logging: consolidate, flakify
This commit is contained in:
parent
ed69ee970f
commit
1f7aea3a28
|
@ -355,6 +355,14 @@
|
|||
system = "x86_64-linux";
|
||||
};
|
||||
|
||||
logging = nixosSystem' {
|
||||
modules = [
|
||||
./lib/lxc-container.nix
|
||||
./hosts/containers/logging
|
||||
];
|
||||
system = "x86_64-linux";
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
nixosModule = import ./lib;
|
||||
|
|
|
@ -1,75 +0,0 @@
|
|||
# Edit this configuration file to define what should be installed on
|
||||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
../../../lib
|
||||
../../../lib/lxc-container.nix
|
||||
../../../lib/shared.nix
|
||||
../../../lib/admins.nix
|
||||
];
|
||||
|
||||
networking = {
|
||||
hostName = "elastic1";
|
||||
interfaces.eth0.ipv4.addresses = [{
|
||||
address = "172.20.73.15";
|
||||
prefixLength = 26;
|
||||
}];
|
||||
defaultGateway = "172.20.73.1";
|
||||
firewall = {
|
||||
allowedTCPPorts = [ 22 9200 9300 ];
|
||||
enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
services.elasticsearch = {
|
||||
enable = true;
|
||||
cluster_name = "zentralwerk";
|
||||
dataDir = "/srv/elasticsearch";
|
||||
listenAddress = "0.0.0.0";
|
||||
extraJavaOptions = [ "-Xms2g" "-Xmx2g" ];
|
||||
};
|
||||
systemd.services.elasticsearch.serviceConfig.Restart = "always";
|
||||
|
||||
# does not work, needs to be set on hv (done through ansible)
|
||||
boot.kernel.sysctl = { "vm.max_map_count" = "262144"; };
|
||||
|
||||
services.elasticsearch-curator = {
|
||||
enable = true;
|
||||
actionYAML = ''
|
||||
---
|
||||
actions:
|
||||
1:
|
||||
action: delete_indices
|
||||
description: >-
|
||||
Delete indices older than 45 days (based on index name), for logstash-
|
||||
prefixed indices. Ignore the error if the filter does not result in an
|
||||
actionable list of indices (ignore_empty_list) and exit cleanly.
|
||||
options:
|
||||
ignore_empty_list: True
|
||||
disable_action: False
|
||||
filters:
|
||||
- filtertype: pattern
|
||||
kind: prefix
|
||||
value: logstash-
|
||||
- filtertype: age
|
||||
source: name
|
||||
direction: older
|
||||
timestring: '%Y.%m.%d'
|
||||
unit: days
|
||||
unit_count: 45
|
||||
'';
|
||||
};
|
||||
|
||||
system.stateVersion = "20.09"; # Did you read the comment?
|
||||
|
||||
}
|
|
@ -1,73 +0,0 @@
|
|||
# Edit this configuration file to define what should be installed on
|
||||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
../../../lib
|
||||
../../../lib/lxc-container.nix
|
||||
../../../lib/shared.nix
|
||||
../../../lib/admins.nix
|
||||
];
|
||||
|
||||
networking = {
|
||||
hostName = "logging";
|
||||
interfaces.eth0.ipv4.addresses = [{
|
||||
address = "172.20.73.13";
|
||||
prefixLength = 26;
|
||||
}];
|
||||
defaultGateway = "172.20.73.1";
|
||||
firewall = {
|
||||
allowedTCPPorts = [ 22 9000 80 443 5044 12201 514 ];
|
||||
allowedUDPPorts = [ 514 ];
|
||||
enable = false;
|
||||
};
|
||||
dhcpcd.denyInterfaces = [ "eth1" ];
|
||||
# interface for mgmt network
|
||||
interfaces.eth1 = {
|
||||
ipv4.addresses = [{
|
||||
address = "10.0.0.251";
|
||||
prefixLength = 24;
|
||||
}];
|
||||
useDHCP = false;
|
||||
};
|
||||
};
|
||||
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts = {
|
||||
default = { locations = { "/".proxyPass = "http://127.0.0.1:9000/"; }; };
|
||||
};
|
||||
};
|
||||
|
||||
services.graylog = {
|
||||
enable = true;
|
||||
passwordSecret =
|
||||
"SDwK3ug9U4gYSVtj3h22i0l57QO6p5RE58sNehAgU3vXgqGa2HuNyhL19vhoUKFqy28rqGfDQkRD5834NqPi5wLsy8H1hz5V";
|
||||
# mongo.serv.zentralwerk. ?
|
||||
elasticsearchHosts = [ "http://elastic1.serv.zentralwerk.org:9200" ];
|
||||
rootPasswordSha2 =
|
||||
"3e784172684dcd89d66175b8719cd7894cc96b454ef1d5aa74bd92b3c57da7cd";
|
||||
# mongo.serv.zentralwerk. ?
|
||||
mongodbUri = "mongodb://mongo.serv.zentralwerk.org/graylog";
|
||||
extraConfig = ''
|
||||
http_bind_address = 0.0.0.0:9000
|
||||
http_publish_uri = http://logging.serv.zentralwerk.org/
|
||||
elasticsearch_shards = 1
|
||||
allow_highlighting = true
|
||||
allow_leading_wildcard_searches = true
|
||||
'';
|
||||
user = "root";
|
||||
};
|
||||
|
||||
systemd.services.graylog.serviceConfig.Restart = "always";
|
||||
|
||||
system.stateVersion = "20.09"; # Did you read the comment?
