;
+            grpc_listen_port = 9095;
+          };
+          common = {
+            path_prefix = "/var/lib/loki";
+            storage = {
+              filesystem = {
+                chunks_directory = "/var/lib/loki/chunks";
+                rules_directory = "/var/lib/loki/rules";
+              };
+            };
+            replication_factor = 1;
+            ring = {
+              instance_addr = "127.0.0.1";
+              kvstore.store = "inmemory";
+            };
+          };
+          schema_config = {
+            configs = [{
+              from = "2024-01-01";
+              store = "tsdb";
+              object_store = "filesystem";
+              schema = "v13";
+              index = {
+                prefix = "index_";
+                period = "24h";
+              };
+            }];
+          };
+        };
+      };
+      alloy = {
+        enable = true;
+        configPath = pkgs.writeText "config.alloy" ''
+          loki.source.journal "systemd" {
+            forward_to = [loki.relabel.journal.receiver]
+            relabel_rules = loki.relabel.journal.rules
+            labels = {
+              job = "systemd-journal",
+            }
+          }
 
-    environment.etc."grafana/dashboards".source = dashboardsDir;
+          loki.relabel "journal" {
+            forward_to = [loki.write.local.receiver]
 
-    environment.etc."prometheus/services.rules".text = ''
+            rule {
+              source_labels = ["__journal__systemd_unit"]
+              target_label  = "unit"
+            }
+
+            rule {
+              source_labels = ["__journal_priority_keyword"]
+              target_label  = "level"
+            }
+
+            rule {
+              source_labels = ["__journal__hostname"]
+              target_label  = "hostname"
+            }
+
+            rule {
+              source_labels = ["__journal_syslog_identifier"]
+              target_label  = "syslog_identifier"
+            }
+          }
+
+          loki.write "local" {
+            endpoint {
+              url = "http://localhost:3100/loki/api/v1/push"
+            }
+          }
+        '';
+      };
+      nginx.virtualHosts."monitor.enium.eu" = {
+        enableACME = true;
+        forceSSL = true;
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:3000";
+          proxyWebsockets = true;
+        };
+      };
+    };
+
+
+    systemd.services = {
+      alloy.serviceConfig.SupplementaryGroups = [ "systemd-journal" ];
+      process_exporter = {
+        description = "Prometheus Process Exporter";
+        after = [ "network.target" ];
+        wantedBy = [ "multi-user.target" ];
+        serviceConfig = {
+          ExecStart = "${pkgs.prometheus-process-exporter}/bin/process-exporter --config.path /etc/process-exporter.json";
+          Restart = "always";
+        };
+      };
+    };
+
+    environment.etc = {
+      "process-exporter.json".text = builtins.toJSON {
+        procMatchers = lib.map (svc: {
+          name = svc;
+          cmdline = [
+            "${svc}:"
+          ];
+        }) monitored;
+      };
+      "grafana/dashboards".source = dashboardsDir;
+      "prometheus/services.rules".text = ''
         groups:
         - name: services
           rules:
@@ -248,14 +341,9 @@ in
               summary: "Processus grafana rétabli"
               description: "Le processus grafana tourne de nouveau."
       '';
+    };
+
+
 
-    services.nginx.virtualHosts."monitor.enium.eu" = {
-      enableACME = true;
-      forceSSL = true;
-      locations."/" = {
-        proxyPass = "http://127.0.0.1:3000";
-        proxyWebsockets = true;
-      };
-    };
   };
 }