mezned/HAddons
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

adding node exporter, loki, and promtail

Browse Source
This commit is contained in:
ai-dev
2024-10-30 20:26:28 +01:00
parent b1dbbe1a8b
commit b840c65795
87 changed files with 2372 additions and 2366 deletions
Download Patch File Download Diff File Expand all files Collapse all files

126
loki/.README.j2 Normal file
View File

@ -0,0 +1,126 @@
# Home Assistant Add-on: Loki
[![GitHub Release][releases-shield]][releases]
![Project Stage][project-stage-shield]
[![License][license-shield]][license]
![Project Maintenance][maintenance-shield]
[![Community Forum][forum-shield]][forum]
_Like Prometheus, but for logs!_
{% set repository = namespace(url='https%3A//github.com/mdegat01/hassio-addons', slug='39bd2704') %}
{% if channel == "edge" %}
{% set repository.url = repository.url + '-edge' %}
{% set repository.slug = '7eb274d5' %}
## WARNING! THIS IS AN EDGE REPOSITORY
This Add-ons repository contains edge builds of add-ons. Edge
builds of add-ons are based upon the latest development version.
- They may not work at all.
- They might stop working at any time.
- They could have a negative impact on your system.
This repository was created for:
- Anybody willing to test.
- Anybody interested in trying out upcoming add-ons or add-on features.
- Developers.
If you are more interested in stable releases of these add-ons:
<https://github.com/mdegat01/hassio-addons>
{% elif channel == "beta" %}
{% set repository.url = repository.url + '-beta' %}
{% set repository.slug = 'e9a81774' %}
## WARNING! THIS IS A BETA REPOSITORY
This Add-ons repository contains beta builds of add-ons. Beta
builds of add-ons are based upon the latest release including pre-releases.
- They might stop working at any time.
- They could have a negative impact on your system.
This repository was created for:
- Anybody willing to test.
- Anybody interested in trying out upcoming add-ons or add-on features.
If you are more interested in stable releases of these add-ons:
<https://github.com/mdegat01/hassio-addons>
{% endif %}
## About
[Grafana Loki][loki] is a horizontally-scalable,
highly-available, multi-tenant log aggregation system inspired by Prometheus. It
is designed to be very cost effective and easy to operate. It does not index the
contents of the logs, but rather a set of labels for each log stream.
## Support
Got questions?
You have several ways to get them answered:
- The Home Assistant [Community Forum][forum]. I am
[CentralCommand][forum-centralcommand] there.
- The Home Assistant [Discord Chat Server][discord-ha]. Use the #add-ons channel,
I am CentralCommand#0913 there.
You could also [open an issue here][issue] on GitHub.
## Authors & contributors
The original setup of this repository is by [Mike Degatano][mdegat01].
For a full list of all authors and contributors,
check [the contributor's page][contributors].
## License
MIT License
Copyright (c) 2021-2022 Mike Degatano
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
{% if channel == "edge" %}
[project-stage-shield]: https://img.shields.io/badge/project%20stage-experimental-yellow.svg
{% elif channel == "beta" %}
[project-stage-shield]: https://img.shields.io/badge/project%20stage-beta-orange.svg
{% else %}
[project-stage-shield]: https://img.shields.io/badge/project%20stage-production%20ready-brightgreen.svg
{% endif %}
[contributors]: https://github.com/mdegat01/addon-loki/graphs/contributors
[discord-ha]: https://discord.gg/c5DvZ4e
[forum-centralcommand]: https://community.home-assistant.io/u/CentralCommand/?u=CentralCommand
[forum-shield]: https://img.shields.io/badge/community-forum-brightgreen.svg
[forum]: https://community.home-assistant.io/t/home-assistant-add-on-loki/293731?u=CentralCommand
[loki]: https://grafana.com/oss/loki/
[mdegat01]: https://github.com/mdegat01
[issue]: https://github.com/mdegat01/addon-loki/issues
[license]: https://github.com/mdegat01/addon-loki/blob/main/LICENSE
[license-shield]: https://img.shields.io/github/license/mdegat01/addon-loki.svg
[maintenance-shield]: https://img.shields.io/maintenance/yes/2022.svg
[releases-shield]: https://img.shields.io/github/release/mdegat01/addon-loki.svg
[releases]: https://github.com/mdegat01/addon-loki/releases