|
||||
|
||||
}
|
|
@ -0,0 +1,113 @@
|
|||
{ hostRegistry, config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
graylogPort = 9000;
|
||||
in
|
||||
{
|
||||
networking = {
|
||||
hostName = "logging";
|
||||
interfaces.eth0.ipv4.addresses = [{
|
||||
address = hostRegistry.hosts.logging.ip4;
|
||||
prefixLength = 26;
|
||||
}];
|
||||
defaultGateway = "172.20.73.1";
|
||||
firewall = {
|
||||
allowedTCPPorts = [ 22 80 443 5044 12201 514 ];
|
||||
allowedUDPPorts = [ 514 ];
|
||||
enable = false;
|
||||
};
|
||||
dhcpcd.denyInterfaces = [ "eth1" ];
|
||||
# interface for mgmt network
|
||||
interfaces.eth1 = {
|
||||
ipv4.addresses = [{
|
||||
address = "10.0.0.251";
|
||||
prefixLength = 24;
|
||||
}];
|
||||
useDHCP = false;
|
||||
};
|
||||
};
|
||||
|
||||
# Don't loop
|
||||
services.journalbeat.enable = lib.mkForce false;
|
||||
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts = {
|
||||
"logging.serv.zentralwerk.org" = {
|
||||
default = true;
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations = { "/".proxyPass = "http://127.0.0.1:${toString graylogPort}/"; };
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.graylog = {
|
||||
enable = true;
|
||||
passwordSecret =
|
||||
"SDwK3ug9U4gYSVtj3h22i0l57QO6p5RE58sNehAgU3vXgqGa2HuNyhL19vhoUKFqy28rqGfDQkRD5834NqPi5wLsy8H1hz5V";
|
||||
elasticsearchHosts = [ "http://localhost:9200" ];
|
||||
rootPasswordSha2 =
|
||||
"2bed7d6138c04098c05f492174c31d45d873f5146ad775e4c26a4863fa370d7d";
|
||||
mongodbUri = "mongodb://localhost/graylog";
|
||||
extraConfig = ''
|
||||
http_bind_address = 127.0.0.1:${toString graylogPort}
|
||||
http_publish_uri = https://logging.serv.zentralwerk.org/
|
||||
elasticsearch_shards = 1
|
||||
allow_highlighting = true
|
||||
allow_leading_wildcard_searches = true
|
||||
'';
|
||||
user = "root";
|
||||
};
|
||||
|
||||
services.mongodb = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
# noXlibs breaks cairo:
|
||||
environment.noXlibs = false;
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
services.elasticsearch = {
|
||||
enable = true;
|
||||
extraJavaOptions = [ "-Xms2g" "-Xmx2g" ];
|
||||
};
|
||||
systemd.services.elasticsearch.serviceConfig.Restart = "always";
|
||||
|
||||
# does not work, needs to be set on hv (done through ansible)
|
||||
boot.kernel.sysctl = { "vm.max_map_count" = "262144"; };
|
||||
|
||||
services.elasticsearch-curator = {
|
||||
enable = true;
|
||||
actionYAML = ''
|
||||
---
|
||||
actions:
|
||||
1:
|
||||
action: delete_indices
|
||||
description: >-
|
||||
Delete indices older than 45 days (based on index name), for logstash-
|
||||
prefixed indices. Ignore the error if the filter does not result in an
|
||||
actionable list of indices (ignore_empty_list) and exit cleanly.
|
||||
options:
|
||||
ignore_empty_list: True
|
||||
disable_action: False
|
||||
filters:
|
||||
- filtertype: pattern
|
||||
kind: prefix
|
||||
value: logstash-
|
||||
- filtertype: age
|
||||
source: name
|
||||
direction: older
|
||||
timestring: '%Y.%m.%d'
|
||||
unit: days
|
||||
unit_count: 45
|
||||
'';
|
||||
};
|
||||
|
||||
systemd.services.graylog.serviceConfig.Restart = "always";
|
||||
|
||||
system.stateVersion = "21.05";
|
||||
}
|
|
@ -1,42 +0,0 @@
|
|||
# Edit this configuration file to define what should be installed on
|
||||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
../../../lib
|
||||
../../../lib/lxc-container.nix
|
||||
../../../lib/shared.nix
|
||||
../../../lib/admins.nix
|
||||
];
|
||||
|
||||
environment.systemPackages = with pkgs; [ mongodb-tools ];
|
||||
|
||||
networking = {
|
||||
hostName = "mongo";
|
||||
interfaces.eth0.ipv4.addresses = [{
|
||||
address = "172.20.73.21";
|
||||
prefixLength = 26;
|
||||
}];
|
||||
defaultGateway = "172.20.73.1";
|
||||
firewall = {
|
||||
allowedTCPPorts = [ 22 27017 ];
|
||||
enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
services.mongodb = {
|
||||
enable = true;
|
||||
bind_ip = "0.0.0.0";
|
||||
dbpath = "/srv/mongodb";
|
||||
};
|
||||
|
||||
system.stateVersion = "19.03"; # Did you read the comment?
|
||||
|
||||
}
|
Loading…
Reference in New Issue