From 21740ed665ee0aadaecefbfa3e7358e0764c3cc6 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 6 Jan 2021 02:12:01 +0100 Subject: [PATCH] LoutreOS: indexation de logs nginx avec Loki --- systems/LoutreOS/monitoring.nix | 91 +++++++++++++++++++++++++++++++++ systems/LoutreOS/services.nix | 14 +++++ systems/LoutreOS/web.nix | 7 ++- 3 files changed, 111 insertions(+), 1 deletion(-) diff --git a/systems/LoutreOS/monitoring.nix b/systems/LoutreOS/monitoring.nix index d60beed..b1ce207 100644 --- a/systems/LoutreOS/monitoring.nix +++ b/systems/LoutreOS/monitoring.nix @@ -112,8 +112,99 @@ in ZED_EMAIL_ADDR = [ "paul@nyanlout.re" ]; ZED_NOTIFY_VERBOSE = true; }; + + loki = { + enable = true; + configuration = { + auth_enabled = false; + server.http_listen_port = 3100; + ingester = { + lifecycler = { + address = "127.0.0.1"; + ring = { + kvstore.store = "inmemory"; + replication_factor = 1; + }; + }; + chunk_idle_period = "1h"; + chunk_target_size = 1000000; + }; + schema_config.configs = [ + { + from = "2018-04-15"; + store = "boltdb"; + object_store = "filesystem"; + schema = "v11"; + index = { + prefix = "index_"; + period = "168h"; + }; + } + ]; + storage_config = { + boltdb.directory = "/var/lib/loki/index"; + filesystem.directory = "/var/lib/loki/chunks"; + }; + limits_config = { + enforce_metric_name = false; + reject_old_samples = true; + reject_old_samples_max_age = "168h"; + }; + chunk_store_config.max_look_back_period = "168h"; + table_manager = { + retention_deletes_enabled = true; + retention_period = "168h"; + }; + }; + }; + + promtail = { + enable = true; + configuration = { + server = { + http_listen_port = 9080; + grpc_listen_port = 0; + }; + positions.filename = "/tmp/positions.yaml"; + clients = [ { url = "http://127.0.0.1:3100/loki/api/v1/push"; } ]; + scrape_configs = [ + { + job_name = "nginx"; + static_configs = [ + { + labels = { + job = "nginx"; + __path__ = "/var/log/nginx/*log"; + }; + } + ]; + pipeline_stages = [ + { + match = { + selector = ''{job="nginx"}''; + stages = [ + { + regex.expression = ''^(?P[\w\.]+) - (?P[^ ]*) \[(?P.*)\] "(?P[^ ]*) (?P[^ ]*) (?P[^ ]*)" (?P[\d]+) (?P[\d]+) "(?P[^"]*)" "(?P[^"]*)"?''; + } + { + labels = { + method = null; + request = null; + status = null; + }; + } + ]; + }; + } + ]; + } + ]; + }; + }; }; + systemd.services.promtail.serviceConfig.SupplementaryGroups = [ "nginx" ]; + security.sudo.extraRules = [ { commands = [ { command = "${pkgs.smartmontools}/bin/smartctl"; options = [ "NOPASSWD" ]; } ]; users = [ "telegraf" ]; } ]; diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 171056b..db1aced 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -35,6 +35,20 @@ in ]; services = { + logrotate = { + enable = true; + paths = { + nginx = { + path = "/var/log/nginx/*.log"; + user = config.services.nginx.user; + group = config.services.nginx.group; + keep = 7; + extraConfig = '' + compress + ''; + }; + }; + }; fail2ban.enable = true; diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index d7c7a7f..8c54545 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -222,7 +222,12 @@ in include ${pkgs.nginx}/conf/fastcgi.conf; ''; }; - } // { root = "/mnt/medias/iso_linux"; }; + } // { + root = "/mnt/medias/iso_linux"; + extraConfig = '' + access_log /var/log/nginx/$host.log; + ''; + }; }; appendConfig = let rootLocation = config.services.nginx.virtualHosts."stream.nyanlout.re".locations."/".root;