pub-solar/infra
6
1
Fork 3
Code Issues 16 Pull requests 7 Actions Packages Projects 1 Releases Wiki Activity

feat(nachtigall): send logs to loki, https+basic auth
All checks were successful
Flake checks / Check (pull_request) Successful in 4m5s
Details

Browse source 
Use caddy as reverse proxy for loki on flora-6, add basic auth

Add promtail to nachtigall, push logs to flora-6
This commit is contained in:
teutat3s 2023-12-13 19:18:56 +01:00
parent 10bb3295de
commit e3d4f61a42
Signed by: teutat3s
GPG key ID: 4FA1D3FA524F22C1
5 changed files with 90 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
hosts/flora-6/apps/caddy.nix
View file

@ -27,6 +27,17 @@
reverse_proxy :4000
'';
};
"flora-6.pub.solar" = {
logFormat = lib.mkForce ''
output discard
'';
extraConfig = ''
basicauth * {
hakkonaut $2a$14$mmIAy/Ezm6YGohUtXa2mWeW6Bcw1MQXPhrRbz14jAD2iUu3oob/t.
}
reverse_proxy :${toString config.services.loki.configuration.server.http_listen_port}
'';
};
"grafana.pub.solar" = {
logFormat = lib.mkForce ''
output discard

47
hosts/nachtigall/apps/promtail.nix Normal file
View file

@ -0,0 +1,47 @@
{
config,
lib,
pkgs,
flake,
...
}: {
age.secrets.nachtigall-metrics-prometheus-basic-auth-password = {
file = "${flake.self}/secrets/nachtigall-metrics-prometheus-basic-auth-password.age";
mode = "600";
owner = "promtail";
};
services.promtail = {
enable = true;
configuration = {
server = {
http_listen_port = 9080;
grpc_listen_port = 0;
};
positions = {
filename = "/tmp/positions.yaml";
};
clients = [{
url = "https://flora-6.pub.solar/loki/api/v1/push";
basic_auth = {
username = "hakkonaut";
password_file = "${config.age.secrets.nachtigall-metrics-prometheus-basic-auth-password.path}";
};
}];
scrape_configs = [{
job_name = "journal";
journal = {
max_age = "24h";
labels = {
job = "systemd-journal";
host = "nachtigall";
};
};
relabel_configs = [{
source_labels = [ "__journal__systemd_unit" ];
target_label = "unit";
}];
}];
};
};
}

5
hosts/nachtigall/default.nix
View file

@ -18,19 +18,20 @@
./apps/mastodon.nix
./apps/mediawiki.nix
./apps/nextcloud.nix
./apps/owncast.nix
./apps/nginx-mastodon.nix
./apps/nginx-mastodon-files.nix
./apps/nginx-prometheus-exporters.nix
./apps/nginx-website.nix
./apps/opensearch.nix
./apps/owncast.nix
./apps/postgresql.nix
./apps/prometheus-exporters.nix
./apps/promtail.nix
./apps/searx.nix
./apps/matrix/irc.nix
./apps/matrix/mautrix-telegram.nix
./apps/matrix/synapse.nix
./apps/matrix/irc.nix
./apps/nginx-matrix.nix
];
}