213
loki/DOCS.md Normal file
View File

@ -0,0 +1,213 @@
# Home Assistant Add-on: Loki
## Install
First add the repository to the add-on store (`https://mezgit.duckdns.org/mezned/HAddons`):
[![Open your Home Assistant instance and show the add add-on repository dialog
with a specific repository URL pre-filled.][add-repo-shield]][add-repo]
Then find Loki in the store and click install:
[![Open your Home Assistant instance and show the dashboard of a Supervisor add-on.][add-addon-shield]][add-addon]
## Default Setup
If you are also using the Promtail add-on in this repository then by default
Promtail wil ship Loki the systemd journal of the host. That will include all
logs from all addons, supervisor, home assistant, docker, and the host system
itself. No additional configuration is required if that's the setup you want.
The configuration options can be used to encrypt traffic to Loki via SSL or
limit access via mTLS. If you change those though, make sure to update your
Promtail (or whatever client your using) config accordingly.
Additionally, if you are an expert and want to take full control over Loki's
configuration there's an option to provide a custom config file.
## Configuration
**Note**: _Remember to restart the add-on when the configuration is changed._
Example add-on configuration:
```yaml
ssl: true
certfile: fullchain.pem
keyfile: privkey.pem
days_to_keep: 30
log_level: info
```
**Note**: _This is just an example, don't copy and paste it! Create your own!_
### Option: `ssl`
Enables/Disables SSL (HTTPS). Set it `true` to enable it, `false` otherwise.
### Option: `certfile`
The certificate file to use for SSL.
**Note**: _The file MUST be stored in `/ssl/`, which is the default_
### Option: `keyfile`
The private key file to use for SSL.
**Note**: _The file MUST be stored in `/ssl/`, which is the default_
### Option: `cafile`
The CA certificate file used to sign client certificates. If set,cclients will
be required to present a valid client-authentication certificate to connect to
Loki (mTLS).
**Note**: _The file MUST be stored in `/ssl/`, which is the default_
### Option: `days_to_keep`
Number of days of logs to keep, older logs will be purged from the index. If set,
minimum is `1`, defaults to `30` if omitted.
The minimum exists because `0` tells Loki to keep tables indefinitely (and the
addon to grow without bound). See [retention][loki-doc-retention] for more information
on how Loki's Compactor handles retention.
**Note**: This sets an environmental variable referenced in the [default config][addon-default-config].
If you use `config_path` below it is ignored unless you reference the same variable.
### Option: `config_path`
Absolute path to a custom config file for Loki. By default this addon will run
Loki using the config file [here][addon-default-config]. If you would prefer different
options then you can create your own config file to use instead and provide the
path to it.
Review the [documentation][loki-doc] to learn about creating a config file for
Loki. You can also see examples [here][loki-doc-examples]. I would also strongly
recommend reading the [Loki best practices][loki-doc-best-practices] guide before
proceeding with a custom config.
**Note**: `http_listen_address`, `http_listen_port` and `log_level` are set by
the add-on via CLI params so they cannot be changed. Everything else can be configured
in your file.
### Option: `log_level`
The `log_level` option controls the level of log output by the addon and can
be changed to be more or less verbose, which might be useful when you are
dealing with an unknown issue. Possible values are:
- `debug`: Shows detailed debug information.
- `info`: Normal (usually) interesting events.
- `warning`: Exceptional occurrences that are not errors.
- `error`: Runtime errors that do not require immediate action.
Please note that each level automatically includes log messages from a
