{ config, lib, ... }: let cfg = config.bagel.monitoring.promtail; inherit (lib) mkEnableOption mkIf; in { options.bagel.monitoring.promtail.enable = (mkEnableOption "Promtail log export") // { default = true; }; config = mkIf cfg.enable { age.secrets.promtail-password = { file = ../../secrets/promtail-password.age; owner = "promtail"; }; services.promtail = { enable = true; configuration = { server.disable = true; clients = [ { url = "https://loki.forkos.org/loki/api/v1/push"; basic_auth = { username = "promtail"; password_file = config.age.secrets.promtail-password.path; }; } ]; scrape_configs = [ { job_name = "system"; journal = { max_age = "12h"; labels = { job = "systemd-journal"; host = config.networking.hostName; }; }; relabel_configs = [ { source_labels = [ "__journal__systemd_unit" ]; target_label = "unit"; } ]; } ]; }; }; }; }