diff options
| author | Martin Fischer <martin@push-f.com> | 2025-08-24 08:15:37 +0200 |
|---|---|---|
| committer | Martin Fischer <martin@push-f.com> | 2025-08-27 19:31:43 +0200 |
| commit | 63e381fc495cc3ef7a4afd1265b2e9722d56d317 (patch) | |
| tree | 8114e61dbf7107d8fd414c5c5456c9fcb98b37a6 | |
| parent | 565fffe39d8bc511fa0feb98a245f20295f806fd (diff) | |
refactor: generate Alloy config from nix attribute set
| -rw-r--r-- | nixos/helpers.nix | 11 | ||||
| -rw-r--r-- | nixos/hosts/tente/monitoring.nix | 272 | ||||
| -rw-r--r-- | nixos/shared/alloy-nix-config/alloy_nix_config.go | 129 | ||||
| -rw-r--r-- | nixos/shared/alloy-nix-config/default.nix | 8 | ||||
| -rw-r--r-- | nixos/shared/alloy-nix-config/go.mod | 3 |
5 files changed, 275 insertions, 148 deletions
diff --git a/nixos/helpers.nix b/nixos/helpers.nix index cadf230..f8f1384 100644 --- a/nixos/helpers.nix +++ b/nixos/helpers.nix @@ -60,6 +60,17 @@ '}'; ''; + writeAlloyConfig = cfg: + let + alloy-nix-config = "${pkgs.callPackage <top/shared/alloy-nix-config> {}}/bin/alloy-nix-config"; + in + pkgs.runCommand "generated-config" {} '' + ${alloy-nix-config} ${pkgs.writeText "input.json" (builtins.toJSON cfg)} $out + # FUTURE: run alloy validate + ''; + + alloyConfigRef = s: { "$ref" = s; }; + joinWgNamespace = ns: cfg: lib.attrsets.recursiveUpdate cfg { bindsTo = ["netns@${ns}.service"]; diff --git a/nixos/hosts/tente/monitoring.nix b/nixos/hosts/tente/monitoring.nix index 545ae24..a999c8a 100644 --- a/nixos/hosts/tente/monitoring.nix +++ b/nixos/hosts/tente/monitoring.nix @@ -2,6 +2,7 @@ let cfg = config.monitoring; + helpers = import <top/helpers.nix> { inherit config lib pkgs; }; in { options.monitoring = { @@ -166,159 +167,134 @@ in services.alloy = { enable = true; extraFlags = ["--server.http.listen-addr=0.0.0.0:${toString cfg.alloyUiPort}"]; - # TODO: submit PR to nixpkgs so that the alloy config can be specified as a JSON expression - configPath = pkgs.writeText "config.alloy" '' - loki.source.journal "journal" { - max_age = "12h0m0s" - relabel_rules = discovery.relabel.journal.rules - forward_to = [loki.process.journal.receiver] - labels = { - host = "tente", - job = "systemd-journal", - } - } - - loki.process "journal" { - forward_to = [loki.write.default.receiver] - - stage.match { - // Select messages from systemd services that have LogExtraFields=LOG_FORMAT=logfmt. - selector = "{__journal_LOG_FORMAT=\"logfmt\"}" - stage.logfmt { - mapping = { time = "", level = "" } - } - stage.timestamp { - source = "time" - format = "RFC3339" - } - stage.template { - // The slog package of the Go standard library prints levels as uppercase. - source = "level" - template = "{{ ToLower .Value }}" - } - stage.structured_metadata { - values = { level = "" } - } - } - } - - discovery.relabel "journal" { - targets = [] - - rule { - source_labels = ["__journal__systemd_unit"] - target_label = "unit" - } - } - - loki.source.file "nginx_access" { - targets = local.file_match.nginx_access.targets - forward_to = [loki.process.nginx_access.receiver] - } - - local.file_match "nginx_access" { - path_targets = [{ - __path__ = "/var/log/nginx/*.access.log", - }] - } - - loki.process "nginx_access" { - forward_to = [loki.write.default.receiver] - - stage.static_labels { - values = { - job = "nginx", - } - } - - // Extracting the log file name as vhost because it's more convenient - // to query for than the full filename. We could also use server_name - // but there could be wildcard server_names and Loki labels should have - // a low cardinality for performance reasons. - stage.regex { - source = "filename" - expression = "(?P<vhost>[^/]+)\\.access\\.log$" - } - - stage.labels { - values = { - vhost = "", - } - } - - stage.json { - expressions = { "msec" = "", path = "" } - } - - stage.timestamp { - source = "msec" - format = "Unix" - } - - // Setting level=info to prevent Loki's log level detection from wrongly - // detecting messages with paths containing "error" as errors. - // Creating the filetype entry via stage.template because there's no - // static_structured_metadata stage yet. (https://github.com/grafana/loki/issues/16703) - stage.template { - source = "level" - template = "info" - } - stage.structured_metadata { - values = { level = "" } - } - - stage.labels { - values = { - // Temporarily adding path as a label so that we can use it in the match selectors. - path = "", - } - } - - stage.match { - selector = "{path=~\"/\\\\.well-known/.