erwin/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Wiki Activity Actions

valkyrie: Configure promtail for unbound

Browse source
This commit is contained in:
Erwin Boskma 2024-05-08 16:50:40 +02:00
parent 34b5e5f21b
commit 86d99c9095
Signed by: erwin
SSH key fingerprint: SHA256:/Wk1WZdLg+vQHs3in9qq7PsIp8SMzwGSk/RLZ5zPuZk
2 changed files with 54 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
machines/valkyrie/promtail/default.nix
View file

@ -24,6 +24,38 @@
}
];
}
{
job_name = "unbound";
static_configs = [
{
labels = {
job = "unbound";
__path__ = "/var/lib/unbound/unbound.log";
};
}
];
pipeline_stages = [
{ labeldrop = [ "filename" ]; }
{
match = {
selector = ''{job="unbound"} |~ " start | stopped |.*in-addr.arpa."'';
action = "drop";
};
}
{
match = {
selector = ''{job="unbound"} |= "reply:"'';
stages = [ { static_labels.dns = "reply"; } ];
};
}
{
match = {
selector = ''{job="unbound"} |~ "redirect |always_null|always_nxdomain"'';
stages = [ { static_labels.dns = "block"; } ];
};
}
];
}
];
server = {

23
machines/valkyrie/unbound/default.nix
View file

@ -1,3 +1,4 @@
{ config, ... }:
{
services = {
unbound = {
@ -7,7 +8,11 @@
server = {
# Setting logfile to an empty string outputs to stderr
log-queries = false;
verbosity = 1;
log-replies = true;
log-tag-queryreply = true;
log-local-actions = true;
logfile = "/var/log/unbound/unbound.log";
verbosity = 0;
port = 5335;
do-ip4 = true;
@ -93,5 +98,21 @@
unbound.host = "unix:///run/unbound/unbound.ctl";
};
};
logrotate = {
settings = {
unbound = {
files = [ "/var/log/unbound/unbound.log" ];
frequency = "daily";
rotate = 7;
compress = true;
delaycompress = true;
notifempty = true;
postrotate = ''
${config.services.unbound.package}/bin/unbound-control log_reopen
'';
};
};
};
};
}