cluster/services/monitoring: use lockmith for loki
This commit is contained in:
parent
9f158f15a4
commit
201f07efc3
4 changed files with 18 additions and 5 deletions
|
@ -78,11 +78,21 @@ in
|
||||||
|
|
||||||
garage = {
|
garage = {
|
||||||
keys = {
|
keys = {
|
||||||
loki = { };
|
loki-ingest.locksmith = {
|
||||||
|
nodes = config.services.monitoring.nodes.logging;
|
||||||
|
format = "envFile";
|
||||||
|
};
|
||||||
|
loki-query.locksmith = {
|
||||||
|
nodes = config.services.monitoring.nodes.logging;
|
||||||
|
format = "envFile";
|
||||||
|
};
|
||||||
tempo = { };
|
tempo = { };
|
||||||
};
|
};
|
||||||
buckets = {
|
buckets = {
|
||||||
loki-chunks.allow.loki = [ "read" "write" ];
|
loki-chunks.allow = {
|
||||||
|
loki-ingest = [ "read" "write" ];
|
||||||
|
loki-query = [ "read" ];
|
||||||
|
};
|
||||||
tempo-chunks.allow.tempo = [ "read" "write" ];
|
tempo-chunks.allow.tempo = [ "read" "write" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -8,12 +8,16 @@ let
|
||||||
cfg = config.services.loki;
|
cfg = config.services.loki;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
age.secrets.lokiSecrets.file = ./secrets/loki-secrets.age;
|
|
||||||
links.loki-grpc.protocol = "grpc";
|
links.loki-grpc.protocol = "grpc";
|
||||||
systemd.services.loki = {
|
systemd.services.loki = {
|
||||||
after = [ "wireguard-wgmesh.service" ];
|
after = [ "wireguard-wgmesh.service" ];
|
||||||
serviceConfig.EnvironmentFile = config.age.secrets.lokiSecrets.path;
|
serviceConfig.EnvironmentFile = "/run/locksmith/garage-loki-ingest";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.locksmith.waitForSecrets.loki = [
|
||||||
|
"garage-loki-ingest"
|
||||||
|
];
|
||||||
|
|
||||||
services.loki = {
|
services.loki = {
|
||||||
enable = true;
|
enable = true;
|
||||||
dataDir = "/srv/storage/private/loki";
|
dataDir = "/srv/storage/private/loki";
|
||||||
|
|
Binary file not shown.
|
@ -9,7 +9,6 @@ in with hosts;
|
||||||
"cluster/services/dns/acme-dns-db-credentials.age".publicKeys = max ++ map systemKeys [ checkmate VEGAS prophet ];
|
"cluster/services/dns/acme-dns-db-credentials.age".publicKeys = max ++ map systemKeys [ checkmate VEGAS prophet ];
|
||||||
"cluster/services/monitoring/secrets/grafana-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
|
"cluster/services/monitoring/secrets/grafana-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
|
||||||
"cluster/services/monitoring/secrets/grafana-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
|
"cluster/services/monitoring/secrets/grafana-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
|
||||||
"cluster/services/monitoring/secrets/loki-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
|
||||||
"cluster/services/monitoring/secrets/secret-monitoring/blackbox.age".publicKeys = max ++ map systemKeys [ checkmate grail prophet ];
|
"cluster/services/monitoring/secrets/secret-monitoring/blackbox.age".publicKeys = max ++ map systemKeys [ checkmate grail prophet ];
|
||||||
"cluster/services/monitoring/secrets/tempo-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
"cluster/services/monitoring/secrets/tempo-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||||
"cluster/services/storage/secrets/heresy-encryption-key.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
"cluster/services/storage/secrets/heresy-encryption-key.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||||
|
|
Loading…
Reference in a new issue