Removing obsolete local directories (since replaced by ZFS datasets).

loki/alloy/config.alloy

@@ -1,90 +0,0 @@
-// Grafana Alloy configuration
-// Collects:
-//   1. Syslog over UDP/TCP port 514  — for MikroTik RB5009 and other network gear
-//   2. Docker container logs          — for all containers on this host
-// Forwards everything to Loki.
-
-// ── 1. SYSLOG RECEIVER ────────────────────────────────────────────────────────
-// Listens on 514 UDP and TCP. Point your MikroTik logging action at this host.
-
-loki.source.syslog "network_devices" {
-  listener {
-    address  = "0.0.0.0:514"
-    protocol = "udp"
-    labels   = {
-      job    = "syslog",
-      source = "network",
-    }
-  }
-  listener {
-    address  = "0.0.0.0:514"
-    protocol = "tcp"
-    labels   = {
-      job    = "syslog",
-      source = "network",
-    }
-  }
-
-  // Forward to the relabeling stage below
-  forward_to = [loki.process.syslog_relabel.receiver]
-}
-
-// Relabel syslog: promote the hostname field (sent by RouterOS) to a label
-// so you can filter by device in Grafana with {host="RB5009"} etc.
-loki.process "syslog_relabel" {
-  stage.labels {
-    values = {
-      host     = "__syslog_message_hostname",
-      severity = "__syslog_message_severity",
-      facility = "__syslog_message_facility",
-      app      = "__syslog_message_app_name",
-    }
-  }
-  forward_to = [loki.write.default.receiver]
-}
-
-
-// ── 2. DOCKER CONTAINER LOGS ─────────────────────────────────────────────────
-// Tails logs from all Docker containers on this host.
-// Adds container_name and image as labels for easy filtering.
-
-discovery.docker "containers" {
-  host = "unix:///var/run/docker.sock"
-}
-
-// Relabel Docker metadata into useful Loki labels
-discovery.relabel "docker_labels" {
-  targets = discovery.docker.containers.targets
-
-  rule {
-    source_labels = ["__meta_docker_container_name"]
-    regex         = "/(.*)"
-    target_label  = "container"
-  }
-  rule {
-    source_labels = ["__meta_docker_container_log_stream"]
-    target_label  = "stream"
-  }
-  rule {
-    source_labels = ["__meta_docker_image_name"]
-    target_label  = "image"
-  }
-}
-
-loki.source.docker "docker_logs" {
-  host          = "unix:///var/run/docker.sock"
-  targets       = discovery.relabel.docker_labels.output
-  labels        = { job = "docker" }
-  forward_to    = [loki.write.default.receiver]
-  relabel_rules = discovery.relabel.docker_labels.rules
-}
-
-
-// ── 3. LOKI WRITE TARGET ──────────────────────────────────────────────────────
-// All sources above forward here.
-
-loki.write "default" {
-  endpoint {
-    url = "http://loki:3100/loki/api/v1/push"
-  }
-}

loki/config/alloy.alloy

@@ -1,89 +0,0 @@
-// Grafana Alloy configuration
-// Collects:
-//   1. Syslog over UDP/TCP port 514  — for MikroTik RB5009 and other network gear
-//   2. Docker container logs          — for all containers on this host
-// Forwards everything to Loki.
-
-// ── 1. SYSLOG RECEIVER ────────────────────────────────────────────────────────
-// Listens on 514 UDP and TCP. Point your MikroTik logging action at this host.
-
-loki.source.syslog "network_devices" {
-  listener {
-    address       = "0.0.0.0:5140"
-    protocol      = "udp"
-    syslog_format = "rfc3164"
-    labels = {
-      job    = "syslog",
-      source = "network",
-    }
-  }
-  listener {
-    address       = "0.0.0.0:5140"
-    protocol      = "tcp"
-    syslog_format = "rfc3164"
-    labels = {
-      job    = "syslog",
-      source = "network",
-    }
-  }
-  forward_to = [loki.process.syslog_relabel.receiver]
-}
-
-
-// Enrich syslog entries with a hostname label extracted from the syslog message
-loki.process "syslog_relabel" {
-  forward_to = [loki.write.local_loki.receiver]
-
-  stage.labels {
-    values = {
-      // These internal __syslog_message_ labels are created by the source component
-      hostname = "__syslog_message_hostname",
-      app      = "__syslog_message_app_name",
-      severity = "__syslog_message_severity",
-      facility = "__syslog_message_facility",
-    }
-  }
-}
-
-// ── 2. DOCKER CONTAINER LOGS ─────────────────────────────────────────────────
-// Tails logs from all Docker containers on this host.
-// Adds container name and image as labels for easy filtering.
-
-discovery.docker "containers" {
-  host = "unix:///var/run/docker.sock"
-}
-
-// Relabel Docker metadata into useful Loki labels.
-discovery.relabel "docker_labels" {
-  targets = discovery.docker.containers.targets
-
-  rule {
-    source_labels = ["__meta_docker_container_name"]
-    regex         = "/(.*)"
-    target_label  = "container"
-  }
-  rule {
-    source_labels = ["__meta_docker_container_log_stream"]
-    target_label  = "stream"
-  }
-  rule {
-    source_labels = ["__meta_docker_image_name"]
-    target_label  = "image"
-  }
-}
-
-loki.source.docker "docker_logs" {
-  host       = "unix:///var/run/docker.sock"
-  targets    = discovery.relabel.docker_labels.output
-  labels     = { job = "docker" }
-  forward_to = [loki.write.local_loki.receiver]
-}
-
-
-// ── 3. LOKI WRITE TARGET ──────────────────────────────────────────────────────
-
-loki.write "local_loki" {
-  endpoint {
-    url = "http://loki:3100/loki/api/v1/push"
-  }
-}

