cluster/services/monitoring: run loki over ways

cluster/services/monitoring/default.nix

@@ -87,8 +87,18 @@ in
     };
   };
 
-  ways.monitoring = {
+  ways = {
+    monitoring = {
       consulService = "grafana";
       extras.locations."/".proxyWebsockets = true;
     };
+    monitoring-logs = {
+      internal = true;
+      consulService = "loki";
+      extras.extraConfig = ''
+        client_max_body_size 4G;
+        proxy_read_timeout 3600s;
+      '';
+    };
+  };
 }

cluster/services/monitoring/grafana-ha.nix

@@ -70,7 +70,7 @@ in
         {
           name = "Loki";
           uid = "P8E80F9AEF21F6940";
-          inherit (loki-ingest) url;
+          inherit (cluster.config.ways.monitoring-logs) url;
           type = "loki";
         }
       ];

cluster/services/monitoring/logging.nix

@@ -104,4 +104,20 @@ in
       querier.max_concurrent = 16;
     };
   };
+
+  consul.services.loki = {
+    definition = {
+      name = "loki";
+      address = loki-ingest.ipv4;
+      inherit (loki-ingest) port;
+      checks = [
+        {
+          name = "Loki";
+          id = "service:loki:backend";
+          interval = "5s";
+          http = "${loki-ingest.url}/ready";
+        }
+      ];
+    };
+  };
 }

cluster/services/ways/default.nix

@@ -11,6 +11,9 @@
   };
 
   dns.records = lib.mapAttrs'
-    (_: cfg: lib.nameValuePair cfg.dnsRecord.name ({ ... }: { imports = [ cfg.dnsRecord.value ]; }))
+    (_: cfg: lib.nameValuePair cfg.dnsRecord.name ({ ... }: {
+      imports = [ cfg.dnsRecord.value ];
+      root = cfg.domainSuffix;
+    }))
     config.ways;
 }

cluster/services/ways/host.nix

@@ -3,6 +3,8 @@
 let
   externalWays = lib.filterAttrs (_: cfg: !cfg.internal) cluster.config.ways;
 
+  internalWays = lib.filterAttrs (_: cfg: cfg.internal) cluster.config.ways;
+
   consulServiceWays = lib.filterAttrs (_: cfg: cfg.useConsul) cluster.config.ways;
 in
 
@@ -14,6 +16,7 @@ in
         imports = [
           cfg.extras
           {
+            listenAddresses = lib.mkIf cfg.internal [ config.reflection.interfaces.vstub.addr ];
             forceSSL = true;
             enableACME = !cfg.internal && !cfg.wildcard;
             useACMEHost = lib.mkMerge [
@@ -84,7 +87,8 @@ in
     };
   };
 
-  consul.services.ways-proxy = {
+  consul.services = {
+    ways-proxy = {
       unit = "nginx";
       mode = "external";
       definition = {
@@ -98,4 +102,19 @@ in
         tags = lib.attrNames externalWays;
       };
     };
+    ways-proxy-internal = {
+      unit = "nginx";
+      mode = "external";
+      definition = {
+        name = "ways-proxy-internal";
+        address = config.reflection.interfaces.vstub.addr;
+        port = 443;
+        checks = lib.singleton {
+          interval = "60s";
+          tcp = "127.0.0.1:80";
+        };
+        tags = lib.attrNames internalWays;
+      };
+    };
+  };
 }

cluster/services/ways/options/way.nix

@@ -29,7 +29,7 @@ with lib;
         description = "DNS record value for this Way.";
         type = types.deferredModule;
         default = {
-          consulService = "${name}.ways-proxy";
+          consulService = "${name}.${if config.internal then "ways-proxy-internal" else "ways-proxy"}";
           rewrite.type = lib.mkIf config.wildcard "regex";
         };
       };
@@ -57,6 +57,12 @@ with lib;
       default = "/.well-known/ways/internal-health-check";
     };
 
+    url = mkOption {
+      type = types.str;
+      readOnly = true;
+      default = "https://${name}.${config.domainSuffix}";
+    };
+
     useConsul = mkOption {
       type = types.bool;
       internal = true;