activate central logging
This commit is contained in:
parent
e65f04fb32
commit
bf5e0de49c
|
@ -29,7 +29,7 @@ This does not work yet, as the nixos-system-x86_64-linux.tar.xz image is broken.
|
||||||
4. Adjust hq.nixops, add [hostname]
|
4. Adjust hq.nixops, add [hostname]
|
||||||
5. Run
|
5. Run
|
||||||
```shell
|
```shell
|
||||||
ssh k-ot@172.20.73.9
|
ssh k-ot@172.20.73.16
|
||||||
cd nix-config/
|
cd nix-config/
|
||||||
nixops deploy -d hq --check --include=[hostname]
|
nixops deploy -d hq --check --include=[hostname]
|
||||||
```
|
```
|
||||||
|
|
|
@ -17,6 +17,14 @@
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "elastic1";
|
hostName = "elastic1";
|
||||||
|
firewall = {
|
||||||
|
allowedTCPPorts = [
|
||||||
|
22
|
||||||
|
9200
|
||||||
|
9300
|
||||||
|
];
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
nixpkgs.config.allowUnfree = true;
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
|
|
@ -17,6 +17,21 @@
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "logging";
|
hostName = "logging";
|
||||||
|
firewall = {
|
||||||
|
allowedTCPPorts = [
|
||||||
|
22
|
||||||
|
9000
|
||||||
|
80
|
||||||
|
443
|
||||||
|
5044
|
||||||
|
12201
|
||||||
|
514
|
||||||
|
];
|
||||||
|
allowedUDPPorts = [
|
||||||
|
514
|
||||||
|
];
|
||||||
|
enable = false;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
|
@ -24,14 +39,32 @@
|
||||||
permitRootLogin = "yes";
|
permitRootLogin = "yes";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
virtualHosts = {
|
||||||
|
default = {
|
||||||
|
locations = {
|
||||||
|
"/".proxyPass = "http://127.0.0.1:9000/";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
services.graylog = {
|
services.graylog = {
|
||||||
enable = true;
|
enable = true;
|
||||||
passwordSecret = "SDwK3ug9U4gYSVtj3h22i0l57QO6p5RE58sNehAgU3vXgqGa2HuNyhL19vhoUKFqy28rqGfDQkRD5834NqPi5wLsy8H1hz5V";
|
passwordSecret = "SDwK3ug9U4gYSVtj3h22i0l57QO6p5RE58sNehAgU3vXgqGa2HuNyhL19vhoUKFqy28rqGfDQkRD5834NqPi5wLsy8H1hz5V";
|
||||||
# mongo.serv.zentralwerk. ?
|
# mongo.serv.zentralwerk. ?
|
||||||
elasticsearchHosts = [ "http://172.20.73.10:9200" ];
|
elasticsearchHosts = [ "http://172.20.73.15:9200" ];
|
||||||
rootPasswordSha2 = "0319baba53abe8b33e1da12fd906c27cbe61fad6a129b9d5ecf196b6661e959d";
|
rootPasswordSha2 = "3e784172684dcd89d66175b8719cd7894cc96b454ef1d5aa74bd92b3c57da7cd";
|
||||||
# mongo.serv.zentralwerk. ?
|
# mongo.serv.zentralwerk. ?
|
||||||
mongodbUri = "mongodb://172.20.73.12/graylog";
|
mongodbUri = "mongodb://172.20.73.14/graylog";
|
||||||
|
extraConfig = ''
|
||||||
|
http_bind_address = 0.0.0.0:9000
|
||||||
|
elasticsearch_shards = 1
|
||||||
|
allow_highlighting = true
|
||||||
|
allow_leading_wildcard_searches = true
|
||||||
|
'';
|
||||||
|
user = "root";
|
||||||
};
|
};
|
||||||
|
|
||||||
system.stateVersion = "19.03"; # Did you read the comment?
|
system.stateVersion = "19.03"; # Did you read the comment?
|
||||||
|
|
|
@ -17,6 +17,13 @@
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "mongo";
|
hostName = "mongo";
|
||||||
|
firewall = {
|
||||||
|
allowedTCPPorts = [
|
||||||
|
22
|
||||||
|
27017
|
||||||
|
];
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
|
|
|
@ -5,4 +5,25 @@
|
||||||
nameservers = [ "172.20.72.6" "9.9.9.9" "74.82.42.42" ];
|
nameservers = [ "172.20.72.6" "9.9.9.9" "74.82.42.42" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# add central logging
|
||||||
|
services.journalbeat = {
|
||||||
|
enable = true;
|
||||||
|
extraConfig = ''
|
||||||
|
journalbeat:
|
||||||
|
seek_position: cursor
|
||||||
|
cursor_seek_fallback: tail
|
||||||
|
write_cursor_state: true
|
||||||
|
cursor_flush_period: 5s
|
||||||
|
clean_field_names: true
|
||||||
|
convert_to_numbers: false
|
||||||
|
move_metadata_to_field: journal
|
||||||
|
default_type: journal
|
||||||
|
kernel: true
|
||||||
|
output.logstash:
|
||||||
|
# Boolean flag to enable or disable the output module.
|
||||||
|
enabled: true
|
||||||
|
hosts: ["logging.serv.zentralwerk.org:5044", "172.20.73.13:5044"]
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,9 +8,12 @@
|
||||||
nix.useSandbox = false;
|
nix.useSandbox = false;
|
||||||
nix.maxJobs = lib.mkDefault 1;
|
nix.maxJobs = lib.mkDefault 1;
|
||||||
nix.buildCores = lib.mkDefault 4;
|
nix.buildCores = lib.mkDefault 4;
|
||||||
networking.useNetworkd = true;
|
#networking.useNetworkd = true;
|
||||||
|
|
||||||
|
networking.interfaces.eth0.useDHCP = true;
|
||||||
|
|
||||||
boot.isContainer = true;
|
boot.isContainer = true;
|
||||||
|
|
||||||
# /sbin/init
|
# /sbin/init
|
||||||
boot.loader.initScript.enable = true;
|
boot.loader.initScript.enable = true;
|
||||||
boot.loader.grub.enable = false;
|
boot.loader.grub.enable = false;
|
||||||
|
@ -27,6 +30,29 @@
|
||||||
|
|
||||||
fileSystems."/" = { fsType = "rootfs"; device = "rootfs"; };
|
fileSystems."/" = { fsType = "rootfs"; device = "rootfs"; };
|
||||||
|
|
||||||
|
# add central logging
|
||||||
|
services.journalbeat = {
|
||||||
|
enable = true;
|
||||||
|
tags = [ "container" ];
|
||||||
|
extraConfig = ''
|
||||||
|
journalbeat:
|
||||||
|
seek_position: cursor
|
||||||
|
cursor_seek_fallback: tail
|
||||||
|
write_cursor_state: true
|
||||||
|
cursor_flush_period: 5s
|
||||||
|
clean_field_names: true
|
||||||
|
convert_to_numbers: false
|
||||||
|
move_metadata_to_field: journal
|
||||||
|
default_type: journal
|
||||||
|
kernel: true
|
||||||
|
output.logstash:
|
||||||
|
# Boolean flag to enable or disable the output module.
|
||||||
|
enabled: true
|
||||||
|
hosts: ["logging.serv.zentralwerk.org:5044", "172.20.73.13:5044"]
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
# Required for remote deployment
|
# Required for remote deployment
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue