Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add loki and promtail to web host

Browse Source
This commit is contained in:
Dominik Polakovics Polakovics
2023-08-19 02:10:37 +02:00
parent 9f48ac2f3c
commit 6d42a0ecac
6 changed files with 446 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

98
utils/modules/promtail/default.nix Normal file
View File

@@ -0,0 +1,98 @@
{ config, ... }: {
sops.secrets.promtail-password = {
owner = "promtail";
sopsFile = ./secrets.yaml;
};
services.promtail = {
enable = true;
configuration = {
server.http_listen_port = 9080;
server.grpc_listen_port = 0;
clients = [
{
basic_auth.username = "promtail@cloonar.com";
basic_auth.password_file = config.sops.secrets.promtail-password.path;
url = "https://loki.cloonar.com/loki/api/v1/push";
}
];
scrape_configs = [
{
job_name = "journal";
journal = {
json = true;
max_age = "12h";
labels.job = "systemd-journal";
};
pipeline_stages = [
{
json.expressions = {
transport = "_TRANSPORT";
unit = "_SYSTEMD_UNIT";
msg = "MESSAGE";
coredump_cgroup = "COREDUMP_CGROUP";
coredump_exe = "COREDUMP_EXE";
coredump_cmdline = "COREDUMP_CMDLINE";
coredump_uid = "COREDUMP_UID";
coredump_gid = "COREDUMP_GID";
};
}
{
# Set the unit (defaulting to the transport like audit and kernel)
template = {
source = "unit";
template = "{{if .unit}}{{.unit}}{{else}}{{.transport}}{{end}}";
};
}
{
regex = {
expression = "(?P<coredump_unit>[^/]+)$";
source = "coredump_cgroup";
};
}
{
template = {
source = "msg";
# FIXME would be cleaner to have this in a match block, but could not get it to work
template = "{{if .coredump_exe}}{{.coredump_exe}} core dumped (user: {{.coredump_uid}}/{{.coredump_gid}}, command: {{.coredump_cmdline}}){{else}}{{.msg}}{{end}}";
};
}
{
labels.coredump_unit = "coredump_unit";
}
{
# Normalize session IDs (session-1234.scope -> session.scope) to limit number of label values
replace = {
source = "unit";
expression = "^(session-\\d+.scope)$";
replace = "session.scope";
};
}
{
labels.unit = "unit";
}
{
# Write the proper message instead of JSON
output.source = "msg";
}
# silence nscd:
# Oct 24 18:20:19 nardole nscd[1812]: 1812 ignored inotify event for `/etc/netgroup` (file exists)
{ drop.expression = "ignored inotify event for"; }
# messages from rpi3
{ drop.expression = "hwmon hwmon1: Undervoltage detected!"; }
{ drop.expression = "hwmon hwmon1: Voltage normalised"; }
# ignore random portscans on the internet
{ drop.expression = "refused connection: IN="; }
];
relabel_configs = [
{
source_labels = [ "__journal__hostname" ];
target_label = "host";
}
];
}
];
};
};
}

