add the ansible playbooks for the monitoring stack

ansible/roles/promtail/handlers/main.yml

@@ -0,0 +1,9 @@
+---
+- name: Reload systemd
+  ansible.builtin.systemd:
+    daemon_reload: true
+
+- name: Restart promtail
+  ansible.builtin.systemd:
+    name: promtail
+    state: restarted

ansible/roles/promtail/tasks/main.yml

@@ -0,0 +1,78 @@
+---
+- name: Create Promtail directories
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    owner: monitoring
+    group: monitoring
+    mode: "0755"
+  loop:
+    - /etc/promtail
+    - /var/lib/promtail
+
+- name: Check if Promtail is installed
+  ansible.builtin.stat:
+    path: /usr/local/bin/promtail
+  register: promtail_binary
+
+- name: Download Promtail
+  ansible.builtin.get_url:
+    url: "https://github.com/grafana/loki/releases/download/v{{ promtail_version }}/promtail-linux-{{ go_arch }}.zip"
+    dest: "/tmp/promtail-{{ promtail_version }}.zip"
+    mode: "0644"
+  when: not promtail_binary.stat.exists
+
+- name: Install unzip
+  ansible.builtin.apt:
+    name: unzip
+    state: present
+  when: ansible_os_family == "Debian"
+
+- name: Extract Promtail
+  ansible.builtin.unarchive:
+    src: "/tmp/promtail-{{ promtail_version }}.zip"
+    dest: /tmp
+    remote_src: true
+  when: not promtail_binary.stat.exists
+
+- name: Install Promtail binary
+  ansible.builtin.copy:
+    src: /tmp/promtail-linux-{{ go_arch }}
+    dest: /usr/local/bin/promtail
+    mode: "0755"
+    remote_src: true
+  notify: Restart promtail
+  when: not promtail_binary.stat.exists
+
+- name: Deploy Promtail configuration
+  ansible.builtin.template:
+    src: promtail.yml.j2
+    dest: /etc/promtail/promtail.yml
+    owner: monitoring
+    group: monitoring
+    mode: "0644"
+  notify: Restart promtail
+
+- name: Deploy Promtail systemd service
+  ansible.builtin.template:
+    src: promtail.service.j2
+    dest: /etc/systemd/system/promtail.service
+    mode: "0644"
+  notify:
+    - Reload systemd
+    - Restart promtail
+
+- name: Enable and start Promtail
+  ansible.builtin.systemd:
+    name: promtail
+    enabled: true
+    state: started
+    daemon_reload: true
+
+- name: Clean up downloaded files
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: absent
+  loop:
+    - "/tmp/promtail-{{ promtail_version }}.zip"
+    - "/tmp/promtail-linux-{{ go_arch }}"

ansible/roles/promtail/templates/promtail.service.j2

@@ -0,0 +1,24 @@
+[Unit]
+Description=Promtail Log Collector
+Documentation=https://grafana.com/docs/loki/latest/clients/promtail/
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+Type=simple
+User=root
+Group=root
+ExecStart=/usr/local/bin/promtail \
+  -config.file=/etc/promtail/promtail.yml \
+  -config.expand-env=true
+
+SyslogIdentifier=promtail
+Restart=always
+RestartSec=5
+
+# Need root for syslog port 514 and journal access
+# Can use CAP_NET_BIND_SERVICE instead if preferred
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+
+[Install]
+WantedBy=multi-user.target

ansible/roles/promtail/templates/promtail.yml.j2

@@ -0,0 +1,56 @@
+server:
+  http_listen_port: 9080
+  grpc_listen_port: 0
+
+positions:
+  filename: /var/lib/promtail/positions.yaml
+
+clients:
+  - url: {{ loki_url }}/loki/api/v1/push
+    tenant_id: home-infra
+    batchwait: 1s
+    batchsize: 1048576
+    timeout: 10s
+
+scrape_configs:
+  # Syslog listener for network devices
+  - job_name: syslog
+    syslog:
+      listen_address: 0.0.0.0:514
+      listen_protocol: udp
+      idle_timeout: 60s
+      label_structured_data: true
+      labels:
+        job: syslog
+        source: network-devices
+    relabel_configs:
+      - source_labels: ['__syslog_message_hostname']
+        target_label: 'host'
+      - source_labels: ['__syslog_message_severity']
+        target_label: 'severity'
+      - source_labels: ['__syslog_message_facility']
+        target_label: 'facility'
+      - source_labels: ['__syslog_message_app_name']
+        target_label: 'app'
+    pipeline_stages:
+      - match:
+          selector: '{job="syslog"}'
+          stages:
+            # Extract common patterns from network device logs
+            - regex:
+                expression: '(?P<src_ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})'
+            - labels:
+                src_ip:
+
+  # Local system journal (RPi logs)
+  - job_name: journal
+    journal:
+      max_age: 12h
+      labels:
+        job: systemd-journal
+        host: rpi
+    relabel_configs:
+      - source_labels: ['__journal__systemd_unit']
+        target_label: 'unit'
+      - source_labels: ['__journal_priority_keyword']
+        target_label: 'severity'