kookie
/
nomicon
1
0
Fork 0
Code Issues Projects Releases 1 Activity

nixos/promtail: Add a promtail module

Browse Source
wip/yesman
Janne Heß 4 years ago
parent 43b99f23b3
commit 54217cac69
No known key found for this signature in database
GPG Key ID: 69165158F05265DF
3 changed files with 118 additions and 9 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 1
      nixos/modules/module-list.nix
  2. 95
      nixos/modules/services/logging/promtail.nix
  3. 31
      nixos/tests/loki.nix

1
nixos/modules/module-list.nix
Unescape View File

@ -394,6 +394,7 @@
./services/logging/logcheck.nix
./services/logging/logrotate.nix
./services/logging/logstash.nix
./services/logging/promtail.nix
./services/logging/rsyslogd.nix
./services/logging/syslog-ng.nix
./services/logging/syslogd.nix

95
nixos/modules/services/logging/promtail.nix
Unescape View File

@ -0,0 +1,95 @@
{ config, lib, pkgs, ... }: with lib;
let
cfg = config.services.promtail;
prettyJSON = conf: pkgs.runCommandLocal "promtail-config.json" {} ''
echo '${builtins.toJSON conf}' | ${pkgs.buildPackages.jq}/bin/jq 'del(._module)' > $out
'';
in {
options.services.promtail = with types; {
enable = mkEnableOption "the Promtail ingresser";
configuration = mkOption {
type = with lib.types; let
valueType = nullOr (oneOf [
bool
int
float
str
(lazyAttrsOf valueType)
(listOf valueType)
]) // {
description = "JSON value";
emptyValue.value = {};
deprecationMessage = null;
};
in valueType;
description = ''
Specify the configuration for Promtail in Nix.
'';
};
extraFlags = mkOption {
type = listOf str;
default = [];
example = [ "--server.http-listen-port=3101" ];
description = ''
Specify a list of additional command line flags,
which get escaped and are then passed to Loki.
'';
};
};
config = mkIf cfg.enable {
services.promtail.configuration.positions.filename = mkDefault "/var/cache/promtail/positions.yaml";
systemd.services.promtail = {
description = "Promtail log ingress";
wantedBy = [ "multi-user.target" ];
stopIfChanged = false;
serviceConfig = {
Restart = "on-failure";
ExecStart = "${pkgs.grafana-loki}/bin/promtail -config.file=${prettyJSON cfg.configuration} ${escapeShellArgs cfg.extraFlags}";
ProtectSystem = "strict";
ProtectHome = true;
PrivateTmp = true;
PrivateDevices = true;
ProtectKernelTunables = true;
ProtectControlGroups = true;
RestrictSUIDSGID = true;
PrivateMounts = true;
CacheDirectory = "promtail";
User = "promtail";
Group = "promtail";
CapabilityBoundingSet = "";
NoNewPrivileges = true;
ProtectKernelModules = true;
SystemCallArchitectures = "native";
ProtectKernelLogs = true;
ProtectClock = true;
LockPersonality = true;
ProtectHostname = true;
RestrictRealtime = true;
MemoryDenyWriteExecute = true;
PrivateUsers = true;
} // (optionalAttrs (!pkgs.stdenv.isAarch64) { # FIXME: figure out why this breaks on aarch64
SystemCallFilter = "@system-service";
});
};
users.groups.promtail = {};
users.users.promtail = {
description = "Promtail service user";
isSystemUser = true;
group = "promtail";
};
};
}

31
nixos/tests/loki.nix
Unescape View File

@ -12,15 +12,28 @@ import ./make-test-python.nix ({ lib, pkgs, ... }:
enable = true;
configFile = "${pkgs.grafana-loki.src}/cmd/loki/loki-local-config.yaml";
};
systemd.services.promtail = {
description = "Promtail service for Loki test";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = ''
${pkgs.grafana-loki}/bin/promtail --config.file ${pkgs.grafana-loki.src}/cmd/promtail/promtail-local-config.yaml
'';
DynamicUser = true;
services.promtail = {
enable = true;
configuration = {
server = {
http_listen_port = 9080;
grpc_listen_port = 0;
};
clients = [ { url = "http://localhost:3100/loki/api/v1/push"; } ];
scrape_configs = [
{
job_name = "system";
static_configs = [
{
targets = [ "localhost" ];
labels = {
job = "varlogs";
__path__ = "/var/log/*log";
};
}
];
}
];
};
};
};

Write Preview
Loading…
Cancel
Save