*\"}" - // Creating the filetype entry via stage.template because there's no - // static_structured_metadata stage yet. (https://github.com/grafana/loki/issues/16703) - stage.template { - source = "filetype" - template = "well-known" - } - } + configPath = + let + ref = helpers.alloyConfigRef; + in + helpers.writeAlloyConfig { + "loki.source.journal".journal = { + max_age = "12h0m0s"; + relabel_rules = ref "discovery.relabel.journal.rules"; + forward_to = [(ref "loki.process.journal.receiver")]; + labels = { + host = "tente"; + job = "systemd-journal"; + }; + }; + "loki.process".journal = { + forward_to = [(ref "loki.write.default.receiver")]; + blocks = [ + { + name = "stage.match"; + # Select messages from systemd services that have LogExtraFields=LOG_FORMAT=logfmt. + selector = ''{__journal_LOG_FORMAT="logfmt"}''; + blocks = [ + { name = "stage.logfmt"; mapping = { time = ""; level = ""; }; } + { name = "stage.timestamp"; source = "time"; format = "RFC3339"; } + { + # The slog package of the Go standard library prints levels as uppercase. + name = "stage.template"; + source = "level"; + template = "{{ ToLower .Value }}"; + } + { name = "stage.structured_metadata"; values = { level = ""; }; } + ]; + } + ]; + }; + "discovery.relabel".journal = { + targets = []; + blocks = [ + { + name = "rule"; + source_labels = ["__journal__systemd_unit"]; + target_label = "unit"; + } + ]; + }; - stage.match { - selector = "{path=\"/robots.txt\"}" - stage.template { - source = "filetype" - template = "robots.txt" - } - } + "loki.source.file".nginx_access = { + targets = ref "local.file_match.nginx_access.targets"; + forward_to = [(ref "loki.process.nginx_access.receiver")]; + }; + "local.file_match".nginx_access = { + path_targets = [{ + __path__ = "/var/log/nginx/*.access.log"; + }]; + }; + "loki.process".nginx_access = { + forward_to = [(ref "loki.write.default.receiver")]; + blocks = [ + { name = "stage.static_labels"; values = { job = "nginx"; }; } - stage.match { - selector = "{path=~\".*\\\\.atom$\"}" - stage.template { - source = "filetype" - template = "feed" - } - } + { + # Extracting the log file name as vhost because it's more convenient + # to query for than the full filename. We could also use server_name + # but there could be wildcard server_names and Loki labels should have + # a low cardinality for performance reasons. + name = "stage.regex"; + source = "filename"; + expression = "(?P<vhost>[^/]+)\\.access\\.log$"; + } - stage.structured_metadata { - values = { - filetype = "", - } - } + { name = "stage.labels"; values = { vhost = ""; }; } + { name = "stage.json"; expressions = { msec = ""; path = ""; }; } + { name = "stage.timestamp"; source = "msec"; format = "Unix"; } + { + # Setting level=info to prevent Loki's log level detection from wrongly + # detecting messages with paths containing "error" as errors. + # Creating the filetype entry via stage.template because there's no + # static_structured_metadata stage yet. (https://github.com/grafana/loki/issues/16703) + name = "stage.template"; + source = "level"; + template = "info"; + } + { name = "stage.structured_metadata"; values = { level = ""; }; } - // Dropping path again because it has a too high cardinality for a label. - stage.label_drop { - values = [ "path" ] - } - } + # Temporarily adding path as a label so that we can use it in the match selectors. + { name = "stage.labels"; values = { path = ""; }; } + { + name = "stage.match"; + selector = "{path=~\"/\\\\.well-known/.*\"}"; + # Creating the filetype entry via stage.template because there's no + # static_structured_metadata stage yet. (https://github.com/grafana/loki/issues/16703) + blocks = [ + { name = "stage.template"; source = "filetype"; template = "well-known"; } + ]; + } + { + name = "stage.match"; + selector = "{path=\"/robots.txt\"}"; + blocks = [ + { name = "stage.template"; source = "filetype"; template = "robots.txt"; } + ]; + } + { + name = "stage.match"; + selector = "{path=~\".