blumeops/ansible/roles/alloy/defaults/main.yml

---
# Grafana Alloy configuration
#
# BUILDING FROM SOURCE (required for CGO DNS resolution on macOS):
#
# Alloy must be built with CGO_ENABLED=1 to use macOS native DNS resolver,
# which is required for Tailscale MagicDNS hostname resolution.
# The Homebrew bottle is built with CGO_ENABLED=0.
#
# Build on dev machine (gilbert), then copy to indri:
#
# 1. Clone from forge mirror:
#    git clone ssh://forgejo@forge.ops.eblu.me:2222/mirrors/alloy.git ~/code/3rd/alloy
#
# 2. Set up build tools via mise:
#    cd ~/code/3rd/alloy && mise use go@1.25.7 node yarn
#
# 3. Build with CGO enabled (default in Makefile):
#    cd ~/code/3rd/alloy && mise x -- make alloy
#
# 4. Copy binary to indri:
#    scp ~/code/3rd/alloy/build/alloy indri:~/.local/bin/alloy
#
# 5. Ad-hoc codesign on indri (SCP'd binaries get quarantined by macOS):
#    ssh indri 'codesign --sign - --force ~/.local/bin/alloy'
#
# 6. Run ansible to deploy config and LaunchAgent

# Binary and paths
alloy_binary: /Users/erichblume/.local/bin/alloy
alloy_config_dir: /Users/erichblume/.config/grafana-alloy
alloy_data_dir: /Users/erichblume/.local/share/grafana-alloy
alloy_log_dir: /Users/erichblume/Library/Logs

# Textfile collector directory (same as node_exporter for compatibility)
alloy_textfile_dir: /opt/homebrew/var/node_exporter/textfile

# Prometheus remote write endpoint (k8s via Caddy)
alloy_prometheus_url: "https://prometheus.ops.eblu.me/api/v1/write"

# Loki endpoint (k8s via Caddy)
alloy_loki_url: "https://loki.ops.eblu.me/loki/api/v1/push"

# Instance label for metrics
alloy_instance_label: indri

# Scrape interval
alloy_scrape_interval: "15s"

# Log paths to collect
alloy_brew_logs:
  - path: /opt/homebrew/var/log/forgejo.log
    service: forgejo
    stream: stdout
  - path: /opt/homebrew/var/log/tailscaled.log
    service: tailscale
    stream: stdout

alloy_mcquack_logs:
  - path: /Users/erichblume/Library/Logs/mcquack.alloy.out.log
    service: alloy
    stream: stdout
  - path: /Users/erichblume/Library/Logs/mcquack.alloy.err.log
    service: alloy
    stream: stderr
  - path: /Users/erichblume/Library/Logs/mcquack.borgmatic.out.log
    service: borgmatic
    stream: stdout
  - path: /Users/erichblume/Library/Logs/mcquack.borgmatic.err.log
    service: borgmatic
    stream: stderr
  - path: /Users/erichblume/Library/Logs/mcquack.zot.out.log
    service: zot
    stream: stdout
  - path: /Users/erichblume/Library/Logs/mcquack.zot.err.log
    service: zot
    stream: stderr
  - path: /Users/erichblume/Library/Logs/mcquack.jellyfin.out.log
    service: jellyfin
    stream: stdout
  - path: /Users/erichblume/Library/Logs/mcquack.jellyfin.err.log
    service: jellyfin
    stream: stderr

# Enable log collection (requires Loki to be running)
alloy_collect_logs: true

# Zot registry metrics collection
alloy_collect_zot: true
alloy_zot_metrics_url: "http://localhost:5050/metrics"

# PostgreSQL metrics collection (disabled, CNPG metrics scraped directly by k8s Prometheus)
alloy_collect_postgres: false
alloy_postgres_host: localhost
alloy_postgres_port: 5432
alloy_postgres_user: alloy
alloy_postgres_database: postgres

# 1Password settings for PostgreSQL metrics (unused when alloy_collect_postgres is false)
alloy_op_vault: vg6xf6vvfmoh5hqjjhlhbeoaie
alloy_op_postgres_item: guxu3j7ajhjyey6xxl2ovsl2ui
alloy_op_postgres_field: alloy-user-pw

# Forgejo metrics collection
alloy_collect_forgejo: true
alloy_forgejo_port: 3001

# macOS power metrics collection (via powermetrics, requires root)
alloy_collect_power_metrics: true
alloy_power_metrics_script: /usr/local/bin/macos-power-metrics
alloy_power_metrics_interval: 30  # seconds between collection