Configured more machines to push logs to loki

2023-09-10 10:08:17 -07:00 · 2023-09-10 10:08:17 -07:00 · ab218cd1a2
parent 8f813f3865
commit ab218cd1a2
5 changed files with 11 additions and 54 deletions
--- a/modules/services/loki/default.nix
+++ b/modules/services/loki/default.nix
@ -11,14 +11,6 @@ with lib; let
 in {
  options.aa.services.loki = with types; {
    enable = mkEnableOption "loki";
-    acmeCertName = mkOption {
-      type = str;
-      default = "";
-      description = ''
-        If set to a non-empty string, forces SSL with the supplied acme
-        certificate.
-      '';
-    };
  };

  config = mkIf cfg.enable {
@ -103,20 +95,8 @@ in {
      };
    };

-    services.nginx = mkIf (cfg.acmeCertName != "") {
-      enable = true;
-      # Confirm with /loki/api/v1/status/buildinfo
-      virtualHosts."loki.${cfg.acmeCertName}" = {
-        locations."/" = {
-          proxyPass = "http://localhost:${toString loki.configuration.server.http_listen_port}";
-        };
-        forceSSL = true;
-        useACMEHost = cfg.acmeCertName;
-      };
-    };
-
    networking.firewall = {
-      allowedTCPPorts = [80 443];
+      allowedTCPPorts = [loki.configuration.server.http_listen_port];
    };
  };
 }
--- a/modules/services/promtail/default.nix
+++ b/modules/services/promtail/default.nix
@ -11,14 +11,6 @@ with lib; let
 in {
  options.aa.services.promtail = with types; {
    enable = mkEnableOption "promtail";
-    acmeCertName = mkOption {
-      type = str;
-      default = "";
-      description = ''
-        If set to a non-empty string, forces SSL with the supplied acme
-        certificate.
-      '';
-    };
  };

  config = mkIf cfg.enable {
@ -34,7 +26,8 @@ in {
        };
        clients = [
          {
-            url = "http://127.0.0.1:${toString loki.configuration.server.http_listen_port}/loki/api/v1/push";
+            # TODO: Don't hardcode this?
+            url = "http://node:3030/loki/api/v1/push";
          }
        ];
        scrape_configs = [
@ -44,7 +37,7 @@ in {
              max_age = "12h";
              labels = {
                job = "systemd-journal";
-                host = "node";
+                host = config.networking.hostName;
              };
            };
            relabel_configs = [
@ -58,20 +51,8 @@ in {
      };
    };

-    services.nginx = mkIf (cfg.acmeCertName != "") {
-      enable = true;
-      # Confirm with /loki/api/v1/status/buildinfo
-      virtualHosts."promtail.${cfg.acmeCertName}" = {
-        locations."/" = {
-          proxyPass = "http://localhost:${toString config.services.promtail.configuration.server.http_listen_port}";
-        };
-        forceSSL = true;
-        useACMEHost = cfg.acmeCertName;
-      };
-    };
-
-    networking.firewall = {
-      allowedTCPPorts = [80 443];
-    };
+    # networking.firewall = {
+    #   allowedTCPPorts = [80 443];
+    # };
  };
 }
--- a/systems/aarch64-linux/pi4/default.nix
+++ b/systems/aarch64-linux/pi4/default.nix
@ -42,6 +42,7 @@
      acmeCertName = "kilonull.com";
    };
    services.prometheus.enable = true;
+    services.promtail.enable = true;

    security.acme = {
      enable = true;
--- a/systems/x86_64-linux/gospel/default.nix
+++ b/systems/x86_64-linux/gospel/default.nix
@ -57,6 +57,7 @@
      };
    };
    services.prometheus.enable = true;
+    services.promtail.enable = true;

    hardware.audio.enable = true;
    hardware.bluetooth.enable = true;
--- a/systems/x86_64-linux/node/default.nix
+++ b/systems/x86_64-linux/node/default.nix
@ -38,14 +38,8 @@
      enable = true;
      enableServer = true;
    };
-    services.loki = {
-      enable = true;
-      acmeCertName = "kilonull.com";
-    };
-    services.promtail = {
-      enable = true;
-      acmeCertName = "kilonull.com";
-    };
+    services.loki.enable = true;
+    services.promtail.enable = true;
    services.syncoid = {
      #  sudo -u backups zfs create -o mountpoint=/tank/backups/gospel tank/backups/gospel
      enable = true;