53
secrets/nachtigall-metrics-prometheus-basic-auth-password.age
View file

@ -1,27 +1,30 @@
age-encryption.org/v1
-> ssh-ed25519 Y0ZZaw OfW2lm8CNwkA+63jp04bIHztAyLPV+xXQnTw9mzZBxg
E1utDkQScMHCbG5+hnBCHghcHXG1RzFaBZgP8rIqP/0
-> ssh-ed25519 uYcDNw 1ctiOm2nIiOqk9emMqDiEV6A4TogX0QY3i3BpyyRLWQ
8dmOuKM/ojRmv4Lhq8w9EZVmdnfdheLfrms9AqAwqSw
-> ssh-ed25519 Y0ZZaw CxhF1nK1+6OmJb/68UQ4mBIqxGgr8ngkNsL9dfaPN2s
jZ/JBaTCjFcL0SAGVx5ECDanVn4TGt0g2yn2OQOP9iY
-> ssh-ed25519 iDKjwg D/xqqA53Lw2UQJesg27wmK/UNCV+s914mvMlbKN1rhg
AOg0SkPvSotuSHk33zVfRxB0wn67a29YWc/itDUZ/LQ
-> ssh-ed25519 uYcDNw /QdfQUJmBMQZ+KRCst1gA0LqFGvM1K91ZL/RIRP+qBc
Ttksa44OdwLuRmgYPC2rIn+wy/SooRPUq8gQTR+pF0k
-> ssh-rsa kFDS0A
RdurPDcUR4Qh49KcgWvZEXSf1cV5CQGZQ0NEaDN86EJmUGWx7lpUZK5EhYIpDMU5
hC15shUmU1Hij9s0I7K1cQ0M3icpWJYdTmOe2IYjXDNr/Z7SUetI/NgPgV32zhW+
jLl/NIoofFccFYvwgPbg+/pQcmKYAIl5X4B9Il8Z7a+uTDdCcEkdl0sHlf337mzE
ILPuc4B4tEySaoDAcWzYeUZYOwWkHeZtgV/zxqE1bZzaa7WBqDrOh0/WJhivd2iG
PmTE+yK/hPV9wWeaAMQwL52UJb/TAjFXSi1iNRhtRkmEC6VbyDzMJ25na7ZN76ZH
76HaLffoM9yxCsvnA468vG6jr0MAgtstAgnqpb1DK7KAXCbIYeid2lN3gYo+CD8z
lhs+gxKoZPhw/PhBsqh/O1LYkLCngzC5ydS4VvYQ3CHSU9OAQhAkT6vx8Y+znQxu
wPEKDiEozAcW+flI9vC3Bg+uRCtGPOTufu+2qy6UNesOghbwiB+5BisjJcO3OtGz
SHiN40POpi7GUXe2OZ4XnOxOMbs1RGMec+sB6Nno5dG1Mf6m7Vhe0TsVXWBjX+TP
PuO1LlvUTOYld2xVMYk5intzeIRKljoDgheTf61zO1mwUbI6eMFM+QP9pH3IjETi
a1kxHDIz6HOaTX5aAvYCPVUHmTU8Qq3GbZzFXth8Qbs
-> ssh-ed25519 YFSOsg //jm3F459a1AT/e9Yjo0wEXae38rq4Rz3sf/E6nY7m8
W7K7wOCeIeBQoaf4nj2inerWfr28XMTOo50SrKUi1Sc
-> ssh-ed25519 iHV63A iTrGQu1a7GWq1b0+EnaQQwF3xD1b/MJW0FpWYd7tiTg
aOQXaXDMKId6vLhzcm/N0JlqEZgnIXsXQ1b+U7Smahs
-> ssh-ed25519 BVsyTA MG1cUHckhKrF9zjyDEAFEPl63ouRDVWlZTXMpQhgpzY
nMZFNhlEFaLmqSdG25AIM2b6rwH11nxzuYrFv7Gw7wQ
-> }IFM4v@O-grease 3Dun
Bw
--- E9LsfDYRjoDMTVbL2bfuFEl2mPIyMCZie1YgaMSc0p0
R¤1Ùˆ,'zåêÀ2Î…|~¤i7Ÿ^¾ú>¡]+ U”áØ|<1D>, ¶b¥ø 3ÕŠ:å!îÓârzèòqǤ
L9MGJFRceqbge3EF/rqXdT13jt9faxP1NmfRB3i2mrTasvCaovc/62bA0UmlsB/9
Y3hIzo28d6pZRcMm91l6PhWV0M33YNwPQf87vd7klv++1aMIdZ6/jHsQiohIBkRd
4pBe6rrx/lUqEqfQVYUFPfRE50ufkw+hRw/NJCvcBgHgNhhDoeb8keWRPZhhuv0Z
f0eP9ORKjeKxjv3tsIPjiE7aqxE1zTdrnSr7FuqklJhMYRdwVv+2ofNEh05hU6pR
VL4AS7d6Di/0dWTWc/Je2ytsrdio2v0rPAUXN1fyTh4AtrAmGQzUXNWnr4sB5xH9
QlL0Ea3IwndJSDNkqc4qI3JL0vx6QMUbsuNcMmVWSMkODP+gNQYXQNbnwNfeMAnE
V++WBfyrA8+V+ES+usqeWoOXjApzShn+gnrV0DHHXDAzNR+M647rQcsLePSyNjf/
NKd7Z8VfEq7m65AxmSHPezSGdICMf63WLG/Bffj9rWiQxaoiayGF8jbALpXlu93X
txOw8pK7zA8xFEBujmkrDPH3sJFPLOgOMYa0uuCMbrCGxeJ34nuQMhSUTamESSXb
AD3AgUrRvte1iXwy2PoZGolRLZfdq9zcAfFyq9KvIhvz/8b2F+KbqHQlAiKVPw8p
XQo4sXcDAmF251WSCJGN1C6Doxj/6XLuWILbkobQqoI
-> ssh-ed25519 YFSOsg FtIvWeEXI9blJIFAWMacXgPym5ePGXsuiOR+Gh3b3R8
0rp/NIu4kCCt05Is2+eRdUmgNX8QPMsDPhZWIejnBDA
-> ssh-ed25519 iHV63A 85G1w54UHS/gFcLvsXyYLPXvLHkJl3YQCi8ehb+ZrU8
lXDaMXlPw5ohaaYpiEkCNAmE2tJ2824ydmp9EakPtD8
-> ssh-ed25519 BVsyTA XimcaonVCGGyyCfn3BSX/a7zjJkWeaVY/xAcdNDrl1U
RaqpXzUd54qrkYYRbRTUclTpZdZx2us42lkP6wBxjBM
-> CWM8^B-grease
HvBgzYx54YVP0M6pk1bp9qegLscQ4tHIV9DZhr7jnrW41adgY0D39wnE2IgIRc6g
keRHAr7QVqdPy/kr+u0GwQ1MGFKI8Jss8vRxKwv/UgQfmg
--- dJWXhQRYjxWchTW1u3TrF7KvQIOdrOvkEC7oUtFcGeE
l>qFÞ®/®â@tË\Å&Zò êÄ:„Þ@ ò ÚKÏx©ªr¾áHK ûĦb0ÊÖ—5Ëm¸/

2
secrets/secrets.nix
View file

@ -68,5 +68,5 @@ in {
"grafana-smtp-password.age".publicKeys = flora6Keys ++ baseKeys;
"nachtigall-metrics-nginx-basic-auth.age".publicKeys = nachtigallKeys ++ baseKeys;
"nachtigall-metrics-prometheus-basic-auth-password.age".publicKeys = flora6Keys ++ baseKeys;
"nachtigall-metrics-prometheus-basic-auth-password.age".publicKeys = flora6Keys ++ nachtigallKeys ++ baseKeys;
}