feat(services/self_host): adding the loki services w/ alloy
This commit is contained in:
Raphael
parent
cdd4bdf113
commit
eb9ccdf0d5
1 changed files with 310 additions and 222 deletions
|
|
@ -1,21 +1,24 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
cfg = config.service.selfhost.monitor;
|
||||
dashboardsDir = ../../assets/grafana_dashboards;
|
||||
oidc-secret = config.age.secrets.grafana-oidc-secret.path;
|
||||
encryption-key = config.age.secrets.grafana-secret-key.path;
|
||||
monitored = [
|
||||
"nginx"
|
||||
"grafana"
|
||||
];
|
||||
in
|
||||
{
|
||||
{
|
||||
config = lib.mkIf cfg {
|
||||
services.grafana = {
|
||||
services = {
|
||||
grafana = {
|
||||
enable = true;
|
||||
package = pkgs.grafana;
|
||||
dataDir = "/var/lib/grafana";
|
||||
|
|
@ -61,7 +64,7 @@ in
|
|||
name = "Enium";
|
||||
allow_sign_up = true;
|
||||
client_id = "grafana";
|
||||
client_secret = "$__file{${config.age.secrets.grafana-oidc-secret.path}}";
|
||||
client_secret = "$__file{${oidc-secret}}";
|
||||
scopes = "openid profile email groups";
|
||||
auth_url = "https://auth.enium.eu/ui/oauth2";
|
||||
token_url = "https://auth.enium.eu/oauth2/token";
|
||||
|
|
@ -84,33 +87,14 @@ in
|
|||
disable_signout_menu = false;
|
||||
};
|
||||
security = {
|
||||
secret_key = "$__file{${encryption-key}}";
|
||||
cookie_secure = true;
|
||||
cookie_samesite = "none";
|
||||
allow_embedding = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
environment.etc."process-exporter.json".text = builtins.toJSON {
|
||||
procMatchers = lib.map (svc: {
|
||||
name = svc;
|
||||
cmdline = [
|
||||
"${svc}:"
|
||||
];
|
||||
}) monitored;
|
||||
};
|
||||
|
||||
systemd.services.process_exporter = {
|
||||
description = "Prometheus Process Exporter";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.prometheus-process-exporter}/bin/process-exporter --config.path /etc/process-exporter.json";
|
||||
Restart = "always";
|
||||
};
|
||||
};
|
||||
|
||||
services.prometheus = {
|
||||
prometheus = {
|
||||
enable = true;
|
||||
checkConfig = false;
|
||||
exporters = {
|
||||
|
|
@ -205,10 +189,119 @@ in
|
|||
];
|
||||
ruleFiles = lib.mkForce [ "/etc/prometheus/services.rules" ];
|
||||
};
|
||||
loki = {
|
||||
enable = true;
|
||||
configuration = {
|
||||
auth_enabled = false;
|
||||
server = {
|
||||
http_listen_port = 3100;
|
||||
grpc_listen_port = 9095;
|
||||
};
|
||||
common = {
|
||||
path_prefix = "/var/lib/loki";
|
||||
storage = {
|
||||
filesystem = {
|
||||
chunks_directory = "/var/lib/loki/chunks";
|
||||
rules_directory = "/var/lib/loki/rules";
|
||||
};
|
||||
};
|
||||
replication_factor = 1;
|
||||
ring = {
|
||||
instance_addr = "127.0.0.1";
|
||||
kvstore.store = "inmemory";
|
||||
};
|
||||
};
|
||||
schema_config = {
|
||||
configs = [{
|
||||
from = "2024-01-01";
|
||||
store = "tsdb";
|
||||
object_store = "filesystem";
|
||||
schema = "v13";
|
||||
index = {
|
||||
prefix = "index_";
|
||||
period = "24h";
|
||||
};
|
||||
}];
|
||||
};
|
||||
};
|
||||
};
|
||||
alloy = {
|
||||
enable = true;
|
||||
configPath = pkgs.writeText "config.alloy" ''
|
||||
loki.source.journal "systemd" {
|
||||
forward_to = [loki.relabel.journal.receiver]
|
||||
relabel_rules = loki.relabel.journal.rules
|
||||
labels = {
|
||||
job = "systemd-journal",
|
||||
}
|
||||
}
|
||||
|
||||
environment.etc."grafana/dashboards".source = dashboardsDir;
|
||||
loki.relabel "journal" {
|
||||
forward_to = [loki.write.local.receiver]
|
||||
|
||||
environment.etc."prometheus/services.rules".text = ''
|
||||
rule {
|
||||
source_labels = ["__journal__systemd_unit"]
|
||||
target_label = "unit"
|
||||
}
|
||||
|
||||
rule {
|
||||
source_labels = ["__journal_priority_keyword"]
|
||||
target_label = "level"
|
||||
}
|
||||
|
||||
rule {
|
||||
source_labels = ["__journal__hostname"]
|
||||
target_label = "hostname"
|
||||
}
|
||||
|
||||
rule {
|
||||
source_labels = ["__journal_syslog_identifier"]
|
||||
target_label = "syslog_identifier"
|
||||
}
|
||||
}
|
||||
|
||||
loki.write "local" {
|
||||
endpoint {
|
||||
url = "http://localhost:3100/loki/api/v1/push"
|
||||
}
|
||||
}
|
||||
'';
|
||||
};
|
||||
nginx.virtualHosts."monitor.enium.eu" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:3000";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
systemd.services = {
|
||||
alloy.serviceConfig.SupplementaryGroups = [ "systemd-journal" ];
|
||||
process_exporter = {
|
||||
description = "Prometheus Process Exporter";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.prometheus-process-exporter}/bin/process-exporter --config.path /etc/process-exporter.json";
|
||||
Restart = "always";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
environment.etc = {
|
||||
"process-exporter.json".text = builtins.toJSON {
|
||||
procMatchers = lib.map (svc: {
|
||||
name = svc;
|
||||
cmdline = [
|
||||
"${svc}:"
|
||||
];
|
||||
}) monitored;
|
||||
};
|
||||
"grafana/dashboards".source = dashboardsDir;
|
||||
"prometheus/services.rules".text = ''
|
||||
groups:
|
||||
- name: services
|
||||
rules:
|
||||
|
|
@ -248,14 +341,9 @@ in
|
|||
summary: "Processus grafana rétabli"
|
||||
description: "Le processus grafana tourne de nouveau."
|
||||
'';
|
||||
};
|
||||
|
||||
|
||||
|
||||
services.nginx.virtualHosts."monitor.enium.eu" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:3000";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue