nix-config/hosts/containers/logging/configuration.nix

# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).

{ config, pkgs, lib, ... }:

{
  imports = [
    ../../../lib/lxc-container.nix
    ../../../lib/shared.nix
    ../../../lib/admins.nix
  ];

  environment.systemPackages = with pkgs; [ vim ];

  networking = {
    hostName = "logging";
    interfaces.eth0.ipv4.addresses = [{
      address = "172.20.73.13";
      prefixLength = 26;
    }];
    defaultGateway = "172.20.73.1";
    firewall = {
      allowedTCPPorts = [ 22 9000 80 443 5044 12201 514 ];
      allowedUDPPorts = [ 514 ];
      enable = false;
    };
    dhcpcd.denyInterfaces = [ "eth1" ];
    # interface for mgmt network
    interfaces.eth1 = {
      ipv4.addresses = [{
        address = "10.0.0.251";
        prefixLength = 24;
      }];
      useDHCP = false;
    };
  };

  services.openssh = {
    enable = true;
    permitRootLogin = "yes";
  };

  services.nginx = {
    enable = true;
    virtualHosts = {
      default = { locations = { "/".proxyPass = "http://127.0.0.1:9000/"; }; };
    };
  };

  services.graylog = {
    enable = true;
    passwordSecret =
      "SDwK3ug9U4gYSVtj3h22i0l57QO6p5RE58sNehAgU3vXgqGa2HuNyhL19vhoUKFqy28rqGfDQkRD5834NqPi5wLsy8H1hz5V";
    # mongo.serv.zentralwerk. ?
    elasticsearchHosts = [ "http://elastic1.serv.zentralwerk.dn42:9200" ];
    rootPasswordSha2 =
      "3e784172684dcd89d66175b8719cd7894cc96b454ef1d5aa74bd92b3c57da7cd";
    # mongo.serv.zentralwerk. ?
    mongodbUri = "mongodb://mongo.serv.zentralwerk.dn42/graylog";
    extraConfig = ''
      http_bind_address = 0.0.0.0:9000
      http_publish_uri = http://logging.serv.zentralwerk.org/
      elasticsearch_shards = 1
      allow_highlighting = true
      allow_leading_wildcard_searches = true
    '';
    user = "root";
  };

  systemd.services.graylog.serviceConfig.Restart = "always";

  system.stateVersion = "20.09"; # Did you read the comment?

}
-												add elastic/logging

											
										
										
											2019-07-03 20:26:46 +02:00
+								# Edit this configuration file to define what should be installed on
 								# your system.  Help is available in the configuration.nix(5) man page
 								# and in the NixOS manual (accessible by running ‘nixos-help’).
 								{ config, pkgs, lib, ... }:
 								{
-												Nixfmt everything

											
										
										
											2021-02-22 11:45:12 +01:00
+								  imports = [
 								    ../../../lib/lxc-container.nix
-												add elastic/logging

											
										
										
											2019-07-03 20:26:46 +02:00
+								    ../../../lib/shared.nix
 								    ../../../lib/admins.nix
 								  ];
-												Nixfmt everything

											
										
										
											2021-02-22 11:45:12 +01:00
+								  environment.systemPackages = with pkgs; [ vim ];
-												add elastic/logging

											
										
										
											2019-07-03 20:26:46 +02:00
 								  networking = {
 								    hostName = "logging";
-												Nixfmt everything

											
										
										
											2021-02-22 11:45:12 +01:00
+								    interfaces.eth0.ipv4.addresses = [{
 								      address = "172.20.73.13";
 								      prefixLength = 26;
 								    }];
-												static ipv4 configuration for containers in the serv subnet

											
										
										
											2020-05-22 17:24:56 +02:00
+								    defaultGateway = "172.20.73.1";
-												activate central logging

											
										
										
											2019-07-04 04:23:39 +02:00
+								    firewall = {
-												Nixfmt everything

											
										
