Begin moving openbao and authentik server to new setup

Former-commit-id: 8cd2737aca
2025-07-14 23:34:02 +02:00 · 2025-07-14 23:34:02 +02:00 · 7a995baca4
commit 7a995baca4
parent 3a42f156f7
43 changed files with 1006 additions and 481 deletions
--- a/nix/modules/nixos/infrastructure/vault-loki-sender/loki.alloy
+++ b/nix/modules/nixos/infrastructure/vault-loki-sender/loki.alloy
@ -0,0 +1,78 @@
+// Collect logs from systemd journal for node_exporter integration
+loki.source.journal "logs_integrations_integrations_node_exporter_journal_scrape" {
+  // Only collect logs from the last 24 hours
+  max_age       = "24h0m0s"
+  // Apply relabeling rules to the logs
+  relabel_rules = discovery.relabel.logs_integrations_integrations_node_exporter_journal_scrape.rules
+  // Send logs to the local Loki instance
+  forward_to    = [loki.write.local.receiver]
+}
+
+// Define which log files to collect for node_exporter
+local.file_match "logs_integrations_integrations_node_exporter_direct_scrape" {
+  path_targets = [{
+    // Target localhost for log collection
+    __address__ = "localhost",
+    // Collect standard system logs
+    __path__    = "/var/log/{syslog,messages,*.log}",
+    // Add instance label with hostname
+    instance    = constants.hostname,
+    // Add job label for logs
+    job         = "integrations/node_exporter",
+  }]
+}
+
+// Define relabeling rules for systemd journal logs
+discovery.relabel "logs_integrations_integrations_node_exporter_journal_scrape" {
+  targets = []
+
+  rule {
+    // Extract systemd unit information into a label
+    source_labels = ["__journal__systemd_unit"]
+    target_label  = "unit"
+  }
+
+  rule {
+    // Extract boot ID information into a label
+    source_labels = ["__journal__boot_id"]
+    target_label  = "boot_id"
+  }
+
+  rule {
+    // Extract transport information into a label
+    source_labels = ["__journal__transport"]
+    target_label  = "transport"
+  }
+
+  rule {
+    // Extract log priority into a level label
+    source_labels = ["__journal_priority_keyword"]
+    target_label  = "level"
+  }
+
+   rule {
+    // Set the instance label to the hostname of the machine
+    target_label = "instance"
+    replacement  = constants.hostname
+  }
+}
+
+// Collect logs from files for node_exporter
+loki.source.file "logs_integrations_integrations_node_exporter_direct_scrape" {
+  // Use targets defined in local.file_match
+  targets    = local.file_match.logs_integrations_integrations_node_exporter_direct_scrape.targets
+  // Send logs to the local Loki instance
+  forward_to = [loki.write.local.receiver]
+}
+
+// Define where to send logs for storage
+loki.write "local" {
+    endpoint {
+        // Send logs to a locally running Loki instance
+        url = "https://loki.kaareskovgaard.net/loki/api/v1/push"
+        tls_config {
+            cert_file = sys.env("LOKI_CLIENT_CERT")
+            key_file = sys.env("LOKI_CLIENT_KEY")
+        }
+    }
+}