forked from the-distro/infra
100 lines
2.6 KiB
Nix
100 lines
2.6 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
...
|
|
}:
|
|
let
|
|
cfg = config.bagel.services.loki;
|
|
inherit (lib) mkEnableOption mkIf;
|
|
in
|
|
{
|
|
options.bagel.services.loki.enable = mkEnableOption "Loki storage";
|
|
|
|
config = mkIf cfg.enable {
|
|
age.secrets = {
|
|
loki-htpasswd = {
|
|
file = ../../../secrets/loki-htpasswd.age;
|
|
owner = "nginx";
|
|
};
|
|
loki-environment.file = ../../../secrets/loki-environment.age;
|
|
};
|
|
|
|
services.loki = {
|
|
enable = true;
|
|
extraFlags = ["--config.expand-env"];
|
|
|
|
configuration = {
|
|
server = {
|
|
http_listen_port = 9090;
|
|
grpc_listen_port = 9096;
|
|
|
|
# 16M
|
|
grpc_server_max_recv_msg_size = 16777216;
|
|
grpc_server_max_send_msg_size = 16777216;
|
|
};
|
|
|
|
auth_enabled = false;
|
|
|
|
common = {
|
|
storage.s3 = {
|
|
endpoint = "s3.delroth.net";
|
|
region = "garage";
|
|
bucketnames = "bagel-loki";
|
|
secret_access_key = "\${S3_KEY}"; # This is a secret injected via an environment variable
|
|
access_key_id = "\${S3_KEY_ID}";
|
|
s3forcepathstyle = true;
|
|
};
|
|
ring.kvstore.store = "memberlist";
|
|
replication_factor = 1;
|
|
};
|
|
|
|
memberlist = {
|
|
bind_port = 7947;
|
|
advertise_port = 7947;
|
|
};
|
|
|
|
storage_config.tsdb_shipper = {
|
|
active_index_directory = "/var/lib/loki/index";
|
|
cache_location = "/var/lib/loki/cache";
|
|
};
|
|
|
|
compactor = {
|
|
working_directory = "/var/lib/loki/compactor";
|
|
compaction_interval = "10m";
|
|
retention_enabled = true;
|
|
retention_delete_delay = "1s";
|
|
retention_delete_worker_count = 150;
|
|
delete_request_store = "filesystem";
|
|
};
|
|
|
|
limits_config.retention_period = "1w";
|
|
|
|
schema_config = {
|
|
configs = [
|
|
{
|
|
from = "2024-07-01";
|
|
store = "tsdb";
|
|
object_store = "s3";
|
|
schema = "v13";
|
|
index = {
|
|
prefix = "index_";
|
|
period = "24h";
|
|
};
|
|
}
|
|
];
|
|
};
|
|
};
|
|
};
|
|
|
|
systemd.services.loki.serviceConfig.EnvironmentFile = [ config.age.secrets.loki-environment.path ];
|
|
|
|
services.nginx.virtualHosts."loki.forkos.org" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations."/loki/api/v1/push" = {
|
|
proxyPass = "http://localhost:${toString config.services.loki.configuration.server.http_listen_port}";
|
|
basicAuthFile = config.age.secrets.loki-htpasswd.path;
|
|
};
|
|
};
|
|
};
|
|
}
|