forked from pub-solar/infra
Benjamin Yule Bädorf
68278ad983
This works towards having reusable modules * `config.pub-solar-os.networking.domain` is used for the main domain * `config.pub-solar-os.privacyPolicUrl` links towards the privacy policy * `config.pub-solar-os.imprintUrl` links towards the imprint * `config.pub-solar-os.auth.enable` enables the keycloak installation. This is needed because `config.pub-solar-os.auth` has to be available everywhere, but we do not want to install keycloak everywhere. * `config.pub-solar-os.auth.realm` sets the keycloak realm name
47 lines
1.1 KiB
Nix
47 lines
1.1 KiB
Nix
{ config
|
|
, lib
|
|
, pkgs
|
|
, flake
|
|
, ...
|
|
}: {
|
|
age.secrets.nachtigall-metrics-prometheus-basic-auth-password = {
|
|
file = "${flake.self}/secrets/nachtigall-metrics-prometheus-basic-auth-password.age";
|
|
mode = "600";
|
|
owner = "promtail";
|
|
};
|
|
|
|
services.promtail = {
|
|
enable = true;
|
|
configuration = {
|
|
server = {
|
|
http_listen_port = 9080;
|
|
grpc_listen_port = 0;
|
|
};
|
|
positions = {
|
|
filename = "/tmp/positions.yaml";
|
|
};
|
|
clients = [{
|
|
url = "https://flora-6.${config.pub-solar-os.networking.domain}/loki/api/v1/push";
|
|
basic_auth = {
|
|
username = "hakkonaut";
|
|
password_file = "${config.age.secrets.nachtigall-metrics-prometheus-basic-auth-password.path}";
|
|
};
|
|
}];
|
|
scrape_configs = [{
|
|
job_name = "journal";
|
|
journal = {
|
|
max_age = "24h";
|
|
labels = {
|
|
job = "systemd-journal";
|
|
host = "nachtigall";
|
|
};
|
|
};
|
|
relabel_configs = [{
|
|
source_labels = [ "__journal__systemd_unit" ];
|
|
target_label = "unit";
|
|
}];
|
|
}];
|
|
};
|
|
};
|
|
}
|