Browse Source

add promtail and fail2ban

main
Leonora Tindall 1 year ago
parent
commit
977b9ed084
Signed by: nora GPG Key ID: 7A8B52EC67E09AAF
  1. 12
      common/fragments/fail2ban.nix
  2. 79
      common/fragments/loki.nix
  3. 34
      common/fragments/promtail.nix
  4. 3
      hosts/crimespoon/configuration.nix
  5. 2
      hosts/felonyspork/configuration.nix

12
common/fragments/fail2ban.nix

@ -0,0 +1,12 @@
{ config, pkgs, ...}: {
services.fail2ban = {
enable = true;
maxretry = 5;
ignoreIP = [
"127.0.0.0/8"
"10.0.0.0/8"
"172.16.0.0/12"
"192.168.0.0/16"
];
};
}

79
common/fragments/loki.nix

@ -0,0 +1,79 @@
{ config, pkgs, ...}: {
networking.firewall.allowedTCPPorts = [ config.services.loki.configuration.server.http_listen_port ];
services.loki = {
enable = true;
configuration = {
server.http_listen_port = 3030;
auth_enabled = false;
ingester = {
lifecycler = {
address = "127.0.0.1";
ring = {
kvstore = {
store = "inmemory";
};
replication_factor = 1;
};
};
chunk_idle_period = "1h";
max_chunk_age = "1h";
chunk_target_size = 999999;
chunk_retain_period = "30s";
max_transfer_retries = 0;
};
schema_config = {
configs = [{
from = "2022-06-06";
store = "boltdb-shipper";
object_store = "filesystem";
schema = "v11";
index = {
prefix = "index_";
period = "24h";
};
}];
};
storage_config = {
boltdb_shipper = {
active_index_directory = "/var/lib/loki/boltdb-shipper-active";
cache_location = "/var/lib/loki/boltdb-shipper-cache";
cache_ttl = "24h";
shared_store = "filesystem";
};
filesystem = {
directory = "/var/lib/loki/chunks";
};
};
limits_config = {
reject_old_samples = true;
reject_old_samples_max_age = "168h";
};
chunk_store_config = {
max_look_back_period = "0s";
};
table_manager = {
retention_deletes_enabled = false;
retention_period = "0s";
};
compactor = {
working_directory = "/var/lib/loki";
shared_store = "filesystem";
compactor_ring = {
kvstore = {
store = "inmemory";
};
};
};
};
};
}

34
common/fragments/promtail.nix

@ -0,0 +1,34 @@
{ config, pkgs, ...}: {
services.promtail = {
enable = true;
configuration = {
server = {
http_listen_port = 3031;
grpc_listen_port = 0;
};
positions.filename = "/tmp/positions.yml";
clients = [{
url = "http://crimespoon:3030/loki/api/v1/push";
}];
scrape_configs = [{
job_name = "journal";
journal = {
max_age = "12h";
labels = {
job = "systemd-journal";
host = "${config.networking.hostName}";
};
};
relabel_configs = [{
source_labels = [ "__journal__systemd_unit" ];
target_label = "unit";
}];
}];
};
};
}

3
hosts/crimespoon/configuration.nix

@ -12,11 +12,14 @@
../../common/fragments/avahi.nix
../../common/fragments/unifi.nix
../../common/fragments/grafana.nix
../../common/fragments/loki.nix
../../common/fragments/promtail.nix
../../common/fragments/qbittorrent.nix
../../common/fragments/prometheus_exporters.nix
../../common/fragments/syncthing.nix
../../common/fragments/minecraft-server.nix
../../common/fragments/mosh.nix
../../common/fragments/fail2ban.nix
];
# Use the systemd-boot EFI boot loader.

2
hosts/felonyspork/configuration.nix

@ -14,7 +14,9 @@
../../common/fragments/mosh.nix
../../common/fragments/iperf.nix
../../common/fragments/prometheus_exporters.nix
../../common/fragments/promtail.nix
../../common/fragments/ddclient.nix
../../common/fragments/fail2ban.nix
];
# Use the systemd-boot EFI boot loader.

Loading…
Cancel
Save