diff --git a/loki.yaml b/loki.yaml new file mode 100644 index 0000000..3ae6ec7 --- /dev/null +++ b/loki.yaml @@ -0,0 +1,48 @@ +auth_enabled: false + +server: + http_listen_port: 3100 + +ingester: + lifecycler: + address: 0.0.0.0 + ring: + kvstore: + store: inmemory + replication_factor: 1 + final_sleep: 0s + chunk_idle_period: 1h # Any chunk not receiving new logs in this time will be flushed + max_chunk_age: 1h # All chunks will be flushed when they hit this age, default is 1h + chunk_target_size: 1048576 # Loki will attempt to build chunks up to 1.5MB, flushing first if chunk_idle_period or max_chunk_age is reached first + chunk_retain_period: 30s # Must be greater than index read cache TTL if using an index cache (Default index read cache TTL is 5m) + max_transfer_retries: 0 # Chunk transfers disabled + +schema_config: + configs: + - from: 2020-10-24 + store: boltdb-shipper + object_store: filesystem + schema: v11 + index: + prefix: index_ + period: 24h + +storage_config: + boltdb_shipper: + active_index_directory: /var/lib/loki/boltdb-shipper-active + cache_location: /var/lib/loki/boltdb-shipper-cache + cache_ttl: 24h # Can be increased for faster performance over longer query periods, uses more disk space + shared_store: filesystem + filesystem: + directory: /var/lib/loki/chunks + +limits_config: + reject_old_samples: true + reject_old_samples_max_age: 168h + +chunk_store_config: + max_look_back_period: 0s + +table_manager: + retention_deletes_enabled: false + retention_period: 0s diff --git a/monitoring.nix b/monitoring.nix index 09abda1..a8d129f 100644 --- a/monitoring.nix +++ b/monitoring.nix @@ -46,7 +46,7 @@ { name = "Loki"; type = "loki"; - url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}"; + url = "http://127.0.0.1:3100"; uid = "180d3e53-be75-4a6a-bb71-bdf437aec085"; } ]; @@ -118,13 +118,12 @@ group = "grafana"; user = "grafana"; }; - }; "grafana-dashboards/unpoller.json" = { source = ./grafana-dashboards/unpoller.json; group = "grafana"; user = "grafana"; }; - +}; services.prometheus = { scrapeConfigs = [ { @@ -231,83 +230,12 @@ }; services.loki = { enable = true; - configuration = { - server.http_listen_port = 3030; - auth_enabled = false; - - ingester = { - lifecycler = { - address = "127.0.0.1"; - ring = { - kvstore = { - store = "inmemory"; - }; - replication_factor = 1; - }; - }; - chunk_idle_period = "1h"; - max_chunk_age = "1h"; - chunk_target_size = 999999; - chunk_retain_period = "30s"; - max_transfer_retries = 0; - }; - - schema_config = { - configs = [ - { - from = "2022-06-06"; - store = "boltdb-shipper"; - object_store = "filesystem"; - schema = "v11"; - index = { - prefix = "index_"; - period = "24h"; - }; - } - ]; - }; - - storage_config = { - boltdb_shipper = { - active_index_directory = "/var/lib/loki/boltdb-shipper-active"; - cache_location = "/var/lib/loki/boltdb-shipper-cache"; - cache_ttl = "24h"; - shared_store = "filesystem"; - }; - - filesystem = { - directory = "/var/lib/loki/chunks"; - }; - }; - - limits_config = { - reject_old_samples = true; - reject_old_samples_max_age = "168h"; - }; - - chunk_store_config = { - max_look_back_period = "0s"; - }; - - table_manager = { - retention_deletes_enabled = false; - retention_period = "0s"; - }; - - compactor = { - working_directory = "/var/lib/loki"; - shared_store = "filesystem"; - compactor_ring = { - kvstore = { - store = "inmemory"; - }; - }; - }; - }; - }; - + configFile = ./loki.yaml; + extraFlags = ["-config.expand-env=true"]; +}; # promtail: port 3031 (8031) services.promtail = { + extraFlags = ["-config.expand-env=true"]; enable = true; configuration = { server = { @@ -319,7 +247,7 @@ }; clients = [ { - url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}/loki/api/v1/push"; + url = "http://127.0.0.1:3100/loki/api/v1/push"; } ]; scrape_configs = [ diff --git a/net.nix b/net.nix index b003139..83bcfb8 100644 --- a/net.nix +++ b/net.nix @@ -25,40 +25,6 @@ }; }; networking.firewall = { - allowedTCPPorts = [ - 1100 - 11000 - 81 - 8080 - 443 - 80 - 22 - 3000 - 8443 - 1337 - 3001 - 9090 - 9100 - 1312 - 8090 - ]; - allowedUDPPorts = [ - 1100 - 11000 - 81 - 8080 - 443 - 80 - 22 - 3000 - 8443 - 1337 - 3001 - 9090 - 9100 - 1312 - 17871 - ]; - }; - + enable = false; +}; } diff --git a/nginx.nix b/nginx.nix index 2a5fe70..ea2eaaf 100644 --- a/nginx.nix +++ b/nginx.nix @@ -7,6 +7,61 @@ recommendedProxySettings = true; recommendedTlsSettings = true; # other Nginx options + virtualHosts."routerlab1.ketamin.trade" = { + enableACME = true; + forceSSL = true; + basicAuth = { + foo = "foo"; + }; + locations."/" = { + proxyPass = "http://10.10.1.22:9001"; + proxyWebsockets = true; # needed if you need to use WebSocket + }; + }; + virtualHosts."routerlab2.ketamin.trade" = { + enableACME = true; + forceSSL = true; + basicAuth = { + foo = "foo"; + }; + locations."