more severe level, e.g., `debug` also shows `info` messages. By default,
the `log_level` is set to `info`, which is the recommended setting unless
you are troubleshooting.
### Port: `3100/tcp`
This is the port that Loki is listening on and that clients such as Promtail
should point at.
**Note**: If you just want to send logs from the Promtail add-on to this one
you can leave this disabled. Setting it exposes the port on the host so you
only need to do that if you want other systems to ship logs to Loki.
## PLG Stack (Promtail, Loki and Grafana)
Loki isn't a standalone application, it doesn't do anything until you set up another
utility to send logs to it. It's job is to receive logs, index them, and make them
available to analysis tools such as Grafana. Loki typically expects to be deployed
in the full PLG stack:
- Promtail to process and ship logs
- Loki to aggregate and index them
- Grafana to visualize and monitor them
### Promtail
Promtail is also made by Grafana, its only job is to scrape logs and send them
to Loki. The easiest way to get it set up is to install the
Promtail add-on in this same repository.
[![Open your Home Assistant instance and show the dashboard of a Supervisor add-on.][add-addon-shield]][add-addon-promtail]
This isn't the only way to get logs into Loki though. You may want to deploy
Promtail yourself to ship logs from other systems, you can find installation
instructions for that [here][promtail-doc-installation].
Other clients besides Promtail can also be configured to ship their logs to
Loki. The list of supported clients and how to set them up can be found [here][loki-doc-clients]
### Grafana
Grafana's flagship product is their [analysis and visualization tool][grafana]
and it is very easy to connect that to Loki (as you'd likely expect). They have
a guide on how to connect the two [here][loki-in-grafana].
The easiest way to install Grafana is to use the
Grafana community add-on. From there you can follow the guide above to add Loki
as a data source. When prompted for Loki's URL in the Grafana add-on, use `http://39bd2704-loki:3100`
(or `https://39bd2704-loki:3100` if you enabled SSL).
[![Open your Home Assistant instance and show the dashboard of a Supervisor add-on.][add-addon-shield]][add-addon-grafana]
### LogCLI
Not required, but if you want to be able to interface with Loki via the
commandline for testing or scripting purposes you can set up [LogCLI][logcli].
This will then let you query Loki using [LogQL][logql].
To make LogCLI accessible in the SSH add-ons you can set this install script
to run on startup of the add-on:
```bash
#!/bin/bash
# Set up LogCLI (not available in alpine linux)
# On 2.1.0 (see https://github.com/grafana/loki/releases )
VERSION=2.1.0
APKARCH="$(apk --print-arch)"
case "$APKARCH" in
x86_64) BINARCH='amd64' ;;
armhf) BINARCH='arm' ;;
armv7) BINARCH='arm' ;;
aarch64) BINARCH='arm64' ;;
*) echo >&2 "error: unsupported architecture ($APKARCH)"; exit 1 ;;
esac
curl -J -L -o /tmp/logcli.zip "https://github.com/grafana/loki/releases/download/v${VERSION}/logcli-linux-${BINARCH}.zip"
unzip /tmp/logcli.zip -d /usr/bin
mv "/usr/bin/logcli-linux-${BINARCH}" /usr/bin/logcli
chmod a+x /usr/bin/logcli
rm -f /tmp/logcli.zip
```
You also need to add the following to your `.bash_profile` or `.zshrc` file:
```bash
export LOKI_ADDR=http://39bd2704-loki:3100
```
Switch to `https` if you enabled SSL. The LogCLI doc has the full list of
possible exports you may need depending on how you deployed Loki.
## Changelog & Releases
This repository keeps a change log using [GitHub's releases][releases]
functionality.
Releases are based on [Semantic Versioning][semver], and use the format
of `MAJOR.MINOR.PATCH`. In a nutshell, the version will be incremented
based on the following:
- `MAJOR`: Incompatible or major changes.
- `MINOR`: Backwards-compatible new features and enhancements.
- `PATCH`: Backwards-compatible bugfixes and package updates.