loki/config/alloy.original

@@ -1,98 +0,0 @@
-// Alloy configuration
-// Collects: (1) Docker container logs, (2) Syslog from network devices (MikroTik etc.)
-// Pushes everything to local Loki instance.
-
-// ── Loki destination ──────────────────────────────────────────────────────────
-loki.write "local_loki" {
-  endpoint {
-    url = "http://loki:3100/loki/api/v1/push"
-  }
-}
-
-// ── Docker container log collection ──────────────────────────────────────────
-// Discovers all running containers and tails their logs automatically.
-// New containers are picked up without restarting Alloy.
-
-discovery.docker "containers" {
-  host = "unix:///var/run/docker.sock"
-}
-
-discovery.relabel "docker_labels" {
-  targets = discovery.docker.containers.targets
-
-  // Use container name as the job label (strips the leading slash Docker adds)
-  rule {
-    source_labels = ["__meta_docker_container_name"]
-    regex         = "/(.*)"
-    target_label  = "container"
-  }
-
-  // Carry through the Docker Compose service name if present
-  rule {
-    source_labels = ["__meta_docker_container_label_com_docker_compose_service"]
-    target_label  = "service"
-  }
-
-  // Carry through the Docker Compose project name if present
-  rule {
-    source_labels = ["__meta_docker_container_label_com_docker_compose_project"]
-    target_label  = "compose_project"
-  }
-
-  rule {
-    target_label = "source"
-    replacement  = "docker"
-  }
-}
-
-loki.source.docker "docker_logs" {
-  host          = "unix:///var/run/docker.sock"
-  targets       = discovery.relabel.docker_labels.output
-  forward_to    = [loki.write.local_loki.receiver]
-  relabeling {
-    source_labels = ["__meta_docker_container_name"]
-    regex         = "/(.*)"
-    target_label  = "container"
-  }
-}
-
-// ── Syslog receiver (MikroTik RB5009 and other network devices) ──────────────
-// Listens on UDP 514 and TCP 514.
-// On your RB5009, set the remote logging action to point at this host's IP.
-
-loki.source.syslog "network_syslog" {
-  listener {
-    address  = "0.0.0.0:514"
-    protocol = "udp"
-    labels = {
-      source = "syslog",
-      job    = "network_devices",
-    }
-  }
-  listener {
-    address  = "0.0.0.0:514"
-    protocol = "tcp"
-    labels = {
-      source = "syslog",
-      job    = "network_devices",
-    }
-  }
-
-  forward_to = [loki.process.syslog_relabel.receiver]
-}
-
-// Enrich syslog entries with a hostname label extracted from the syslog message
-loki.process "syslog_relabel" {
-  forward_to = [loki.write.local_loki.receiver]
-
-  stage.syslog {}   // Parses RFC3164/RFC5424 syslog and extracts hostname, app, facility, severity
-
-  stage.labels {
-    values = {
-      hostname = "hostname",   // Extracted by stage.syslog
-      app      = "app_name",   // e.g. "dhcp", "firewall", "interface" on RouterOS
-      severity = "severity",
-      facility = "facility",
-    }
-  }
-}

