| 1 | --- |
| 2 | # SPDX-License-Identifier: AGPL-3.0-or-later |
| 3 | # Promtail (logs → Loki) + node_exporter (metrics → Prometheus). |
| 4 | # Both scrape over the WireGuard mesh from the bare-metal box; the |
| 5 | # droplet's metrics endpoints aren't exposed to the public internet. |
| 6 | |
| 7 | - name: node_exporter — install |
| 8 | apt: { name: prometheus-node-exporter, state: present } |
| 9 | |
| 10 | - name: node_exporter — service started |
| 11 | systemd: { name: prometheus-node-exporter, state: started, enabled: yes } |
| 12 | |
| 13 | - name: Promtail — install |
| 14 | shell: | |
| 15 | if ! command -v promtail >/dev/null; then |
| 16 | VER=2.9.4 |
| 17 | curl -sSL "https://github.com/grafana/loki/releases/download/v${VER}/promtail-linux-amd64.zip" -o /tmp/promtail.zip |
| 18 | unzip -o /tmp/promtail.zip -d /usr/local/bin/ |
| 19 | mv /usr/local/bin/promtail-linux-amd64 /usr/local/bin/promtail |
| 20 | chmod +x /usr/local/bin/promtail |
| 21 | fi |
| 22 | args: |
| 23 | creates: /usr/local/bin/promtail |
| 24 | |
| 25 | - name: promtail config |
| 26 | template: |
| 27 | src: promtail-config.yml.j2 |
| 28 | dest: /etc/promtail/config.yml |
| 29 | mode: "0644" |
| 30 | notify: restart promtail |
| 31 | |
| 32 | - name: promtail systemd unit |
| 33 | copy: |
| 34 | dest: /etc/systemd/system/promtail.service |
| 35 | content: | |
| 36 | [Unit] |
| 37 | Description=Promtail log shipper |
| 38 | After=network.target |
| 39 | [Service] |
| 40 | ExecStart=/usr/local/bin/promtail -config.file=/etc/promtail/config.yml |
| 41 | Restart=on-failure |
| 42 | [Install] |
| 43 | WantedBy=multi-user.target |
| 44 | mode: "0644" |
| 45 | notify: [daemon-reload, restart promtail] |
| 46 | |
| 47 | - name: promtail enabled |
| 48 | systemd: { name: promtail, state: started, enabled: yes } |
| 49 |