99
loki/Dockerfile Normal file
View File

@ -0,0 +1,99 @@
# https://github.com/hassio-addons/addon-base/releases
ARG BUILD_FROM=ghcr.io/hassio-addons/base/amd64
# hadolint ignore=DL3006
FROM ${BUILD_FROM}
# https://github.com/grafana/loki/releases
ARG LOKI_VERSION=3.2.1
# add Loki and Nginx
RUN set -eux; \
apk update; \
\
apk add --no-cache --virtual .build-deps \
unzip=6.0-r9 \
; \
APKARCH="$(apk --print-arch)"; \
case "$APKARCH" in \
x86_64) BINARCH='amd64' ;; \
armhf) BINARCH='arm' ;; \
armv7) BINARCH='arm' ;; \
aarch64) BINARCH='arm64' ;; \
*) echo >&2 "error: unsupported architecture ($APKARCH)"; exit 1 ;; \
esac; \
curl -s -J -L -o /tmp/loki.zip \
"https://github.com/grafana/loki/releases/download/v${LOKI_VERSION}/loki-linux-${BINARCH}.zip"; \
unzip /tmp/loki.zip -d /usr/bin; \
mv /usr/bin/loki-linux-${BINARCH} /usr/bin/loki; \
chmod a+x /usr/bin/loki; \
rm /tmp/loki.zip; \
apk del .build-deps; \
\
apk add --no-cache \
ca-certificates=20220614-r0 \
nginx=1.22.0-r1 \
; \
update-ca-certificates; \
nginx -v; \
rm -f -r /etc/nginx; \
mkdir -p \
/var/lib/nginx/tmp/client_body \
/var/lib/nginx/tmp/fastcgi \
/var/lib/nginx/tmp/proxy \
/var/lib/nginx/tmp/scgi \
/var/lib/nginx/tmp/uwsgi \
/var/log/nginx \
/run/nginx \
; \
touch /var/log/nginx/error.log; \
\
echo "Add user for Loki"; \
mkdir -p /data/loki; \
addgroup -S abc; \
adduser -u 12345 -h /data/loki -D -S abc -G abc; \
\
chown -R abc:abc \
/usr/lib/nginx \
/usr/share/nginx \
/var/lib/nginx \
/var/log/nginx \
; \
chmod +x /etc/cont-init.d/nginx.sh;\
chmod +x /etc/services.d/loki/*; \
chmod +x /etc/services.d/nginx/*;
# See https://github.com/grafana/loki/issues/1928
RUN [ ! -e /etc/nsswitch.conf ] && echo 'hosts: files dns' > /etc/nsswitch.conf
COPY --chown=abc:abc rootfs /
WORKDIR /data/loki
# Build arguments
ARG BUILD_ARCH
ARG BUILD_DATE
ARG BUILD_DESCRIPTION
ARG BUILD_NAME
ARG BUILD_REF
ARG BUILD_REPOSITORY
ARG BUILD_VERSION
# Labels
LABEL \
io.hass.name="${BUILD_NAME}" \
io.hass.description="${BUILD_DESCRIPTION}" \
io.hass.arch="${BUILD_ARCH}" \
io.hass.type="addon" \
io.hass.version=${BUILD_VERSION} \
maintainer="mdegat01" \
org.opencontainers.image.title="${BUILD_NAME}" \
org.opencontainers.image.description="${BUILD_DESCRIPTION}" \
org.opencontainers.image.vendor="mdegat01's Home Assistant Add-ons" \
org.opencontainers.image.authors="mdegat01" \
org.opencontainers.image.licenses="MIT" \
org.opencontainers.image.url="https://github.com/mdegat01/hassio-addons" \
org.opencontainers.image.source="https://github.com/${BUILD_REPOSITORY}" \
org.opencontainers.image.documentation="https://github.com/${BUILD_REPOSITORY}/blob/main/README.md" \
org.opencontainers.image.created=${BUILD_DATE} \
org.opencontainers.image.revision=${BUILD_REF} \
org.opencontainers.image.version=${BUILD_VERSION}

