2019-07-03 20:26:46 +02:00
|
|
|
|
# Edit this configuration file to define what should be installed on
|
|
|
|
|
# your system. Help is available in the configuration.nix(5) man page
|
|
|
|
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
|
|
|
|
|
|
|
|
|
{ config, pkgs, lib, ... }:
|
|
|
|
|
|
|
|
|
|
{
|
2021-02-22 11:45:12 +01:00
|
|
|
|
imports = [
|
|
|
|
|
../../../lib/lxc-container.nix
|
2019-07-03 20:26:46 +02:00
|
|
|
|
../../../lib/shared.nix
|
|
|
|
|
../../../lib/admins.nix
|
|
|
|
|
];
|
|
|
|
|
|
2021-02-22 11:45:12 +01:00
|
|
|
|
environment.systemPackages = with pkgs; [ vim ];
|
2019-07-03 20:26:46 +02:00
|
|
|
|
|
|
|
|
|
networking = {
|
|
|
|
|
hostName = "logging";
|
2021-02-22 11:45:12 +01:00
|
|
|
|
interfaces.eth0.ipv4.addresses = [{
|
|
|
|
|
address = "172.20.73.13";
|
|
|
|
|
prefixLength = 26;
|
|
|
|
|
}];
|
2020-05-22 17:24:56 +02:00
|
|
|
|
defaultGateway = "172.20.73.1";
|
2019-07-04 04:23:39 +02:00
|
|
|
|
firewall = {
|
2021-02-22 11:45:12 +01:00
|
|
|
|
allowedTCPPorts = [ 22 9000 80 443 5044 12201 514 ];
|
|
|
|
|
allowedUDPPorts = [ 514 ];
|
2019-07-04 04:23:39 +02:00
|
|
|
|
enable = false;
|
2019-08-15 18:12:55 +02:00
|
|
|
|
};
|
|
|
|
|
dhcpcd.denyInterfaces = [ "eth1" ];
|
|
|
|
|
# interface for mgmt network
|
|
|
|
|
interfaces.eth1 = {
|
|
|
|
|
ipv4.addresses = [{
|
|
|
|
|
address = "10.0.0.251";
|
|
|
|
|
prefixLength = 24;
|
|
|
|
|
}];
|
|
|
|
|
useDHCP = false;
|
2019-07-04 04:23:39 +02:00
|
|
|
|
};
|
2019-07-03 20:26:46 +02:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
services.openssh = {
|
|
|
|
|
enable = true;
|
|
|
|
|
permitRootLogin = "yes";
|
|
|
|
|
};
|
|
|
|
|
|
2019-07-04 04:23:39 +02:00
|
|
|
|
services.nginx = {
|
|
|
|
|
enable = true;
|
|
|
|
|
virtualHosts = {
|
2021-02-22 11:45:12 +01:00
|
|
|
|
default = { locations = { "/".proxyPass = "http://127.0.0.1:9000/"; }; };
|
2019-07-04 04:23:39 +02:00
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2019-07-03 20:26:46 +02:00
|
|
|
|
services.graylog = {
|
|
|
|
|
enable = true;
|
2021-02-22 11:45:12 +01:00
|
|
|
|
passwordSecret =
|
|
|
|
|
"SDwK3ug9U4gYSVtj3h22i0l57QO6p5RE58sNehAgU3vXgqGa2HuNyhL19vhoUKFqy28rqGfDQkRD5834NqPi5wLsy8H1hz5V";
|
2019-07-04 00:31:45 +02:00
|
|
|
|
# mongo.serv.zentralwerk. ?
|
2021-06-07 23:30:49 +02:00
|
|
|
|
elasticsearchHosts = [ "http://elastic1.serv.zentralwerk.dn42:9200" ];
|
2021-02-22 11:45:12 +01:00
|
|
|
|
rootPasswordSha2 =
|
|
|
|
|
"3e784172684dcd89d66175b8719cd7894cc96b454ef1d5aa74bd92b3c57da7cd";
|
2019-07-04 00:31:45 +02:00
|
|
|
|
# mongo.serv.zentralwerk. ?
|
2021-06-07 23:30:49 +02:00
|
|
|
|
mongodbUri = "mongodb://mongo.serv.zentralwerk.dn42/graylog";
|
2019-07-04 04:23:39 +02:00
|
|
|
|
extraConfig = ''
|
2021-02-22 11:45:12 +01:00
|
|
|
|
http_bind_address = 0.0.0.0:9000
|
|
|
|
|
http_publish_uri = http://logging.serv.zentralwerk.org/
|
|
|
|
|
elasticsearch_shards = 1
|
|
|
|
|
allow_highlighting = true
|
|
|
|
|
allow_leading_wildcard_searches = true
|
2019-07-04 04:23:39 +02:00
|
|
|
|
'';
|
|
|
|
|
user = "root";
|
2019-07-03 20:26:46 +02:00
|
|
|
|
};
|
|
|
|
|
|
2019-07-19 14:51:09 +02:00
|
|
|
|
systemd.services.graylog.serviceConfig.Restart = "always";
|
|
|
|
|
|
2020-11-11 20:13:16 +01:00
|
|
|
|
system.stateVersion = "20.09"; # Did you read the comment?
|
2019-07-03 20:26:46 +02:00
|
|
|
|
|
|
|
|
|
}
|