diff --git a/modules/services/loki/default.nix b/modules/services/loki/default.nix index fc503a9..15c15ef 100644 --- a/modules/services/loki/default.nix +++ b/modules/services/loki/default.nix @@ -11,14 +11,6 @@ with lib; let in { options.aa.services.loki = with types; { enable = mkEnableOption "loki"; - acmeCertName = mkOption { - type = str; - default = ""; - description = '' - If set to a non-empty string, forces SSL with the supplied acme - certificate. - ''; - }; }; config = mkIf cfg.enable { @@ -103,20 +95,8 @@ in { }; }; - services.nginx = mkIf (cfg.acmeCertName != "") { - enable = true; - # Confirm with /loki/api/v1/status/buildinfo - virtualHosts."loki.${cfg.acmeCertName}" = { - locations."/" = { - proxyPass = "http://localhost:${toString loki.configuration.server.http_listen_port}"; - }; - forceSSL = true; - useACMEHost = cfg.acmeCertName; - }; - }; - networking.firewall = { - allowedTCPPorts = [80 443]; + allowedTCPPorts = [loki.configuration.server.http_listen_port]; }; }; } diff --git a/modules/services/promtail/default.nix b/modules/services/promtail/default.nix index 81839a3..e939345 100644 --- a/modules/services/promtail/default.nix +++ b/modules/services/promtail/default.nix @@ -11,14 +11,6 @@ with lib; let in { options.aa.services.promtail = with types; { enable = mkEnableOption "promtail"; - acmeCertName = mkOption { - type = str; - default = ""; - description = '' - If set to a non-empty string, forces SSL with the supplied acme - certificate. - ''; - }; }; config = mkIf cfg.enable { @@ -34,7 +26,8 @@ in { }; clients = [ { - url = "http://127.0.0.1:${toString loki.configuration.server.http_listen_port}/loki/api/v1/push"; + # TODO: Don't hardcode this? + url = "http://node:3030/loki/api/v1/push"; } ]; scrape_configs = [ @@ -44,7 +37,7 @@ in { max_age = "12h"; labels = { job = "systemd-journal"; - host = "node"; + host = config.networking.hostName; }; }; relabel_configs = [ @@ -58,20 +51,8 @@ in { }; }; - services.nginx = mkIf (cfg.acmeCertName != "") { - enable = true; - # Confirm with /loki/api/v1/status/buildinfo - virtualHosts."promtail.${cfg.acmeCertName}" = { - locations."/" = { - proxyPass = "http://localhost:${toString config.services.promtail.configuration.server.http_listen_port}"; - }; - forceSSL = true; - useACMEHost = cfg.acmeCertName; - }; - }; - - networking.firewall = { - allowedTCPPorts = [80 443]; - }; + # networking.firewall = { + # allowedTCPPorts = [80 443]; + # }; }; } diff --git a/systems/aarch64-linux/pi4/default.nix b/systems/aarch64-linux/pi4/default.nix index 206d9b1..77f1330 100644 --- a/systems/aarch64-linux/pi4/default.nix +++ b/systems/aarch64-linux/pi4/default.nix @@ -42,6 +42,7 @@ acmeCertName = "kilonull.com"; }; services.prometheus.enable = true; + services.promtail.enable = true; security.acme = { enable = true; diff --git a/systems/x86_64-linux/gospel/default.nix b/systems/x86_64-linux/gospel/default.nix index 7a0123c..6c8b738 100644 --- a/systems/x86_64-linux/gospel/default.nix +++ b/systems/x86_64-linux/gospel/default.nix @@ -57,6 +57,7 @@ }; }; services.prometheus.enable = true; + services.promtail.enable = true; hardware.audio.enable = true; hardware.bluetooth.enable = true; diff --git a/systems/x86_64-linux/node/default.nix b/systems/x86_64-linux/node/default.nix index f556553..e534829 100644 --- a/systems/x86_64-linux/node/default.nix +++ b/systems/x86_64-linux/node/default.nix @@ -38,14 +38,8 @@ enable = true; enableServer = true; }; - services.loki = { - enable = true; - acmeCertName = "kilonull.com"; - }; - services.promtail = { - enable = true; - acmeCertName = "kilonull.com"; - }; + services.loki.enable = true; + services.promtail.enable = true; services.syncoid = { # sudo -u backups zfs create -o mountpoint=/tank/backups/gospel tank/backups/gospel enable = true;