139
loki/apparmor.txt Normal file
View File

@ -0,0 +1,139 @@
include <tunables/global>
# Docker overlay
@{docker_root}=/docker/ /var/lib/docker/
@{fs_root}=/ @{docker_root}/overlay2/*/diff/
@{do_etc}=@{fs_root}/etc/
@{do_opt}=@{fs_root}/opt/
@{do_run}=@{fs_root}/{run,var/run}/
@{do_usr}=@{fs_root}/usr/
@{do_var}=@{fs_root}/var/
# Nginx data dirs
@{nginx_data}=@{do_usr}/lib/nginx/ @{do_usr}/share/nginx/ @{do_var}/lib/nginx/
profile loki flags=(attach_disconnected,mediate_deleted) {
include <abstractions/base>
include <abstractions/bash>
# Send signals to child services
signal (send) peer=@{profile_name}//*,
# Network access
network tcp,
network udp,
# Capabilities to run service as non-root
capability kill,
capability dac_override,
capability chown,
capability fowner,
capability fsetid,
capability setuid,
capability setgid,
# S6-Overlay
/init rix,
/bin/** rix,
/usr/bin/** rix,
@{do_etc}/s6*/** r,
@{do_etc}/fix-attrs.d/{,**} r,
@{do_etc}/cont-{init,finish}.d/{,**} rwix,
@{do_etc}/services.d/{,**} rwix,
@{do_run}/{s6,s6-rc*,service}/** rix,
/command/** rix,
/package/** rix,
@{do_run}/{,**} rwk,
/dev/tty rw,
@{do_usr}/lib/locale/{,**} r,
@{do_etc}/ssl/openssl.cnf r,
@{do_etc}/ssl1.1/openssl.cnf r,
@{do_etc}/{group,hosts,passwd,resolv.conf} r,
/dev/null k,
# Needed for v2, not v3
@{do_etc}/s6/** rix,
# Bashio
/usr/lib/bashio/** ix,
/tmp/** rw,
# Options.json & addon data
/data r,
/data/** rw,
# Needed for setup
@{do_etc}/{loki,nginx}/{,**} rw,
@{nginx_data}/{,**} rw,
@{do_var}/log/nginx/{,**} rw,
/{share,ssl}/{,**} r,
# Programs
/usr/bin/loki cx -> loki,
/usr/sbin/nginx Cx -> nginx,
profile loki flags=(attach_disconnected,mediate_deleted) {
include <abstractions/base>
# Receive signals from s6
signal (receive) peer=*_loki,
# Network access
network tcp,
network udp,
network netlink raw,
network unix dgram,
# Addon data
/data/** r,
/data/loki/** rwk,
# Config
@{do_etc}/loki/* r,
/share/** r,
# Runtime usage
owner /tmp/** rwk,
/usr/bin/loki rm,
@{do_etc}/hosts r,
@{do_etc}/{nsswitch,resolv}.conf r,
@{PROC}/sys/net/core/somaxconn r,
@{PROC}/@{pid}/cpuset r,
@{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,
}
profile nginx flags=(attach_disconnected,mediate_deleted) {
include <abstractions/base>
# Receive signals from s6
signal (receive) peer=*_loki,
# Network access
network tcp,
# Capabilities to lower privileges
capability dac_override,
capability mknod,
capability setuid,
capability setgid,
# Allow parent to ptrace
ptrace (read) peer=*_loki,
# Config files
@{do_etc}/nginx/** r,
/ssl/** r,
# Service data
@{do_var}/lib/nginx/tmp/** rw,
@{do_var}/log/nginx/* w,
@{nginx_data}/** r,
# Runtime usage
@{do_run}/nginx.pid rw,
@{PROC}/1/fd/1 w,
/usr/sbin/nginx rm,
@{do_etc}/{group,passwd} r,
@{do_etc}/ssl/openssl.cnf r,
@{do_etc}/ssl1.1/openssl.cnf r,
}
}

9
loki/build.yaml Normal file
View File

@ -0,0 +1,9 @@
---
build_from:
amd64: ghcr.io/hassio-addons/base/amd64:16.3.4
armhf: ghcr.io/hassio-addons/base/armhf:16.3.4
armv7: ghcr.io/hassio-addons/base/armv7:16.3.4
aarch64: ghcr.io/hassio-addons/base/aarch64:16.3.4
codenotary:
base_image: codenotary@frenck.dev
signer: codenotary@degatano.com

