argon: syslog; loki, telegraf, grafana

2024-01-23 22:57:01 +01:00 · 2024-01-23 22:57:01 +01:00 · 0dc2d46449
parent fa220411bc
commit 0dc2d46449
4 changed files with 104 additions and 0 deletions
--- a/system/hosts/argon.nix
+++ b/system/hosts/argon.nix
@ -25,6 +25,10 @@ in

    (import ../nixos/forgejo-runner.nix (args // { name = "argon"; tag = "ubuntu-latest-arm64"; nixTag = "arm64"; }))

+    ../nixos/grafana.nix
+    ../nixos/loki.nix
+    ../nixos/telegraf.nix
+
    ../nixos/tailscale.nix

    ../nixos/unbound.nix
--- a/system/nixos/grafana.nix
+++ b/system/nixos/grafana.nix
@ -0,0 +1,36 @@
+let
+  fqdn = "grafana.internal.kempkens.network";
+in
+{
+  services.grafana = {
+    enable = true;
+
+    settings = {
+      analytics.reporting_enabled = false;
+
+
+      server = {
+        root_url = "https://${fqdn}";
+        domain = fqdn;
+        enforce_domain = true;
+        enable_gzip = true;
+        http_addr = "127.0.0.1";
+        http_port = 3099;
+      };
+    };
+  };
+
+  services.nginx.virtualHosts."${fqdn}" = {
+    quic = true;
+    http3 = true;
+
+    onlySSL = true;
+    useACMEHost = "internal.kempkens.network";
+
+    locations."/" = {
+      recommendedProxySettings = true;
+      proxyPass = "http://127.0.0.1:3099";
+      proxyWebsockets = true;
+    };
+  };
+}
--- a/system/nixos/loki.nix
+++ b/system/nixos/loki.nix
@ -0,0 +1,39 @@
+{
+  services.loki = {
+    enable = true;
+
+    configuration = {
+      auth_enabled = false;
+      analytics.reporting_enabled = false;
+
+      server = {
+        http_listen_port = 3100;
+      };
+
+      common = {
+        ring = {
+          instance_addr = "127.0.0.1";
+          kvstore.store = "inmemory";
+        };
+
+        replication_factor = 1;
+        path_prefix = "/var/lib/loki/common";
+      };
+
+      schema_config = {
+        configs = [
+          {
+            from = "2024-01-23";
+            store = "tsdb";
+            object_store = "filesystem";
+            schema = "v12";
+            index = {
+              prefix = "index_";
+              period = "24h";
+            };
+          }
+        ];
+      };
+    };
+  };
+}
--- a/system/nixos/telegraf.nix
+++ b/system/nixos/telegraf.nix
@ -0,0 +1,25 @@
+{
+  services.telegraf = {
+    enable = true;
+
+    extraConfig = {
+      inputs = {
+        syslog = {
+          server = "udp://:6514";
+          syslog_standard = "RFC3164";
+          best_effort = true;
+        };
+      };
+
+      outputs = {
+        loki = {
+          domain = "http://127.0.0.1:3100";
+          endpoint = "/loki/api/v1/push";
+          timeout = "15s";
+        };
+      };
+    };
+  };
+
+  networking.firewall.interfaces."vlan777".allowedUDPPorts = [ 6514 ];
+}