From c65057ded3440cccbe9f2ff83927efd6ea406bf4 Mon Sep 17 00:00:00 2001
From: Christine Elisabeth Koppel <kuutruu@posteo.net>
Date: Sat, 14 Feb 2026 16:25:46 +0100
Subject: [PATCH] Grafana Alloy and Loki Additions.

---
 .../modules/system/gramethus.nix              | 81 ++++++++++++++++---
 1 file changed, 70 insertions(+), 11 deletions(-)

diff --git a/nix-system-configs/modules/system/gramethus.nix b/nix-system-configs/modules/system/gramethus.nix
index ed96a8c..046186e 100644
--- a/nix-system-configs/modules/system/gramethus.nix
+++ b/nix-system-configs/modules/system/gramethus.nix
@@ -13,6 +13,38 @@
       fsType = "ext4";
     };
   };
+
+  environment.etc."alloy/config.alloy" = {
+    text = ''
+      server:
+        http_listen_port: 28183
+        grpc_listen_port: 0
+
+      logs:
+        # keep positions persistent on disk (don't use /tmp in production)
+        positions:
+          filename: /var/lib/grafana-agent/positions.yaml
+
+        configs:
+          - name: journal
+            journal:
+              # keep similar rotation / lookback to your promtail config
+              max_age: 12h
+              labels:
+                job: systemd-journal
+                host: chrysalis
+
+            clients:
+              - url: http://127.0.0.1:3100/loki/api/v1/push
+
+            relabel_configs:
+              - source_labels: ["__journal__systemd_unit"]
+                target_label: "unit"
+    '';
+    owner = "root";
+    group = "root";
+    mode = "0644";
+  };
 in {
   options.local = {
     hostname = lib.mkOption {
@@ -105,15 +137,42 @@ in {
       ];
     };
 
-    #services.loki = {
-    #   enable = true;
-    #
-    #  configuration = {
-    #    auth_enabled = false;
-    #     server.http_listen_port = 3100;
-    #
-    #     # etc.
-    #   };
+    services.loki = {
+      enable = true;
+
+      configuration = {
+        auth_enabled = false;
+        server.http_listen_port = 3100;
+
+        # etc.
+      };
+    };
+
+    services.alloy = {
+      enable = true;
+    };
+
+    # Add a simple systemd service to run the Grafana Agent (Alloy)
+    systemd.services.grafana-agent = {
+      description = "Grafana Alloy  - journal -> loki";
+      wantedBy = ["multi-user.target"];
+
+      serviceConfig = {
+        # Ensure persistent dir for positions exists
+        ExecStartPre = ''
+          mkdir -p /var/lib/grafana-agent
+          chown root:root /var/lib/grafana-agent
+        '';
+
+        # The grafana-agent binary provided by nixpkgs
+        ExecStart = ''
+          ${pkgs.grafana-alloy}/bin/grafana-alloy --config.file /etc/alloy/config.alloy
+        '';
+
+        Restart = "on-failure";
+        RestartSec = "5s";
+      };
+    };
 
     # or alternatively
     #configFile = ./loki-config.yaml;
@@ -122,7 +181,7 @@ in {
     # Enable Tailscale for remote access to Traefik dashboard and configuration
     services.tailscale.enable = true;
 
-    networking.firewall.allowedTCPPorts = [3005];
-    networking.firewall.allowedUDPPorts = [3005];
+    networking.firewall.allowedTCPPorts = [3000];
+    networking.firewall.allowedUDPPorts = [3000];
   };
 }