34
loki/config.yaml Normal file
View File

@ -0,0 +1,34 @@
---
name: Loki
url: hhttps://mezgit.duckdns.org/mezned/HAddons
version: edge
slug: loki
arch:
- aarch64
- amd64
- armv7
- armhf
description: Loki for Home Assistant
codenotary: codenotary@degatano.com
init: false
startup: system
map:
- share
- ssl
watchdog: http://[HOST]:3101/ready
ports:
3100/tcp:
ports_description:
3100/tcp: HTTP listen port
options:
ssl: false
days_to_keep: 30
log_level: info
schema:
ssl: bool
certfile: str?
keyfile: str?
cafile: str?
days_to_keep: int(1,)?
config_path: str?
log_level: list(trace|debug|info|notice|warning|error|fatal)?

BIN
loki/icon.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 20 KiB

BIN
loki/logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 15 KiB

52
loki/rootfs/etc/cont-init.d/nginx.sh Normal file
View File

@ -0,0 +1,52 @@
#!/usr/bin/with-contenv bashio
# shellcheck shell=bash
# ==============================================================================
# Home Assistant Add-on: Loki
# This file configures nginx
# ==============================================================================
readonly NGINX_SERVERS=/etc/nginx/servers
readonly NGINX_CONF="${NGINX_SERVERS}/direct.conf"
declare certfile
declare keyfile
bashio::config.require.ssl
if bashio::config.true 'ssl'; then
bashio::log.info 'Setting up SSL...'
certfile=$(bashio::config 'certfile')
keyfile=$(bashio::config 'keyfile')
if ! bashio::config.is_empty 'cafile'; then
bashio::log.info 'Setting up mTLS...'
cafile=$(bashio::config 'cafile')
# Absolute path support deprecated 4/21 for release 1.5.0.
# Wait until at least 5/21 to remove
if [[ $cafile =~ ^\/ ]]; then
bashio::log.warning "Providing an absolute path for 'cafile' is deprecated."
bashio::log.warning "Support for absolute paths will be removed in a future release."
bashio::log.warning "Please put your CA file in /ssl and provide a relative path."
else
cafile="/ssl/${cafile}"
fi
if ! bashio::fs.file_exists "${cafile}"; then
bashio::log.fatal
bashio::log.fatal "The file specified for 'cafile' does not exist!"
bashio::log.fatal "Ensure the CA certificate file exists and full path is provided"
bashio::log.fatal
bashio::exit.nok
fi
mv "${NGINX_SERVERS}/direct-mtls.disabled" "${NGINX_CONF}"
sed -i "s#%%cafile%%#${cafile}#g" "${NGINX_CONF}"
else
mv "${NGINX_SERVERS}/direct-ssl.disabled" "${NGINX_CONF}"
fi
sed -i "s#%%certfile%%#${certfile}#g" "${NGINX_CONF}"
sed -i "s#%%keyfile%%#${keyfile}#g" "${NGINX_CONF}"
else
mv "${NGINX_SERVERS}/direct.disabled" "${NGINX_CONF}"
fi

52
loki/rootfs/etc/loki/default-config.yaml Normal file
View File

@ -0,0 +1,52 @@
---
auth_enabled: false
server: {}
ingester:
lifecycler:
address: 127.0.0.1
ring:
kvstore:
store: inmemory
replication_factor: 1
final_sleep: 0s
chunk_idle_period: 1h
max_chunk_age: 1h
chunk_target_size: 1048576
chunk_retain_period: 30s
max_transfer_retries: 0
wal:
dir: /data/loki/wal
schema_config:
configs:
- from: 2020-10-24
store: boltdb-shipper
object_store: filesystem
schema: v11
index:
prefix: index_
period: 24h
storage_config:
boltdb_shipper:
active_index_directory: /data/loki/boltdb-shipper-active
cache_location: /data/loki/boltdb-shipper-cache
cache_ttl: 24h
shared_store: filesystem
filesystem:
directory: /data/loki/chunks
compactor:
working_directory: /data/loki/boltdb-shipper-compactor
shared_store: filesystem
retention_enabled: true
limits_config:
reject_old_samples: true
reject_old_samples_max_age: 168h
retention_period: ${RETENTION_PERIOD:29d}
chunk_store_config:
max_look_back_period: 0s

