# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).

{ config, pkgs, lib, ... }:

{
  imports =
    [ ../../../lib/lxc-container.nix
    ../../../lib/shared.nix
    ../../../lib/admins.nix
  ];

  environment.systemPackages = with pkgs; [
    vim
  ];

  networking = {
    hostName = "logging";
    firewall = {
      allowedTCPPorts = [ 
        22
        9000
        80
        443
        5044
        12201
        514
      ];
      allowedUDPPorts = [ 
        514
      ];
      enable = false;
    };
  };

  services.openssh = {
    enable = true;
    permitRootLogin = "yes";
  };

  services.nginx = {
    enable = true;
    virtualHosts = {
      default = {
        locations = {
          "/".proxyPass = "http://127.0.0.1:9000/";
        };
      };
    };
  };

  services.graylog = {
    enable = true;
    passwordSecret = "SDwK3ug9U4gYSVtj3h22i0l57QO6p5RE58sNehAgU3vXgqGa2HuNyhL19vhoUKFqy28rqGfDQkRD5834NqPi5wLsy8H1hz5V";
    # mongo.serv.zentralwerk. ?
    elasticsearchHosts = [ "http://172.20.73.15:9200" ];
    rootPasswordSha2 = "3e784172684dcd89d66175b8719cd7894cc96b454ef1d5aa74bd92b3c57da7cd";
    # mongo.serv.zentralwerk. ?
    mongodbUri = "mongodb://172.20.73.14/graylog";
    extraConfig = ''
    http_bind_address = 0.0.0.0:9000
    elasticsearch_shards = 1
    allow_highlighting = true
    allow_leading_wildcard_searches = true
    '';
    user = "root";
  };

  systemd.services.graylog.serviceConfig.Restart = "always";

  system.stateVersion = "19.03"; # Did you read the comment?

}