nix-config/hosts/containers/kibana/configuration.nix

67 lines
1.8 KiB
Nix

{ config, pkgs, lib, modulesPath, ... }:
{
imports = [
(modulesPath + "/profiles/minimal.nix")
../../../lib
../../../lib/lxc-container.nix
../../../lib/shared.nix
];
networking.hostName = "kibana";
networking.interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.44"; prefixLength = 26; } ];
networking.defaultGateway = "172.20.73.1";
networking.firewall.allowedTCPPorts = [ 80 443 ];
# Required for krops
services.openssh.enable = true;
environment.systemPackages = [ pkgs.git ];
nixpkgs.config.allowUnfree = true;
services.elasticsearch = {
enable = true;
package = pkgs.elasticsearch7;
};
services.kibana = {
enable = true;
package = pkgs.kibana7;
};
security.acme = {
acceptTerms = true;
email = "mail@c3d2.de";
};
services.nginx =
let
authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
vhost = url: {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = url;
extraConfig = ''
auth_basic "Chaos";
auth_basic_user_file ${authFile};
'';
};
};
in
{
enable = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
virtualHosts = {
"kibana.hq.c3d2.de" =
vhost "http://127.0.0.1:${toString config.services.kibana.port}";
"kibana-es.hq.c3d2.de" =
vhost "http://127.0.0.1:${toString config.services.elasticsearch.port}";
};
};
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "20.03"; # Did you read the comment?
}