monitoring: move alloy to nix module

2025-03-14 19:36:54 +01:00 · 2025-03-14 19:36:54 +01:00 · fa61e32fca
commit fa61e32fca
parent 9590463580
6 changed files with 103 additions and 54 deletions
--- a/systems/default.nix
+++ b/systems/default.nix
@ -21,6 +21,7 @@ let

        ../modules/base_system.nix
        ../modules/user_account.nix
+        ../modules/alloy.nix
        systemModule

        (
--- a/systems/monitoring.noc.eh22.intern/loki.nix
+++ b/systems/monitoring.noc.eh22.intern/loki.nix
@ -62,7 +62,7 @@
      virtualHosts."loki.noc.eh22.intern" = {
        locations."/loki/api/v1/push" = {
          proxyPass = "http://loki";
-          #basicAuthFile = config.sops.secrets."services/loki/basic_auth".path;
+          basicAuthFile = config.sops.secrets."services/loki/nginx".path;
        };
      };
    };
--- a/systems/monitoring.noc.eh22.intern/mimir.nix
+++ b/systems/monitoring.noc.eh22.intern/mimir.nix
@ -40,6 +40,7 @@
    virtualHosts."mimir.noc.eh22.intern" = {
      locations."/api/v1/push" = {
        proxyPass = "http://mimir";
+        basicAuthFile = config.sops.secrets."services/mimir/nginx".path;
      };
    };
  };
--- a/systems/monitoring.noc.eh22.intern/system.nix
+++ b/systems/monitoring.noc.eh22.intern/system.nix
@ -12,8 +12,17 @@
      group = "grafana";
      restartUnits = [ "grafana.service" ];
    };
-    secrets."services/loki/basic_auth" = {
-      mode = "0777";
+    secrets."services/loki/nginx" = {
+      mode = "0440";
+      owner = "nginx";
+      group = "nginx";
+      restartUnits = [ "nginx.service" ];
+    };
+    secrets."services/mimir/nginx" = {
+      mode = "0440";
+      owner = "nginx";
+      group = "nginx";
+      restartUnits = [ "nginx.service" ];
    };
  };

@ -26,60 +35,13 @@
        matchConfig.MACAddress = "BC:24:11:FC:C2:26";
        address = [ "10.20.25.4/24" ];
        gateway = [ "10.20.25.2" ];
+        dns = [ "10.20.25.5" ];
      };
    };
  };

  networking.firewall.allowedTCPPorts = [ 80 ];

-  services.alloy = {
-    enable = true;
-    configPath = "/etc/alloy/config.alloy";
-  };
-
-  environment.etc."alloy/config.alloy" = {
-    text = ''
-      prometheus.remote_write "default" {
-        endpoint {
-          url = "http://127.0.0.1:9009/api/v1/push"
-        }
-      }
-      loki.write "default" {
-        endpoint {
-          url = "http://127.0.0.1:3100/loki/api/v1/push" 
-        }
-      }
-
-      loki.relabel "journal" {
-        forward_to = []
-
-        rule {
-          source_labels = ["__journal__systemd_unit"]
-          target_label  = "unit"
-        }
-      }
-
-      loki.source.journal "read_journal"  {
-        forward_to    = [loki.write.default.receiver]
-        relabel_rules = loki.relabel.journal.rules
-        labels        = {component = "loki.source.journal", host = "${config.networking.hostName}"}
-      }
-
-      logging {
-        level = "info"
-        format = "logfmt"
-      }
-
-      prometheus.exporter.unix "local_system" { }
-
-      prometheus.scrape "scrape_metrics" {
-        targets         = prometheus.exporter.unix.local_system.targets
-        forward_to      = [prometheus.remote_write.default.receiver]
-        scrape_interval = "10s"
-      }
-    '';
-  };
-
  imports = [
    ./grafana.nix
    ./mimir.nix