loki/config/grafana-datasources.yml

@@ -1,16 +0,0 @@
-# Grafana datasource provisioning
-# Automatically configures Loki as a datasource on first startup.
-# No manual setup needed in the Grafana UI.
-
-apiVersion: 1
-
-datasources:
-  - name: Loki
-    type: loki
-    access: proxy
-    url: http://loki:3100
-    isDefault: true
-    editable: false
-    jsonData:
-      maxLines: 5000
-      timeout: 60

loki/config/loki.yml

@@ -1,58 +0,0 @@
-# Loki configuration - single binary mode, suitable for homelab scale
-# Docs: https://grafana.com/docs/loki/latest/configuration/
-
-auth_enabled: false
-
-server:
-  http_listen_port: 3100
-  grpc_listen_port: 9096
-  log_level: warn
-
-common:
-  instance_addr: 127.0.0.1
-  path_prefix: /loki
-  storage:
-    filesystem:
-      chunks_directory: /loki/chunks
-      rules_directory: /loki/rules
-  replication_factor: 1
-  ring:
-    kvstore:
-      store: inmemory
-
-schema_config:
-  configs:
-    - from: 2024-01-01
-      store: tsdb
-      object_store: filesystem
-      schema: v13
-      index:
-        prefix: index_
-        period: 24h
-
-# ── Retention ─────────────────────────────────────────────────────────────────
-# Adjust these to suit your disk space. 90 days is a good starting point for
-# homelab troubleshooting — long enough to catch recurring issues.
-limits_config:
-  retention_period: 90d
-  reject_old_samples: true
-  reject_old_samples_max_age: 168h  # 7 days — increase if needed
-  ingestion_rate_mb: 4
-  ingestion_burst_size_mb: 8
-
-compactor:
-  working_directory: /loki/compactor
-  retention_enabled: true
-  retention_delete_delay: 2h
-  delete_request_store: filesystem
-
-# ── Query performance ─────────────────────────────────────────────────────────
-query_range:
-  results_cache:
-    cache:
-      embedded_cache:
-        enabled: true
-        max_size_mb: 100
-
-ruler:
-  alertmanager_url: http://localhost:9093

loki/grafana/provisioning/datasources/loki.yml

@@ -1,17 +0,0 @@
-apiVersion: 1
-
-datasources:
-  - name: Loki
-    type: loki
-    access: proxy
-    url: http://loki:3100
-    isDefault: true
-    editable: false
-    jsonData:
-      maxLines: 5000
-      # Derive fields let you turn log content into clickable links.
-      # This example makes trace IDs in logs clickable — remove if not needed.
-      derivedFields:
-        - name: TraceID
-          matcherRegex: "traceID=(\\w+)"
-          url: ""

loki/loki/loki-config.yml

@@ -1,57 +0,0 @@
-# Loki configuration — single-binary mode, suitable for homelab scale
-# Stores data in the local filesystem via the 'loki-data' Docker volume
-
-auth_enabled: false
-
-server:
-  http_listen_port: 3100
-  grpc_listen_port: 9096
-  log_level: warn
-
-common:
-  instance_addr: 127.0.0.1
-  path_prefix: /loki
-  storage:
-    filesystem:
-      chunks_directory: /loki/chunks
-      rules_directory: /loki/rules
-  replication_factor: 1
-  ring:
-    kvstore:
-      store: inmemory
-
-# How long to keep logs. Adjust to taste.
-# 90 days is generous but reasonable for a homelab — tune down if disk is tight.
-limits_config:
-  retention_period: 90d
-  reject_old_samples: true
-  reject_old_samples_max_age: 168h  # 7 days — increase if needed
- # Reject log lines larger than 256KB (protects against runaway logging)
-  max_line_size: 256KB
-
-schema_config:
-  configs:
-    - from: 2024-01-01
-      store: tsdb
-      object_store: filesystem
-      schema: v13
-      index:
-        prefix: index_
-        period: 24h
-
-compactor:
-  working_directory: /loki/compactor
-  # Enables the retention policy above
-  retention_enabled: true
-  retention_delete_delay: 2h
-  delete_request_store: filesystem
-
-query_range:
-  results_cache:
-    cache:
-      embedded_cache:
-        enabled: true
-        max_size_mb: 100
-
-ruler:
-  alertmanager_url: http://localhost:9093