96
loki/rootfs/etc/nginx/includes/mime.types Normal file
View File

@ -0,0 +1,96 @@
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/svg+xml svg svgz;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/webp webp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
font/woff woff;
font/woff2 woff2;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.oasis.opendocument.graphics odg;
application/vnd.oasis.opendocument.presentation odp;
application/vnd.oasis.opendocument.spreadsheet ods;
application/vnd.oasis.opendocument.text odt;
application/vnd.openxmlformats-officedocument.presentationml.presentation
pptx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
xlsx;
application/vnd.openxmlformats-officedocument.wordprocessingml.document
docx;
application/vnd.wap.wmlc wmlc;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}

15
loki/rootfs/etc/nginx/includes/proxy_params.conf Normal file
View File

@ -0,0 +1,15 @@
proxy_http_version 1.1;
proxy_ignore_client_abort off;
proxy_read_timeout 86400s;
proxy_redirect off;
proxy_send_timeout 86400s;
proxy_max_temp_file_size 0;
proxy_set_header Accept-Encoding "";
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Real-IP $remote_addr;

6
loki/rootfs/etc/nginx/includes/server_params.conf Normal file
View File

@ -0,0 +1,6 @@
root /dev/null;
server_name $hostname;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;

8
loki/rootfs/etc/nginx/includes/ssl_params.conf Normal file
View File

@ -0,0 +1,8 @@
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;

3
loki/rootfs/etc/nginx/includes/upstream.conf Normal file
View File

@ -0,0 +1,3 @@
upstream backend {
server 127.0.0.1:8080;
}

52
loki/rootfs/etc/nginx/nginx.conf Normal file
View File

@ -0,0 +1,52 @@
# Run nginx in foreground.
daemon off;
# Set user
user abc;
# Pid storage location.
pid /var/run/nginx.pid;
# Set number of worker processes.
worker_processes 1;
# Enables the use of JIT for regular expressions to speed-up their processing.
pcre_jit on;
# Write error log to the add-on log.
error_log /proc/1/fd/1 error;
# Load dynamic modules.
include /etc/nginx/modules/*.conf;
# Max num of simultaneous connections by a worker process.
events {
worker_connections 512;
}
http {
include /etc/nginx/includes/mime.types;
log_format homeassistant '[$time_local] $status '
'$http_x_forwarded_for($remote_addr) '
'$request ($http_user_agent)';
access_log off;
client_max_body_size 4G;
default_type application/octet-stream;
gzip on;
keepalive_timeout 65;
sendfile on;
server_tokens off;
tcp_nodelay on;
tcp_nopush on;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
include /etc/nginx/includes/upstream.conf;
include /etc/nginx/servers/*.conf;
}

17
loki/rootfs/etc/nginx/servers/direct-mtls.disabled Normal file
View File

@ -0,0 +1,17 @@
server {
listen 3100 default_server ssl;
include /etc/nginx/includes/server_params.conf;
include /etc/nginx/includes/ssl_params.conf;
include /etc/nginx/includes/proxy_params.conf;
ssl_certificate /ssl/%%certfile%%;
ssl_certificate_key /ssl/%%keyfile%%;
ssl_client_certificate %%cafile%%;
ssl_verify_client on;
location / {
proxy_pass http://backend;
}
}

14
loki/rootfs/etc/nginx/servers/direct-ssl.disabled Normal file
View File

@ -0,0 +1,14 @@
server {
listen 3100 default_server ssl;
include /etc/nginx/includes/server_params.conf;
include /etc/nginx/includes/ssl_params.conf;
include /etc/nginx/includes/proxy_params.conf;
ssl_certificate /ssl/%%certfile%%;
ssl_certificate_key /ssl/%%keyfile%%;
location / {
proxy_pass http://backend;
}
}

10
loki/rootfs/etc/nginx/servers/direct.disabled Normal file
View File

@ -0,0 +1,10 @@
server {
listen 3100 default_server;
include /etc/nginx/includes/server_params.conf;
include /etc/nginx/includes/proxy_params.conf;
location / {
proxy_pass http://backend;
}
}

