eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
blumeops/ansible/roles/alloy/defaults/main.yml
Erich Blume 2585a960b9 Update alloy build instructions: Go 1.25.7 and codesign step 
SCP'd binaries from another Mac get com.apple.provenance quarantine
and macOS kills them. Ad-hoc codesign (codesign --sign - --force)
resolves this without GUI approval.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-13 16:20:43 -07:00

107 lines
3.5 KiB
YAML
Raw Blame History

---
# Grafana Alloy configuration
#
# BUILDING FROM SOURCE (required for CGO DNS resolution on macOS):
#
# Alloy must be built with CGO_ENABLED=1 to use macOS native DNS resolver,
# which is required for Tailscale MagicDNS hostname resolution.
# The Homebrew bottle is built with CGO_ENABLED=0.
#
# Build on dev machine (gilbert), then copy to indri:
#
# 1. Clone from forge mirror:
# git clone ssh://forgejo@forge.ops.eblu.me:2222/mirrors/alloy.git ~/code/3rd/alloy
#
# 2. Set up build tools via mise:
# cd ~/code/3rd/alloy && mise use go@1.25.7 node yarn
#
# 3. Build with CGO enabled (default in Makefile):
# cd ~/code/3rd/alloy && mise x -- make alloy
#
# 4. Copy binary to indri:
# scp ~/code/3rd/alloy/build/alloy indri:~/.local/bin/alloy
#
# 5. Ad-hoc codesign on indri (SCP'd binaries get quarantined by macOS):
# ssh indri 'codesign --sign - --force ~/.local/bin/alloy'
#
# 6. Run ansible to deploy config and LaunchAgent
# Binary and paths
alloy_binary: /Users/erichblume/.local/bin/alloy
alloy_config_dir: /Users/erichblume/.config/grafana-alloy
alloy_data_dir: /Users/erichblume/.local/share/grafana-alloy
alloy_log_dir: /Users/erichblume/Library/Logs
# Textfile collector directory (same as node_exporter for compatibility)
alloy_textfile_dir: /opt/homebrew/var/node_exporter/textfile
# Prometheus remote write endpoint (k8s via Caddy)
alloy_prometheus_url: "https://prometheus.ops.eblu.me/api/v1/write"
# Loki endpoint (k8s via Caddy)
alloy_loki_url: "https://loki.ops.eblu.me/loki/api/v1/push"
# Instance label for metrics
alloy_instance_label: indri
# Scrape interval
alloy_scrape_interval: "15s"
# Log paths to collect
alloy_brew_logs:
- path: /opt/homebrew/var/log/forgejo.log
service: forgejo
stream: stdout
- path: /opt/homebrew/var/log/tailscaled.log
service: tailscale
stream: stdout
alloy_mcquack_logs:
- path: /Users/erichblume/Library/Logs/mcquack.alloy.out.log
service: alloy
stream: stdout
- path: /Users/erichblume/Library/Logs/mcquack.alloy.err.log
service: alloy
stream: stderr
- path: /Users/erichblume/Library/Logs/mcquack.borgmatic.out.log
service: borgmatic
stream: stdout
- path: /Users/erichblume/Library/Logs/mcquack.borgmatic.err.log
service: borgmatic
stream: stderr
- path: /Users/erichblume/Library/Logs/mcquack.zot.out.log
service: zot
stream: stdout
- path: /Users/erichblume/Library/Logs/mcquack.zot.err.log
service: zot
stream: stderr
- path: /Users/erichblume/Library/Logs/mcquack.jellyfin.out.log
service: jellyfin
stream: stdout
- path: /Users/erichblume/Library/Logs/mcquack.jellyfin.err.log
service: jellyfin
stream: stderr
# Enable log collection (requires Loki to be running)
alloy_collect_logs: true
# Zot registry metrics collection
alloy_collect_zot: true
alloy_zot_metrics_url: "http://localhost:5050/metrics"
# PostgreSQL metrics collection (disabled, CNPG metrics scraped directly by k8s Prometheus)
alloy_collect_postgres: false
alloy_postgres_host: localhost
alloy_postgres_port: 5432
alloy_postgres_user: alloy
alloy_postgres_database: postgres
# 1Password settings for PostgreSQL metrics (unused when alloy_collect_postgres is false)
alloy_op_vault: vg6xf6vvfmoh5hqjjhlhbeoaie
alloy_op_postgres_item: guxu3j7ajhjyey6xxl2ovsl2ui
alloy_op_postgres_field: alloy-user-pw
# macOS power metrics collection (via powermetrics, requires root)
alloy_collect_power_metrics: true
alloy_power_metrics_script: /usr/local/bin/macos-power-metrics
alloy_power_metrics_interval: 30 # seconds between collection
Reference in a new issue View git blame Copy permalink