mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-10 14:50:40 +02:00
Code Activity

refactor: move modules to common folder since separation was unsound

Browse source
This commit is contained in:
oddlama 2023-12-17 17:31:52 +01:00
parent 32ce7fe25d
commit 558f67ee7d
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
16 changed files with 15 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

150
modules/promtail.nix Normal file
View file

@ -0,0 +1,150 @@
{
config,
lib,
nodes,
...
}: let
inherit
(lib)
mdDoc
mkEnableOption
mkIf
mkOption
types
;
cfg = config.meta.promtail;
in {
options.meta.promtail = {
enable = mkEnableOption (mdDoc "promtail to push logs to a loki instance.");
proxy = mkOption {
type = types.str;
description = mdDoc "The node name of the proxy server which provides the https loki api endpoint.";
};
};
config = mkIf cfg.enable {
age.secrets.promtail-loki-basic-auth-password = {
generator.script = "alnum";
mode = "440";
group = "promtail";
};
nodes.${cfg.proxy}.age.secrets.loki-basic-auth-hashes.generator.dependencies = [
config.age.secrets.promtail-loki-basic-auth-password
];
services.promtail = {
enable = true;
configuration = {
server = {
http_listen_port = 9080;
grpc_listen_port = 0;
log_level = "warn";
};
clients = [
{
basic_auth.username = "${config.node.name}+promtail-loki-basic-auth-password";
basic_auth.password_file = config.age.secrets.promtail-loki-basic-auth-password.path;
url = "https://${nodes.${cfg.proxy}.config.networking.providedDomains.loki}/loki/api/v1/push";
}
];
scrape_configs = [
{
job_name = "journal";
journal = {
json = true;
max_age = "24h";
labels.job = "systemd-journal";
};
pipeline_stages = [
{
json.expressions = {
transport = "_TRANSPORT";
unit = "_SYSTEMD_UNIT";
msg = "MESSAGE";
coredump_cgroup = "COREDUMP_CGROUP";
coredump_exe = "COREDUMP_EXE";
coredump_cmdline = "COREDUMP_CMDLINE";
coredump_uid = "COREDUMP_UID";
coredump_gid = "COREDUMP_GID";
};
}
{
# Set the unit (defaulting to the transport like audit and kernel)
template = {
source = "unit";
template = "{{if .unit}}{{.unit}}{{else}}{{.transport}}{{end}}";
};
}
{
regex = {
expression = "(?P<coredump_unit>[^/]+)$";
source = "coredump_cgroup";
};
}
{
template = {
source = "msg";
template = "{{if .coredump_exe}}{{.coredump_exe}} core dumped (user: {{.coredump_uid}}/{{.coredump_gid}}, command: {{.coredump_cmdline}}){{else}}{{.msg}}{{end}}";
};
}
{
labels.coredump_unit = "coredump_unit";
}
{
# Normalize session IDs (session-1234.scope -> session.scope) to limit number of label values
replace = {
source = "unit";
expression = "^(session-\\d+.scope)$";
replace = "session.scope";
};
}
{
labels.unit = "unit";
}
{
# Write the proper message instead of JSON
output.source = "msg";
}
];
relabel_configs = [
{
source_labels = ["__journal__hostname"];
target_label = "host";
}
{
source_labels = ["__journal_priority"];
target_label = "priority";
}
{
source_labels = ["__journal_priority_keyword"];
target_label = "level";
}
#{
# source_labels = ["__journal__systemd_unit"];
# target_label = "unit";
#}
{
source_labels = ["__journal__systemd_user_unit"];
target_label = "user_unit";
}
{
source_labels = ["__journal__boot_id"];
target_label = "boot_id";
}
{
source_labels = ["__journal__comm"];
target_label = "command";
}
];
}
];
};
};
systemd.services.promtail.serviceConfig.RestartSec = "600"; # Retry every 10 minutes
};
}