14
loki/rootfs/etc/nginx/servers/ready.conf Normal file
View File

@ -0,0 +1,14 @@
server {
listen 3101 default_server;
include /etc/nginx/includes/server_params.conf;
include /etc/nginx/includes/proxy_params.conf;
location = /ready {
proxy_pass http://backend;
}
location / {
return 444;
}
}

14
loki/rootfs/etc/services.d/loki/finish Normal file
View File

@ -0,0 +1,14 @@
#!/usr/bin/env bashio
# ==============================================================================
# Home Assistant Add-on: Loki
# Take down the S6 supervision tree when Loki fails
# ==============================================================================
declare APP_EXIT_CODE=${1}
if [[ "${APP_EXIT_CODE}" -ne 0 ]] && [[ "${APP_EXIT_CODE}" -ne 256 ]]; then
bashio::log.warning "Halt add-on with exit code ${APP_EXIT_CODE}"
echo "${APP_EXIT_CODE}" > /run/s6-linux-init-container-results/exitcode
exec /run/s6/basedir/bin/halt
fi

51
loki/rootfs/etc/services.d/loki/run Normal file
View File

@ -0,0 +1,51 @@
#!/usr/bin/with-contenv bashio
# shellcheck shell=bash
# ==============================================================================
# Home Assistant Add-on: Loki
# Runs Loki
# ==============================================================================
readonly BIND_ADDR=127.0.0.1
readonly HTTP_PORT=8080
declare log_level
loki_config='/etc/loki/default-config.yaml'
bashio::log.info 'Starting Loki...'
if bashio::config.exists 'config_path'; then
loki_config=$(bashio::config 'config_path')
bashio::log.info "Using config at ${loki_config}"
else
bashio::log.info "Using default config"
fi
retention_period="$(bashio::config 'days_to_keep' 1)d"
bashio::log.info "Retention period set to ${retention_period}"
export "RETENTION_PERIOD=${retention_period}"
case "$(bashio::config 'log_level')" in \
trace) ;& \
debug) log_level='debug' ;; \
notice) ;& \
warning) log_level='warn' ;; \
error) ;& \
fatal) log_level='error' ;; \
*) log_level='info' ;; \
esac;
bashio::log.info "Loki log level set to ${log_level}"
loki_args=(
"-config.expand-env=true"
"-config.file=${loki_config}"
"-server.http-listen-address=${BIND_ADDR}"
"-server.http-listen-port=${HTTP_PORT}"
"-log.level=${log_level}"
)
if [ "${log_level}" == "debug" ]; then
bashio::log.debug "Logging full config on startup for debugging..."
loki_args+=("-print-config-stderr=true")
fi
bashio::log.info "Handing over control to Loki..."
exec s6-setuidgid abc \
/usr/bin/loki "${loki_args[@]}"

13
loki/rootfs/etc/services.d/nginx/finish Normal file
View File

@ -0,0 +1,13 @@
#!/usr/bin/env bashio
# ==============================================================================
# Home Assistant Add-on: Loki
# Take down the S6 supervision tree when Nginx fails
# ==============================================================================
declare APP_EXIT_CODE=${1}
if [[ "${APP_EXIT_CODE}" -ne 0 ]] && [[ "${APP_EXIT_CODE}" -ne 256 ]]; then
bashio::log.warning "Halt add-on with exit code ${APP_EXIT_CODE}"
echo "${APP_EXIT_CODE}" > /run/s6-linux-init-container-results/exitcode
exec /run/s6/basedir/bin/halt
fi

10
loki/rootfs/etc/services.d/nginx/run Normal file
View File

@ -0,0 +1,10 @@
#!/usr/bin/with-contenv bashio
# shellcheck shell=bash
# ==============================================================================
# Home Assistant Add-on: Loki
# Runs the Nginx daemon
# ==============================================================================
bashio::net.wait_for 8080
bashio::log.info "Starting NGinx..."
exec /usr/sbin/nginx