about summary refs log tree commit diff
path: root/modules/nixos/loki.nix
blob: 49a9b19fbeb46aa4172f2a057723a396e84989ab (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
{
  config,
  lib,
  libNginx,
  pkgs,
  ...
}:
with lib; let
  cfg = config.nixfiles.modules.loki;
in {
  options.nixfiles.modules.loki = {
    enable = mkEnableOption "Loki";

    port = mkOption {
      description = "Port.";
      type = with types; port;
      default = 30171;
    };

    domain = mkOption {
      description = "Domain name sans protocol scheme.";
      type = with types; str;
      default = "loki.${config.networking.domain}";
    };
  };

  config = mkIf cfg.enable {
    ark.directories = [config.services.loki.configuration.common.path_prefix];

    nixfiles.modules.nginx = with cfg; {
      enable = true;
      upstreams.loki.servers."127.0.0.1:${toString cfg.port}" = {};
      virtualHosts.${domain} = {
        locations."/".proxyPass = "http://loki";
        extraConfig = libNginx.config.internalOnly;
      };
    };

    services.loki = {
      enable = true;

      configuration = rec {
        auth_enabled = false;

        server = rec {
          http_listen_address = "127.0.0.1";
          http_listen_port = cfg.port;

          grpc_listen_address = "127.0.0.1";
          grpc_listen_port = http_listen_port + 1;

          log_level = "warn";
        };

        common = rec {
          path_prefix = "/var/lib/loki";
          storage.filesystem = {
            chunks_directory = "${path_prefix}/chunks";
            rules_directory = "${path_prefix}/rules";
          };
          replication_factor = 1;
          instance_interface_names = ["lo"];
          ring = {
            instance_addr = "127.0.0.1";
            kvstore.store = "inmemory";
          };
        };

        ruler = {
          rule_path = "${common.path_prefix}/ruler";
          storage = {
            type = "local";
            local.directory =
              pkgs.writeTextDir "ruler/ruler.yml"
              (generators.toJSON {} {groups = [{name = "default";}];});
          };
        };

        limits_config = {
          max_streams_per_user = 0;
          max_global_streams_per_user = 0;
          max_query_series = 100000; # Is this safe?
        };

        schema_config.configs = [
          {
            from = "2020-01-01";
            store = "boltdb-shipper";
            object_store = "filesystem";
            schema = "v11";
            index = {
              prefix = "index_";
              period = "24h";
            };
            chunks = {
              prefix = "chunks_";
              period = "24h";
            };
          }
        ];

        analytics.reporting_enabled = false;
      };
    };

    systemd.tmpfiles.rules = with config.services.loki.configuration.common; [
      "d ${path_prefix} 0700 loki loki - -"
      "d ${storage.filesystem.chunks_directory} 0700 loki loki - -"
      "d ${storage.filesystem.rules_directory} 0700 loki loki - -"
    ];
  };
}

Consider giving Nix/NixOS a try! <3