Erich Blume
5f9bc20345
## Summary
- Widen `repo-creds-forge` URL prefix from `/eblume/` to host-wide `/` so it matches repos in all forge orgs (fixes `mirrors/` repos not getting SSH credentials)
- Update 8 ArgoCD app definitions from `eblume/<mirror>` → `mirrors/<mirror>` (immich-charts, cloudnative-pg-charts, external-secrets, connect-helm-charts)
- Fix stale alloy clone comment in Ansible defaults
- Bump immich v2.5.2 → v2.5.6 (bug-fix patches only)
- Update ArgoCD README bootstrap command and credential docs
## Context
Mirrors were migrated from `forge.ops.eblu.me/eblume/` to `forge.ops.eblu.me/mirrors/` in commit `cd57814`. Container Dockerfiles and image tags were updated, but ArgoCD app definitions and the repo credential template were missed, causing `ComparisonError` on apps that source Helm charts from mirrored repos.
## Deployment
1. Sync the ArgoCD `argocd` app first (picks up the widened credential template)
2. Sync the `apps` app (picks up new repo URLs for all 8 apps)
3. Verify immich resolves its ComparisonError: `argocd app get immich`
4. Sync immich to deploy v2.5.6: `argocd app sync immich`
5. Spot-check: `argocd app get external-secrets`, `argocd app get cloudnative-pg`, `argocd app get 1password-connect`
Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/266
104 lines
3.4 KiB
YAML
104 lines
3.4 KiB
YAML
---
|
|
# Grafana Alloy configuration
|
|
#
|
|
# BUILDING FROM SOURCE (required for CGO DNS resolution on macOS):
|
|
#
|
|
# Alloy must be built with CGO_ENABLED=1 to use macOS native DNS resolver,
|
|
# which is required for Tailscale MagicDNS hostname resolution.
|
|
# The Homebrew bottle is built with CGO_ENABLED=0.
|
|
#
|
|
# Build on dev machine (gilbert), then copy to indri:
|
|
#
|
|
# 1. Clone from forge mirror:
|
|
# git clone ssh://forgejo@forge.ops.eblu.me:2222/mirrors/alloy.git ~/code/3rd/alloy
|
|
#
|
|
# 2. Set up build tools via mise:
|
|
# cd ~/code/3rd/alloy && mise use go@1.25 node yarn
|
|
#
|
|
# 3. Build with CGO enabled (default in Makefile):
|
|
# cd ~/code/3rd/alloy && mise x -- make alloy
|
|
#
|
|
# 4. Copy binary to indri:
|
|
# scp ~/code/3rd/alloy/build/alloy indri:~/.local/bin/alloy
|
|
#
|
|
# 5. Run ansible to deploy config and LaunchAgent
|
|
|
|
# Binary and paths
|
|
alloy_binary: /Users/erichblume/.local/bin/alloy
|
|
alloy_config_dir: /Users/erichblume/.config/grafana-alloy
|
|
alloy_data_dir: /Users/erichblume/.local/share/grafana-alloy
|
|
alloy_log_dir: /Users/erichblume/Library/Logs
|
|
|
|
# Textfile collector directory (same as node_exporter for compatibility)
|
|
alloy_textfile_dir: /opt/homebrew/var/node_exporter/textfile
|
|
|
|
# Prometheus remote write endpoint (k8s via Caddy)
|
|
alloy_prometheus_url: "https://prometheus.ops.eblu.me/api/v1/write"
|
|
|
|
# Loki endpoint (k8s via Caddy)
|
|
alloy_loki_url: "https://loki.ops.eblu.me/loki/api/v1/push"
|
|
|
|
# Instance label for metrics
|
|
alloy_instance_label: indri
|
|
|
|
# Scrape interval
|
|
alloy_scrape_interval: "15s"
|
|
|
|
# Log paths to collect
|
|
alloy_brew_logs:
|
|
- path: /opt/homebrew/var/log/forgejo.log
|
|
service: forgejo
|
|
stream: stdout
|
|
- path: /opt/homebrew/var/log/tailscaled.log
|
|
service: tailscale
|
|
stream: stdout
|
|
|
|
alloy_mcquack_logs:
|
|
- path: /Users/erichblume/Library/Logs/mcquack.alloy.out.log
|
|
service: alloy
|
|
stream: stdout
|
|
- path: /Users/erichblume/Library/Logs/mcquack.alloy.err.log
|
|
service: alloy
|
|
stream: stderr
|
|
- path: /Users/erichblume/Library/Logs/mcquack.borgmatic.out.log
|
|
service: borgmatic
|
|
stream: stdout
|
|
- path: /Users/erichblume/Library/Logs/mcquack.borgmatic.err.log
|
|
service: borgmatic
|
|
stream: stderr
|
|
- path: /Users/erichblume/Library/Logs/mcquack.zot.out.log
|
|
service: zot
|
|
stream: stdout
|
|
- path: /Users/erichblume/Library/Logs/mcquack.zot.err.log
|
|
service: zot
|
|
stream: stderr
|
|
- path: /Users/erichblume/Library/Logs/mcquack.jellyfin.out.log
|
|
service: jellyfin
|
|
stream: stdout
|
|
- path: /Users/erichblume/Library/Logs/mcquack.jellyfin.err.log
|
|
service: jellyfin
|
|
stream: stderr
|
|
|
|
# Enable log collection (requires Loki to be running)
|
|
alloy_collect_logs: true
|
|
|
|
# Zot registry metrics collection
|
|
alloy_collect_zot: true
|
|
alloy_zot_metrics_url: "http://localhost:5050/metrics"
|
|
|
|
# PostgreSQL metrics collection (disabled, CNPG metrics scraped directly by k8s Prometheus)
|
|
alloy_collect_postgres: false
|
|
alloy_postgres_host: localhost
|
|
alloy_postgres_port: 5432
|
|
alloy_postgres_user: alloy
|
|
alloy_postgres_database: postgres
|
|
|
|
# 1Password settings for PostgreSQL metrics (unused when alloy_collect_postgres is false)
|
|
alloy_op_vault: vg6xf6vvfmoh5hqjjhlhbeoaie
|
|
alloy_op_postgres_item: guxu3j7ajhjyey6xxl2ovsl2ui
|
|
alloy_op_postgres_field: alloy-user-pw
|
|
|
|
# macOS power metrics collection (via powermetrics, requires root)
|
|
alloy_collect_power_metrics: true
|
|
alloy_power_metrics_script: /usr/local/bin/macos-power-metrics
|
|
alloy_power_metrics_interval: 30 # seconds between collection
|