containers/kibana: init

2020-05-23 01:17:16 +02:00 · 2020-05-23 01:17:16 +02:00 · d69eee2b75
parent 672c8e5b13
commit d69eee2b75
2 changed files with 67 additions and 0 deletions
--- a/hosts/containers/kibana/configuration.nix
+++ b/hosts/containers/kibana/configuration.nix
@ -0,0 +1,66 @@
+{ config, pkgs, lib, ... }:
+
+{
+  imports = [
+    <nixpkgs/nixos/modules/profiles/minimal.nix>
+    <lib>
+    <lib/lxc-container.nix>
+    <lib/shared.nix>
+  ];
+
+  networking.hostName = "kibana";
+  networking.interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.44"; prefixLength = 26; } ];
+  networking.defaultGateway = "172.20.73.1";
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+  # Required for krops
+  services.openssh.enable = true;
+  environment.systemPackages = [ pkgs.git ];
+
+  nixpkgs.config.allowUnfree = true;
+  services.elasticsearch = {
+    enable = true;
+    package = pkgs.elasticsearch7;
+  };
+  services.kibana = {
+    enable = true;
+    package = pkgs.kibana7;
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    email = "mail@c3d2.de";
+  };
+  services.nginx =
+    let
+      authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
+      vhost = url: {
+        forceSSL = true;
+        enableACME = true;
+        locations."/" = {
+          proxyPass = url;
+          extraConfig = ''
+            auth_basic "Chaos";
+            auth_basic_user_file ${authFile};
+          '';
+        };
+      };
+    in
+    {
+      enable = true;
+      recommendedGzipSettings = true;
+      recommendedProxySettings = true;
+      virtualHosts = {
+        "kibana.hq.c3d2.de" =
+          vhost "http://localhost:${toString config.services.kibana.port}";
+        "kibana-es.hq.c3d2.de" =
+          vhost "http://127.0.0.1:${toString config.services.elasticsearch.port}";
+      };
+    };
+
+  # This value determines the NixOS release with which your system is to be
+  # compatible, in order to avoid breaking some software such as database
+  # servers. You should change this only after NixOS release notes say you
+  # should.
+  system.stateVersion = "20.03"; # Did you read the comment?
+}
--- a/krops.nix
+++ b/krops.nix
@ -31,4 +31,5 @@ in {
  scrape = deployContainer "scrape" "172.20.73.32";
  ledstripes = deployContainer "ledstripes" "172.22.99.168";
  freifunk = deployContainer "freifunk" "172.20.72.40";
+  kibana = deployContainer "kibana" "172.20.73.44";
 }