{ config, lib, ... }: let cfg = config.services.loki; nginxCfg = config.services.nginx; basePath = "/var/lib/loki"; in { age.secrets.loki-basicauth = { file = ./loki-basicauth.age; owner = nginxCfg.user; inherit (nginxCfg) group; }; services.loki = { enable = true; configuration = { auth_enabled = false; server = { http_listen_address = "127.0.0.1"; http_listen_port = 3100; }; common = { path_prefix = basePath; }; ingester = { lifecycler = { address = "127.0.0.1"; ring = { kvstore = { store = "inmemory"; }; replication_factor = 1; }; }; }; compactor = { working_directory = "${basePath}/compactor"; }; schema_config = { configs = [ { from = "2025-02-04"; store = "tsdb"; object_store = "filesystem"; schema = "v13"; index = { prefix = "index_"; period = "24h"; }; } ]; }; storage_config = { filesystem = { directory = "${basePath}/chunks"; }; tsdb_shipper = { active_index_directory = "${basePath}/tsdb-index"; cache_location = "${basePath}/tsdb-cache"; }; }; # Лимиты limits_config = { reject_old_samples = true; reject_old_samples_max_age = "168h"; # Максимальный возраст логов (7 дней) }; }; }; systemd.tmpfiles.rules = lib.mkIf cfg.enable [ "d ${basePath} 0755 ${cfg.user} ${cfg.group} -" ]; services.nginx.virtualHosts."loki.pleshevski.ru" = lib.mkIf cfg.enable { enableACME = true; forceSSL = true; locations."/" = let inherit (cfg.configuration.server) http_listen_port http_listen_address; in { proxyPass = "http://${http_listen_address}:${toString http_listen_port}"; proxyWebsockets = true; basicAuthFile = config.age.secrets.loki-basicauth.path; }; }; }