loki.source.journal "system" {
  forward_to = [loki.write.default.receiver]
  labels = {
    job = "systemd-journal",
    host = "beepi",
  }
}

local.file_match "fail2ban" {
  path_targets = [{"__path__" = "/var/log/fail2ban.log", job = "fail2ban", host = "beepi"}]
}

local.file_match "varlog" {
  path_targets = [{"__path__" = "/var/log/*.log", job = "varlog", "__path_exclude__" = "/var/log/fail2ban.log", host = "beepi"}]
}

loki.source.file "varlog" {
  targets    = local.file_match.varlog.targets
  forward_to = [loki.write.default.receiver]
}

loki.source.file "fail2ban_source" {
  targets    = local.file_match.fail2ban.targets
  forward_to = [loki.process.geoip.receiver]
}

loki.process "geoip" {
    forward_to = [loki.write.default.receiver]
    stage.regex {
        expression = `^.*:\s(?<level>\w*)\s*\[(?<service>\w*)\]\s(?<type>\w*)\s(?<ip>(?:(?:2(?:[0-4][0-9]|5[0-5])|[0-1]?[0-9]?[0-9])\.){3}(?:(?:2([0-4][0-9]|5[0-5])|[0-1]?[0-9]?[0-9]))).*$`
        labels_from_groups = true
    }

    stage.geoip {
        db = "/opt/database/GeoLite2-City.mmdb"
        source = "ip"
        db_type = "city"
    }

    stage.labels {
        values = {
            geoip_city_name          = "",
            geoip_country_name       = "",
            geoip_country_code       = "",
            geoip_continent_name     = "",
            geoip_continent_code     = "",
            geoip_location_latitude  = "",
            geoip_location_longitude = "",
            geoip_postal_code        = "",
            geoip_timezone           = "",
            geoip_subdivision_name   = "",
            geoip_subdivision_code   = "",
        }
    }
}

loki.write "default" {
  endpoint {
    url = "http://loki:3100/loki/api/v1/push"
  }
}