*\\\\.atom$\"}"; + blocks = [ + { name = "stage.template"; source = "filetype"; template = "feed"; } + ]; + } + { + name = "stage.structured_metadata"; + values = { filetype = ""; }; + } - loki.write "default" { - endpoint { - url = "http://127.0.0.1:${toString cfg.lokiPort}/loki/api/v1/push" - } - external_labels = {} - } - ''; + # Dropping path again because it has a too high cardinality for a label. + { name = "stage.label_drop"; values = ["path"]; } + ]; + }; + "loki.write".default = { + blocks = [ + { + name = "endpoint"; + url = "http://127.0.0.1:${toString cfg.lokiPort}/loki/api/v1/push"; + } + ]; + external_labels = {}; + }; + }; }; }; } diff --git a/nixos/shared/alloy-nix-config/alloy_nix_config.go b/nixos/shared/alloy-nix-config/alloy_nix_config.go new file mode 100644 index 0000000..4b6eb63 --- /dev/null +++ b/nixos/shared/alloy-nix-config/alloy_nix_config.go @@ -0,0 +1,129 @@ +package main + +import ( + "encoding/json" + "fmt" + "maps" + "os" + "slices" + "strconv" + "strings" +) + +func main() { + if len(os.Args) != 3 { + fmt.Fprintf(os.Stderr, "usage: %s <json_path> <out_path>\n", os.Args[0]) + os.Exit(1) + } + + jsonPath := os.Args[1] + outPath := os.Args[2] + + jsonData, err := os.ReadFile(jsonPath) + if err != nil { + fmt.Fprintf(os.Stderr, "error reading file %s: %v\n", jsonPath, err) + os.Exit(1) + } + + // It would be nice to preserve the order of blocks ... except that we can't + // because Nix already doesn't preserve the order of attribute sets. + var config map[string]any + if err := json.Unmarshal(jsonData, &config); err != nil { + fmt.Fprintf(os.Stderr, "error parsing JSON: %v\n", err) + os.Exit(1) + } + + result := formatConfig(config) + + if err := os.WriteFile(outPath, []byte(result), 0644); err != nil { + fmt.Fprintf(os.Stderr, "error writing file %s: %v\n", outPath, err) + os.Exit(1) + } +} + +func formatConfig(config map[string]any) string { + var s strings.Builder + + for _, blockName := range slices.Sorted(maps.Keys(config)) { + labels := config[blockName] + + if labelsMap, ok := labels.(map[string]any); ok { + for label, block := range labelsMap { + if blockMap, ok := block.(map[string]any); ok { + s.WriteString(formatBlock(blockName, label, blockMap, 0)) + } + } + } + } + + return s.String() +} + +func formatBlock(blockName string, label string, block map[string]any, indent int) string { + var s strings.Builder + + s.WriteString(strings.Repeat(" ", indent)) + s.WriteString(blockName) + if label != "" { + s.WriteString(fmt.Sprintf(` %s`, strconv.Quote(label))) + } + s.WriteString(" {\n") + + var blocks []any + if blocksValue, exists := block["blocks"]; exists { + if blocksList, ok := blocksValue.([]any); ok { + blocks = blocksList + } + delete(block, "blocks") + } + + for _, key := range slices.Sorted(maps.Keys(block)) { + s.WriteString(strings.Repeat(" ", indent+1)) + s.WriteString(fmt.Sprintf("%s = %s\n", key, formatValue(block[key]))) + } + + for _, blockItem := range blocks { + if blockMap, ok := blockItem.(map[string]any); ok { + var name string + if nameValue, exists := blockMap["name"]; exists { + if nameStr, ok := nameValue.(string); ok { + name = nameStr + } + delete(blockMap, "name") + } + + s.WriteString(formatBlock(name, "", blockMap, indent+1)) + } + } + + s.WriteString(strings.Repeat(" ", indent)) + s.WriteString("}\n") + + return s.String() +} + +func formatValue(value any) string { + switch v := value.(type) { + case string: + return strconv.Quote(v) + case map[string]any: + if ref, exists := v["$ref"]; exists { + if refStr, ok := ref.(string); ok { + return refStr + } + } + var parts []string + for _, name := range slices.Sorted(maps.Keys(v)) { + parts = append(parts, fmt.Sprintf("%s=%s,", name, formatValue(v[name]))) + } + return "{" + strings.Join(parts, " ") + "}" + case []any: + var parts []string + for _, item := range v { + parts = append(parts, formatValue(item)) + } + return "[" + strings.Join(parts, ", ") + "]" + default: + return fmt.Sprintf("%v", v) + } +} diff --git a/nixos/shared/alloy-nix-config/default.nix b/nixos/shared/alloy-nix-config/default.nix new file mode 100644 index 0000000..d4efe02 --- /dev/null +++ b/nixos/shared/alloy-nix-config/default.nix @@ -0,0 +1,8 @@ +{ pkgs ? import <nixpkgs> {} }: + +pkgs.buildGoModule { + pname = "alloy-nix-config"; + version = "git"; + src = ./.; + vendorHash = null; +} diff --git a/nixos/shared/alloy-nix-config/go.mod b/nixos/shared/alloy-nix-config/go.mod new file mode 100644 index 0000000..2916089 --- /dev/null +++ b/nixos/shared/alloy-nix-config/go.mod @@ -0,0 +1,3 @@ +module push-f.com/alloy-nix-config + +go 1.24.5 |