etorres/nixos
0
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases Wiki Activity

roles/logserver: split loki and prometheus into service modules

Browse Source
This commit is contained in:
Eric Torres
2025-10-29 19:49:45 -07:00
parent 53cf7a8f23
commit 35485fb36d
4 changed files with 161 additions and 108 deletions
Download Patch File Download Diff File Expand all files Collapse all files

110
roles/logserver.nix
View File

@@ -20,113 +20,7 @@ in
};
config = mkIf cfg.enable {
sops.secrets."prometheus/password" = {
sopsFile = ../secrets/${config.networking.hostName}.yml;
owner = "prometheus";
};
services.loki = {
enable = true;
package = pkgsUnstable.grafana-loki;
configuration = {
auth_enabled = false;
server = {
http_listen_port = 3100;
grpc_listen_port = 9096;
log_level = "error";
grpc_server_max_concurrent_streams = 1000;
};
common = {
instance_addr = "127.0.0.1";
path_prefix = "/var/lib/loki";
storage = {
filesystem = {
chunks_directory = "/var/lib/loki/chunks";
rules_directory = "/var/lib/loki/rules";
};
};
replication_factor = 1;
ring = {
kvstore = {
store = "inmemory";
};
};
};
query_range = {
results_cache = {
cache = {
embedded_cache = {
enabled = true;
max_size_mb = 100;
};
};
};
};
limits_config = {
metric_aggregation_enabled = true;
volume_enabled = true;
};
schema_config = {
configs = [
{
from = "2020-10-24";
store = "tsdb";
object_store = "filesystem";
schema = "v13";
index = {
prefix = "index_";
period = "24h";
};
}
];
};
pattern_ingester = {
enabled = true;
metric_aggregation = {
loki_address = "localhost:3100";
};
};
ruler = {
alertmanager_url = "http://localhost:9093";
};
frontend = {
encoding = "protobuf";
};
analytics = {
reporting_enabled = false;
};
};
};
services.prometheus = {
enable = true;
enableReload = true;
package = pkgsUnstable.prometheus;
checkConfig = "syntax-only";
extraFlags = [ "--web.enable-remote-write-receiver" ];
retentionTime = "7d";
#remoteWrite = [
# {
# name = "primary";
# url = "http://log-01.tail755c5.ts.net:9090/api/v1/write";
# basic_auth = {
# username = "alloy";
# password_file = ''${config.sops.secrets."prometheus/password".path}'';
# };
# }
#];
};
prometheus.enable = true;
loki.enable = true;
};
}

108
services/loki.nix Normal file
View File

@@ -0,0 +1,108 @@
# Module: services/loki
# Enables the Loki logserver
{
config,
lib,
pkgs,
pkgsUnstable,
inputs,
...
}:
with lib;
let
cfg = config.loki;
httpPort = 3100;
grpcPort = 9096;
in
{
options.loki = {
enable = mkEnableOption "Enables loki module";
};
config = mkIf cfg.enable {
services.loki = {
enable = true;
package = pkgsUnstable.grafana-loki;
configuration = {
auth_enabled = false;
server = {
http_listen_port = httpPort;
grpc_listen_port = grpcPort;
log_level = "error";
grpc_server_max_concurrent_streams = 1000;
};
common = {
instance_addr = "127.0.0.1";
path_prefix = "/var/lib/loki";
storage = {
filesystem = {
chunks_directory = "/var/lib/loki/chunks";
rules_directory = "/var/lib/loki/rules";
};
};
replication_factor = 1;
ring = {
kvstore = {
store = "inmemory";
};
};
};
query_range = {
results_cache = {
cache = {
embedded_cache = {
enabled = true;
max_size_mb = 100;
};
};
};
};
limits_config = {
metric_aggregation_enabled = true;
volume_enabled = true;
};
schema_config = {
configs = [
{
from = "2020-10-24";
store = "tsdb";
object_store = "filesystem";
schema = "v13";
index = {
prefix = "index_";
period = "24h";
};
}
];
};
pattern_ingester = {
enabled = true;
metric_aggregation = {
loki_address = "localhost:3100";
};
};
ruler = {
alertmanager_url = "http://localhost:9093";
};
frontend = {
encoding = "protobuf";
};
analytics = {
reporting_enabled = false;
};
};
};
};
}

47
services/prometheus.nix Normal file
View File

@@ -0,0 +1,47 @@
# Module: services/prometheus
# Enables the Prometheus metrics server
{
config,
lib,
pkgs,
pkgsUnstable,
inputs,
...
}:
with lib;
let
cfg = config.prometheus;
httpPort = 3100;
grpcPort = 9096;
in
{
options.prometheus = {
enable = mkEnableOption "Enables prometheus module";
};
config = mkIf cfg.enable {
services.prometheus = {
enable = true;
enableReload = true;
package = pkgsUnstable.prometheus;
# We want to be able to check for validity in spite of available credentials
checkConfig = "syntax-only";
extraFlags = [ "--web.enable-remote-write-receiver" ];
retentionTime = "7d";
#remoteWrite = [
# {
# name = "primary";
# url = "http://log-01.tail755c5.ts.net:9090/api/v1/write";
# basic_auth = {
# username = "alloy";
# password_file = ''${config.sops.secrets."prometheus/password".path}'';
# };
# }
#];
};
};
}

4
services/services.nix
View File

@@ -15,7 +15,9 @@
./crowdsec-traefik-bouncer.nix
./docker.nix
./healthchecks.nix
./loki.nix
./ntfy.nix
./prometheus.nix
./radicale.nix
./searxng.nix
./traefik.nix
@@ -27,7 +29,9 @@
crowdsec-traefik-bouncer.enable = lib.mkDefault false;
docker.enable = lib.mkDefault false;
healthchecks.enable = lib.mkDefault false;
loki.enable = lib.mkDefault false;
ntfy.enable = lib.mkDefault false;
prometheus.enable = lib.mkDefault false;
radicale.enable = lib.mkDefault false;
searxng.enable = lib.mkDefault false;
traefik.enable = lib.mkDefault false;