From 1760b2f1dc389f2eb0282bfc2dee4aa58d4567b8 Mon Sep 17 00:00:00 2001
From: Felix Buehler <account@buehler.rocks>
Date: Sun, 9 Apr 2023 23:07:39 +0200
Subject: [PATCH] service/promtail: init

---
 machines/newton/services.nix          |  3 +
 modules/services/default.nix          |  1 +
 modules/services/promtail/default.nix | 87 +++++++++++++++++++++++++++
 3 files changed, 91 insertions(+)
 create mode 100644 modules/services/promtail/default.nix

diff --git a/machines/newton/services.nix b/machines/newton/services.nix
index cfeb7db..149587c 100644
--- a/machines/newton/services.nix
+++ b/machines/newton/services.nix
@@ -115,6 +115,9 @@ in
     loki = {
       enable = true;
     };
+    promtail = {
+      enable = true;
+    };
     # Webserver
     nginx = {
       enable = true;
diff --git a/modules/services/default.nix b/modules/services/default.nix
index 1ea839e..535cfca 100644
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -23,6 +23,7 @@
     ./passworts
     ./photoprism
     ./prometheus
+    ./promtail
     ./prowlarr
     ./radarr
     ./rss-bridge
diff --git a/modules/services/promtail/default.nix b/modules/services/promtail/default.nix
new file mode 100644
index 0000000..68aacf0
--- /dev/null
+++ b/modules/services/promtail/default.nix
@@ -0,0 +1,87 @@
+# # log forwarding
+{ config, lib, pkgs, ... }:
+let
+  cfg = config.my.services.promtail;
+  domain = config.networking.domain;
+in
+{
+  options.my.services.promtail = with lib; {
+    enable = mkEnableOption "promtail log forwarding";
+
+    port = mkOption {
+      type = types.port;
+      default = 9081;
+      example = 3002;
+      description = "Internal port";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.promtail = {
+      enable = true;
+      configuration = {
+        server = {
+          http_listen_address = "127.0.0.1";
+          http_listen_port = cfg.port;
+          grpc_listen_port = 0; # without it collides with loki; only used for pushing (not used)
+        };
+        positions = {
+          filename = "/tmp/positions.yaml";
+        };
+        clients = [{
+          url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}/loki/api/v1/push";
+        }];
+        scrape_configs = [
+          {
+            job_name = "journal";
+            journal = {
+              max_age = "24h";
+              labels = {
+                job = "systemd-journal";
+                host = config.networking.hostName;
+              };
+            };
+            relabel_configs = [{
+              source_labels = [ "__journal__systemd_unit" ];
+              target_label = "unit";
+            }];
+          }
+          {
+            job_name = "nginx";
+            static_configs = [
+              {
+                targets = [
+                  "localhost"
+                ];
+                labels = {
+                  job = "nginx";
+                  __path__ = "/var/log/nginx/*.log";
+                  host = config.networking.hostName;
+                };
+              }
+            ];
+          }
+        ];
+      };
+    };
+
+    # otherwise access to the log is denied
+    users.users.promtail.extraGroups = [ "nginx" ];
+
+    my.services.nginx.virtualHosts = [
+      {
+        subdomain = "log";
+        inherit (cfg) port;
+      }
+    ];
+
+    webapps.apps.promtail = {
+      dashboard = {
+        name = "Logging";
+        category = "infra";
+        icon = "book";
+        link = "https://log.${domain}";
+      };
+    };
+  };
+}