Configured more machines to push logs to loki

modules/services/loki/default.nix

@@ -11,14 +11,6 @@ with lib; let
 in {
   options.aa.services.loki = with types; {
     enable = mkEnableOption "loki";
-    acmeCertName = mkOption {
-      type = str;
-      default = "";
-      description = ''
-        If set to a non-empty string, forces SSL with the supplied acme
-        certificate.
-      '';
-    };
   };
 
   config = mkIf cfg.enable {
@@ -103,20 +95,8 @@ in {
       };
     };
 
-    services.nginx = mkIf (cfg.acmeCertName != "") {
-      enable = true;
-      # Confirm with /loki/api/v1/status/buildinfo
-      virtualHosts."loki.${cfg.acmeCertName}" = {
-        locations."/" = {
-          proxyPass = "http://localhost:${toString loki.configuration.server.http_listen_port}";
-        };
-        forceSSL = true;
-        useACMEHost = cfg.acmeCertName;
-      };
-    };
-
     networking.firewall = {
-      allowedTCPPorts = [80 443];
+      allowedTCPPorts = [loki.configuration.server.http_listen_port];
     };
   };
 }

modules/services/promtail/default.nix

@@ -11,14 +11,6 @@ with lib; let
 in {
   options.aa.services.promtail = with types; {
     enable = mkEnableOption "promtail";
-    acmeCertName = mkOption {
-      type = str;
-      default = "";
-      description = ''
-        If set to a non-empty string, forces SSL with the supplied acme
-        certificate.
-      '';
-    };
   };
 
   config = mkIf cfg.enable {
@@ -34,7 +26,8 @@ in {
         };
         clients = [
           {
-            url = "http://127.0.0.1:${toString loki.configuration.server.http_listen_port}/loki/api/v1/push";
+            # TODO: Don't hardcode this?
+            url = "http://node:3030/loki/api/v1/push";
           }
         ];
         scrape_configs = [
@@ -44,7 +37,7 @@ in {
               max_age = "12h";
               labels = {
                 job = "systemd-journal";
-                host = "node";
+                host = config.networking.hostName;
               };
             };
             relabel_configs = [
@@ -58,20 +51,8 @@ in {
       };
     };
 
-    services.nginx = mkIf (cfg.acmeCertName != "") {
+    # networking.firewall = {
-      enable = true;
+    #   allowedTCPPorts = [80 443];
-      # Confirm with /loki/api/v1/status/buildinfo
+    # };
-      virtualHosts."promtail.${cfg.acmeCertName}" = {
-        locations."/" = {
-          proxyPass = "http://localhost:${toString config.services.promtail.configuration.server.http_listen_port}";
-        };
-        forceSSL = true;
-        useACMEHost = cfg.acmeCertName;
-      };
-    };
-
-    networking.firewall = {
-      allowedTCPPorts = [80 443];
-    };
   };
 }

systems/aarch64-linux/pi4/default.nix

@@ -42,6 +42,7 @@
       acmeCertName = "kilonull.com";
     };
     services.prometheus.enable = true;
+    services.promtail.enable = true;
 
     security.acme = {
       enable = true;

systems/x86_64-linux/gospel/default.nix

@@ -57,6 +57,7 @@
       };
     };
     services.prometheus.enable = true;
+    services.promtail.enable = true;
 
     hardware.audio.enable = true;
     hardware.bluetooth.enable = true;

systems/x86_64-linux/node/default.nix

@@ -38,14 +38,8 @@
       enable = true;
       enableServer = true;
     };
-    services.loki = {
+    services.loki.enable = true;
-      enable = true;
+    services.promtail.enable = true;
-      acmeCertName = "kilonull.com";
-    };
-    services.promtail = {
-      enable = true;
-      acmeCertName = "kilonull.com";
-    };
     services.syncoid = {
       #  sudo -u backups zfs create -o mountpoint=/tank/backups/gospel tank/backups/gospel
       enable = true;