observation conversion

configuration.nix

@@ -14,6 +14,9 @@ in
     (import "${builtins.fetchTarball https://github.com/nix-community/home-manager/archive/release-24.05.tar.gz}/nixos")
     (fetchTarball "https://github.com/nix-community/nixos-vscode-server/tarball/master")
     ./telegraf.nix
+    ./promtail.nix
+    ./portainer.nix
+    ./watchtower.nix
   ];
 
   environment.systemPackages = with pkgs; [
@@ -27,6 +30,7 @@ in
         echo "${adPath} already exists"
       fi
     '')
+    unstable.uv
     bash
     git
     eza
@@ -37,6 +41,8 @@ in
   time.timeZone = "America/Chicago";
 
   virtualisation.docker.enable = true;
+  virtualisation.oci-containers.backend = "docker";
+
   services.vscode-server.enable = true;
   services.openssh.enable = true;
   services.tailscale.enable = true;

portainer.nix

@@ -0,0 +1,13 @@
+{ ... }:
+{
+  virtualisation.oci-containers.containers.portainer-agent = {
+    image = "portainer/agent:latest";  # Use the latest Portainer agent image
+    ports = [
+      "9001:9001"  # Expose the Portainer agent API port
+    ];
+    volumes = [
+      "/etc/zoneinfo/America/Chicago:/etc/localtime:ro"
+      "/var/run/docker.sock:/var/run/docker.sock"
+    ];
+  };
+}

promtail.nix

@@ -0,0 +1,81 @@
+{ config, ... }:
+let
+  lokiHost = "192.168.1.174:3100";
+in
+{
+  systemd.services.promtail.serviceConfig = {
+    SupplementaryGroups = [ "docker" ];
+  };
+
+  services.promtail = {
+    enable = true;
+    configuration = {
+      server = {
+        http_listen_port = 3031;
+        grpc_listen_port = 0;
+      };
+      positions = {
+        filename = "/tmp/positions.yaml";
+      };
+      clients = [{url = "http://${lokiHost}/loki/api/v1/push";}];
+      scrape_configs = [
+        {
+          job_name = "journal";
+          journal = {
+            max_age = "24h";
+            path = "/var/log/journal";
+            json = true;
+            # matches: _TRANSPORT=kernel;
+            labels = {
+              job = "systemd-journal";
+              host = config.networking.hostName; # Dynamically fetch the hostname
+            };
+          };
+          relabel_configs = [
+            {
+              source_labels = [ "__journal__systemd_unit" ];
+              target_label = "unit";
+            }
+          ];
+        }
+        {
+          job_name = "flog_scrape";
+          docker_sd_configs = [
+            {
+              host = "unix:///var/run/docker.sock";
+              refresh_interval = "5s";
+            }
+          ];
+          relabel_configs = [
+            {
+              source_labels = [ "__meta_docker_container_name" ];
+              regex = "/(.*)";
+              target_label = "container";
+            }
+            {
+              source_labels = [ "__meta_docker_container_label_com_docker_compose_oneoff" ];
+              target_label = "oneoff";
+            }
+            {
+              source_labels = [ "__meta_docker_container_label_com_docker_compose_project_config_files" ];
+              target_label = "compose_file";
+            }
+            {
+              source_labels = [ "__meta_docker_container_label_com_docker_compose_project" ];
+              target_label = "project_name";
+            }
+            {
+              source_labels = [ "__meta_docker_container_label_com_docker_compose_service" ];
+              target_label = "service";
+            }
+            {
+              target_label = "host";
+              replacement = "${config.networking.hostName}";
+            }
+          ];
+        }
+      ];
+    };
+    # extraFlags
+  };
+}

watchtower.nix

@@ -0,0 +1,11 @@
+{ ... }:
+{
+  virtualisation.oci-containers.containers.watchtower = {
+    image = "containrrr/watchtower:latest";
+    volumes = [
+      "/etc/zoneinfo/America/Chicago:/etc/localtime:ro"
+      "/var/run/docker.sock:/var/run/docker.sock"
+    ];
+    environment = {WATCHTOWER_SCHEDULE = "0 0 3 * * *";};
+  };
+}