										
											2021-02-22 11:45:12 +01:00
+								      allowedTCPPorts = [ 22 9000 80 443 5044 12201 514 ];
 								      allowedUDPPorts = [ 514 ];
-												activate central logging

											
										
										
											2019-07-04 04:23:39 +02:00
+								      enable = false;
-												updates

											
										
										
											2019-08-15 18:12:55 +02:00
+								    };
 								    dhcpcd.denyInterfaces = [ "eth1" ];
 								    # interface for mgmt network
 								    interfaces.eth1 = {
 								      ipv4.addresses = [{
 								        address = "10.0.0.251";
 								        prefixLength = 24;
 								      }];
 								      useDHCP = false;
-												activate central logging

											
										
										
											2019-07-04 04:23:39 +02:00
+								    };
-												add elastic/logging

											
										
										
											2019-07-03 20:26:46 +02:00
+								  };
 								  services.openssh = {
 								    enable = true;
 								    permitRootLogin = "yes";
 								  };
-												activate central logging

											
										
										
											2019-07-04 04:23:39 +02:00
+								  services.nginx = {
 								    enable = true;
 								    virtualHosts = {
-												Nixfmt everything

											
										
										
											2021-02-22 11:45:12 +01:00
+								      default = { locations = { "/".proxyPass = "http://127.0.0.1:9000/"; }; };
-												activate central logging

											
										
										
											2019-07-04 04:23:39 +02:00
+								    };
 								  };
-												add elastic/logging

											
										
										
											2019-07-03 20:26:46 +02:00
+								  services.graylog = {
 								    enable = true;
-												Nixfmt everything

											
										
										
											2021-02-22 11:45:12 +01:00
+								    passwordSecret =
 								      "SDwK3ug9U4gYSVtj3h22i0l57QO6p5RE58sNehAgU3vXgqGa2HuNyhL19vhoUKFqy28rqGfDQkRD5834NqPi5wLsy8H1hz5V";
-												add mongo. add missing files

											
										
										
											2019-07-04 00:31:45 +02:00
+								    # mongo.serv.zentralwerk. ?
-												logging: use internal domain names for backend IPv4 connections

											
										
										
											2021-06-07 23:30:49 +02:00
+								    elasticsearchHosts = [ "http://elastic1.serv.zentralwerk.dn42:9200" ];
-												Nixfmt everything

											
										
										
											2021-02-22 11:45:12 +01:00
+								    rootPasswordSha2 =
 								      "3e784172684dcd89d66175b8719cd7894cc96b454ef1d5aa74bd92b3c57da7cd";
-												add mongo. add missing files

											
										
										
											2019-07-04 00:31:45 +02:00
+								    # mongo.serv.zentralwerk. ?
-												logging: use internal domain names for backend IPv4 connections

											
										
										
											2021-06-07 23:30:49 +02:00
+								    mongodbUri = "mongodb://mongo.serv.zentralwerk.dn42/graylog";
-												activate central logging

											
										
										
											2019-07-04 04:23:39 +02:00
+								    extraConfig = ''
-												Nixfmt everything

											
										
										
											2021-02-22 11:45:12 +01:00
+								      http_bind_address = 0.0.0.0:9000
 								      http_publish_uri = http://logging.serv.zentralwerk.org/
 								      elasticsearch_shards = 1
 								      allow_highlighting = true
 								      allow_leading_wildcard_searches = true
-												activate central logging

											
										
										
											2019-07-04 04:23:39 +02:00
+								    '';
 								    user = "root";
-												add elastic/logging

											
										
										
											2019-07-03 20:26:46 +02:00
+								  };
-												updates to logging

											
										
										
											2019-07-19 14:51:09 +02:00
+								  systemd.services.graylog.serviceConfig.Restart = "always";
-												update elastic / logging

											
										
										
											2020-11-11 20:13:16 +01:00
+								  system.stateVersion = "20.09"; # Did you read the comment?
-												add elastic/logging

											
										
										
											2019-07-03 20:26:46 +02:00
 								}