Setup ssh/promtail/loki for grafana ssh dashboard

2024-06-13 21:37:38 +08:00 · 2024-06-13 21:37:38 +08:00 · 0b4ce24253
parent 18181f9085
commit 0b4ce24253
4 changed files with 122 additions and 0 deletions
--- a/nixos/common/global/ssh.nix
+++ b/nixos/common/global/ssh.nix
@ -6,8 +6,16 @@
    settings = {
      PermitRootLogin = "no";
      PasswordAuthentication = false;
+      LogLevel = "VERBOSE";
    };
    ports = [ 62841 ];
    openFirewall = true;
  };
+
+  services.rsyslogd = {
+    enable = true;
+    extraConfig = ''
+      if $programname == 'sshd' then /var/log/sshd.log
+    '';
+  };
 }
--- a/nixos/viridian/services/default.nix
+++ b/nixos/viridian/services/default.nix
@ -13,5 +13,7 @@
    ./mysql.nix
    ./prometheus.nix
    ./endlessh-go.nix
+    ./promtail.nix
+    ./loki.nix
  ];
 }
--- a/nixos/viridian/services/loki.nix
+++ b/nixos/viridian/services/loki.nix
@ -0,0 +1,81 @@
+{ ... }:
+
+{
+  services.loki = {
+    enable = true;
+    configuration = {
+      server.http_listen_port = 3030;
+      auth_enabled = false;
+
+      ingester = {
+        lifecycler = {
+          address = "127.0.0.1";
+          ring = {
+            kvstore = {
+              store = "inmemory";
+            };
+            replication_factor = 1;
+          };
+        };
+        chunk_idle_period = "1h";
+        max_chunk_age = "1h";
+        chunk_target_size = 999999;
+        chunk_retain_period = "30s";
+        # max_transfer_retries = 0;
+      };
+
+      schema_config = {
+        configs = [{
+          from = "2022-06-06";
+          store = "boltdb-shipper";
+          object_store = "filesystem";
+          schema = "v13";
+          index = {
+            prefix = "index_";
+            period = "24h";
+          };
+        }];
+      };
+
+      storage_config = {
+        boltdb_shipper = {
+          active_index_directory = "/var/lib/loki/boltdb-shipper-active";
+          cache_location = "/var/lib/loki/boltdb-shipper-cache";
+          cache_ttl = "24h";
+          # shared_store = "filesystem";
+        };
+
+        filesystem = {
+          directory = "/var/lib/loki/chunks";
+        };
+      };
+
+      limits_config = {
+        reject_old_samples = true;
+        reject_old_samples_max_age = "168h";
+        allow_structured_metadata = false;  # IDK it said add this to fix some error
+      };
+
+      # chunk_store_config = {
+      #   max_look_back_period = "0s";
+      # };
+
+      table_manager = {
+        retention_deletes_enabled = false;
+        retention_period = "0s";
+      };
+
+      compactor = {
+        working_directory = "/var/lib/loki";
+        # shared_store = "filesystem";
+        compactor_ring = {
+          kvstore = {
+            store = "inmemory";
+          };
+        };
+      };
+    };
+    # user, group, dataDir, extraFlags, (configFile)
+  };
+}
+
--- a/nixos/viridian/services/promtail.nix
+++ b/nixos/viridian/services/promtail.nix
@ -0,0 +1,31 @@
+{ config, ... }:
+
+{
+  services.promtail = {
+    enable = true;
+    configuration = {
+      server = {
+        http_listen_port = 9080;
+        grpc_listen_port = 0;
+      };
+      positions = {
+        filename = "/tmp/positions.yaml";
+      };
+      clients = [{
+        url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}/loki/api/v1/push";
+      }];
+      scrape_configs = [{
+        job_name = "system";
+        static_configs = [{
+          targets = [ "localhost" ]; # Promtail target is localhost
+          labels = {
+            instance = "viridian.kanto.dev"; # Label identifier for instance
+            env = "kanto"; # Environment label
+            job = "secure"; # Job label
+            __path__ = "/var/log/sshd.log";
+          };
+        }];
+      }];
+    };
+  };
+}