84
utils/modules/promtail/secrets.yaml Normal file
View File

@@ -0,0 +1,84 @@
promtail-password: ENC[AES256_GCM,data:+KjooDZPlJ7UiSPusdzeTP+6DMfmdSM+T5ID8FOWA3u1/PKqPpgrpnKUzdwKJT0KcmaAVQI723Qjsk0q6UTYYfhkLosyAXnAz3/31EylCaJy4M0CG222xnJDjQ4VA4D/Fp/t+zWWShnf1vUL5wXnWw3rfZ5PEZ34U1M9DtP340Y=,iv:OawqwactX5qncggFvZCWna17SEN+pbF2HRSxnXqa9Xo=,tag:wT2BR5zruIOMKgtmWfRBFg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzdXQ0cmJTUUplaFBYMENJ
eWM3RklTKzNiVVJiU2c0VHNPdWpNZ1VNV2pVClZxTGN1RG5hT1JqZ2ovajBiVFlB
c28xWnNjRG56MUJnaVJxNndheUppTFEKLS0tIHhVQUVacnl1bHdhTGZkQlVJQVlo
TEV0MEdnTG9Tek5rOXdEODUwWmdoMW8K2VRvIBDY3o2SD/ToKk0Zvo3uLVF41Vs0
AqJND7wbavF9ZFu6XrVfcrxucrvqLsLCmcFzO2fCauSWgd6lcjlivg==
-----END AGE ENCRYPTED FILE-----
- recipient: age106n5n3rrrss45eqqzz8pq90la3kqdtnw63uw0sfa2mahk5xpe30sxs5x58
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6d0pDN1J4VzN4WXhMbzRF
ODdDWDlkYWdZRHJkR0JXazlKTG11KzNrTW5JClJ5ZmUyNEFkRFNVaTBEdmNzWlha
SXpvdWVmcDB5RWlDWWtWejJ4M0pGYVEKLS0tIEdrNVlZZmxyd3Y2aHVLV2lMeFp3
NmRjaWRZQTF3MUpHRWJTZ2J6ajhSYWMKlAnM5DgaFC75JmLa18WXO7DJsfLzXbAq
jr+FCIFTEUbCAfNeEcqz9hI5MOD7kVGuCJ5ZpgVjwaTRhfgloJI+IA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1y6lvl5jkwc47p5ae9yz9j9kuwhy7rtttua5xhygrgmr7ehd49svsszyt42
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2b1NSNzVOdkt6ZXgzb084
Z2tXaEpIcXp0dDhjcURQcVQ3dnZwQkpwd1ZrCjJZTkVkOEdwaFpheG9OV2t2SWwz
ZFhVN042RDVuN29kL1ZFTGtzL2dPeUUKLS0tIDVwUFEyZ0RHUlM4UW9WVkdzbVBz
TnB4YXV2anlpaXpjblQzUHlINHljRlkKhAUhR2YSDd28L3MjtuUTSrHIRcHIzgHx
jhb+Ynji43X5CUNeQQJNGPuDRa3sRC+4SWHfVS16GbJTcxmFsSmS4g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ezq2j34qngky22enhnslx6hzh4ekwk8dtmn6c9us0uqxqpn7hgpsspjz58
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHV1hlbTUyYW9vSnBqVVE1
VlVmM1JiRTl3NmFBTFJIU2tEUUhmQnkrbm5rCm85R1M3ODhObmtlVThkTDh0ZHdp
cjBwek85MnIxOGdqTTJRUGRKRm1TUncKLS0tIFl6bm1CRTg5ak8xc3NOd0xkdnNE
dElTc1IzbjVtNmFOU3hRR1hyTkk1V2cKYQvD9SzJhZEc51YiOqc5cSHa8XREVU2y
KbItb9QohlTEohmOoGZoP3LQNm4ZbvQ6jyBHLccHpckV84jxv0ljJg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1jyeppc8yl2twnv8fwcewutd5gjewnxl59lmhev6ygds9qel8zf8syt7zz4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoaDV4WUsvdjZPQi9tL3FR
N24zSXUxMVJpWkpGRi80VGNSNkR2U1Myc2tZCjNIOVdoOFFjNEFnMUFYZEp4enJI
R1o1K2F2L1I0TlJ2amkrbG14RjRRQ2cKLS0tIDZkZ2lhVlZ0L3NkMXdNZmJDdUR6
TkZNNzZMMm9OendQY2txbGczam94T2sKBpHDDHP/NRT4yOAD0JDA3TIFUXQWvdXt
kYIpOGfq3hwxcGUGMPTz6K/MlzpZGwiXvmVqhTLOj9X2jt+DcWfphw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1azmxsw5llmp2nnsv3yc2l8paelmq9rfepxd8jvmswgsmax0qyyxqdnsc7t
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMdEYzTnR1SWpPZjVYZXR2
amgzMDZBeXRMdnBwS3A2VitvYlN5cUIyaEdFCk9yVStMVklXVGVPdWs3b3Vjb1Vz
bnhmYW0wZU1vOEVtU3NBdFVrSmNjeTgKLS0tIFpIZjJBbHEwaVN6Y1A4NEJPSHNw
Z1NxSU9OYzVFbGtwTVJEaGpQOC80TVEKPwNbehHyR9kua8a3xj2bo8CysrPPvj+b
0G5HEw5Ol3BKIqg+eNbuNQY4/mC3VZMDbFFQ/GHbWYFXeAwJre5/Fw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1zkzpnfeakyvg3fqtyay32sushjx2hqe28y6hs6ss7plemzqjqa5s6s5yu3
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxRk50cnFXVUpRY3JxTjQ5
WjFBZlQ0M01RN2I4TUtkeFJVYVlLVFhIYURFCjdWdlkzNXBXUkRPbDY4alh5TC9p
VnFKNWZydjlOQWhjTjlYeW9PeWtwY1UKLS0tIEk3eVZzQ2tYTE4rOGhxcWYxQVZy
UFJoYklHQ3E3cXJHQU1MN2ZwM2R5RTAK3+F3OcR7beKeF91YCQLwLz5QLZ78xVQd
sEKPbGyRiMXrT9wMZz8WjE253P/iaCmaf6wABK2PW64wI36/kR+62Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age14uarclad0ty5supc8ep09793xrnwkv8a4h9j0fq8d8lc92n2dadqkf64vw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0U3hzNDNtZ2ZDMnptM2pY
NVhmVjVqTzN1aGxaSUdHQWliMUxsYnNKamtjCkg4a01pd0RDeEhQZytLNzdKb1dE
ck4wV2p2VFc3YjJHRFIwbnF0Wms0R0UKLS0tIGZOY3BMekZSVWlxUmIzbENNejc1
WDc1QkkwRnJhMTNkVjFpaGJNaHJHVzQKtlXo8afV++E5uwGSPY7RCj8TY0XbQqRv
+DygK0wq4hj0IZsR49W42ORSWxAxkFiLMDAr8o0X0MZx226y90NdVw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-08-19T00:05:00Z"
mac: ENC[AES256_GCM,data:BO3WZzW4MzXpOLKTi6vzVq5lFMATANvIH8Kl9HJPH4bRTRf+z/IX3GmmowjOQis8aGnbfbMja6K0hBWMSY0mY7WzMN9W2ARHTgbXre9/5l6PfFrW4q36sLwXOJU/mzLVz4errHSt6A3Te5AOqThlULuJO/F4pPX2i0Sgs2F1tVA=,iv:zOTWgbuUzuIhYbJFKocwEdR9DxZ3enjc2aIchkovfuA=,tag:x+2jEytk5XrSAGWvbB6bKw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3