/" = { + proxyPass = "http://10.10.1.22:9002"; + proxyWebsockets = true; # needed if you need to use WebSocket + }; + }; + virtualHosts."routerlab3.ketamin.trade" = { + enableACME = true; + forceSSL = true; + basicAuth = { + foo = "foo"; + }; + locations."/" = { + proxyPass = "http://10.10.1.22:9003"; + proxyWebsockets = true; # needed if you need to use WebSocket + }; + }; + virtualHosts."routerlab4.ketamin.trade" = { + enableACME = true; + forceSSL = true; + basicAuth = { + foo = "foo"; + }; + locations."/" = { + proxyPass = "http://10.10.1.22:9004"; + proxyWebsockets = true; # needed if you need to use WebSocket + }; + }; + virtualHosts."routerlab5.ketamin.trade" = { + enableACME = true; + forceSSL = true; + basicAuth = { + foo = "foo"; + }; + locations."/" = { + proxyPass = "http://10.10.1.22:9005"; + proxyWebsockets = true; # needed if you need to use WebSocket + }; + }; virtualHosts.${config.services.grafana.settings.server.domain} = { enableACME = true; forceSSL = true; diff --git a/nginx.nix.save b/nginx.nix.save new file mode 100644 index 0000000..e015dc8 --- /dev/null +++ b/nginx.nix.save @@ -0,0 +1,182 @@ +{ pkgs, config, ... }: +{ + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + # other Nginx options + virtualHosts.${config.services.grafana.settings.server.domain} = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:3001"; + proxyWebsockets = true; # needed if you need to use WebSocket + }; + }; + virtualHosts."caffeine.mom" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:8096"; + proxyWebsockets = true; # needed if you need to use WebSocket + }; + }; + virtualHosts."cloud.fffda.lol" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://10.10.1.22:1100"; + proxyWebsockets = true; # needed if you need to use WebSocket + }; + }; + virtualHosts."routerlab1.ketamin.trade" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://10.10.1.22:9001"; + proxyWebsockets = true; # needed if you need to use WebSocket + }; + basicAuth = { + ice = "diebestenmrmcdallerzeiten"; + }; + }; + virtualHosts."routerlab2.ketamin.trade" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://10.10.1.22:9002"; + proxyWebsockets = true; # needed if you need to use WebSocket + }; + }; + virtualHosts."routerlab3.ketamin.trade" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://10.10.1.22:9003"; + proxyWebsockets = true; # needed if you need to use WebSocket + }; + }; + virtualHosts."routerlab4.ketamin.trade" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://10.10.1.22:9004"; + proxyWebsockets = true; # needed if you need to use WebSocket + }; + }; + virtualHosts."routerlab5.ketamin.trade" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://10.10.1.22:9005"; + proxyWebsockets = true; # needed if you need to use WebSocket + }; + }; + virtualHosts."unifi.ketamin.trade" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:8443"; + proxyWebsockets = true; # needed if you need to use WebSocket + }; + }; + virtualHosts."radarr.ketamin.trade" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:7878"; + proxyWebsockets = true; # needed if you need to use WebSocket + }; + }; + virtualHosts."bazarr.ketamin.trade" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:6767"; + proxyWebsockets = true; # needed if you need to use WebSocket + }; + }; + virtualHosts."sonarr.ketamin.trade" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:8989"; + proxyWebsockets = true; # needed if you need to use WebSocket + }; + }; + virtualHosts."prowlarr.ketamin.trade" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:9696"; + proxyWebsockets = true; # needed if you need to use WebSocket + }; + }; + virtualHosts."lidarr.ketamin.trade" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:8686"; + proxyWebsockets = true; # needed if you need to use WebSocket + }; + }; + virtualHosts."jellyseerr.ketamin.trade" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:5055"; + proxyWebsockets = true; # needed if you need to use WebSocket + }; + }; + virtualHosts."lists.ketamin.trade" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:61015"; + proxyWebsockets = true; # needed if you need to use WebSocket + }; + }; + virtualHosts."torrent.ketamin.trade" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://10.10.1.22:8090"; + proxyWebsockets = true; # needed if you need to use WebSocket + }; + }; + virtualHosts."ai.ketamin.trade" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:2315"; + proxyWebsockets = true; # needed if you need to use WebSocket + }; + }; + virtualHosts."jellyfin.ketamin.trade" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:8096"; + proxyWebsockets = true; # needed if you need to use WebSocket + }; + }; + virtualHosts."ketamin.trade" = { + enableACME = true; + forceSSL = true; + locations."/" = { + return = "302 https://blog.ketamin.trade"; + }; + }; + virtualHosts.${config.services.nextcloud.hostName} = { + forceSSL = true; + enableACME = true; + }; + }; + + security.acme = { + acceptTerms = true; + defaults.email = "acme@ketamin.trade"; + }; +}