{ config, pkgs, lib, modulesPath, ... }: { imports = [ (modulesPath + "/profiles/minimal.nix") ../../../lib ../../../lib/lxc-container.nix ../../../lib/shared.nix ]; networking.hostName = "kibana"; networking.interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.44"; prefixLength = 26; } ]; networking.defaultGateway = "172.20.73.1"; networking.firewall.allowedTCPPorts = [ 80 443 ]; # Required for krops services.openssh.enable = true; environment.systemPackages = [ pkgs.git ]; nixpkgs.config.allowUnfree = true; services.elasticsearch = { enable = true; package = pkgs.elasticsearch7; }; services.kibana = { enable = true; package = pkgs.kibana7; }; security.acme = { acceptTerms = true; email = "mail@c3d2.de"; }; services.nginx = let authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY"; vhost = url: { forceSSL = true; enableACME = true; locations."/" = { proxyPass = url; extraConfig = '' auth_basic "Chaos"; auth_basic_user_file ${authFile}; ''; }; }; in { enable = true; recommendedGzipSettings = true; recommendedProxySettings = true; virtualHosts = { "kibana.hq.c3d2.de" = vhost "http://127.0.0.1:${toString config.services.kibana.port}"; "kibana-es.hq.c3d2.de" = vhost "http://127.0.0.1:${toString config.services.elasticsearch.port}"; }; }; # This value determines the NixOS release with which your system is to be # compatible, in order to avoid breaking some software such as database # servers. You should change this only after NixOS release notes say you # should. system.stateVersion = "20.03"; # Did you read the comment? }