nix-config/hosts/containers/elastic/configuration.nix

# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).

{ config, pkgs, lib, ... }:

{
  imports =
    [ ../../../lib/lxc-container.nix
    ../../../lib/shared.nix
    ../../../lib/admins.nix
  ];

  environment.systemPackages = with pkgs; [
    vim
  ];

  networking = {
    hostName = "elastic1";
    interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.15"; prefixLength = 26; } ];
    defaultGateway = "172.20.73.1";
    firewall = {
      allowedTCPPorts = [ 
        22
        9200
        9300
      ];
      enable = true;
    };
  };

  nixpkgs.config.allowUnfree = true; 

  services.openssh = {
    enable = true;
    permitRootLogin = "yes";
  };

  services.elasticsearch = {
    enable = true;
    cluster_name = "zentralwerk";
    dataDir = "/srv/elasticsearch";
    listenAddress = "0.0.0.0";
    extraJavaOptions = [ "-Xms2g" "-Xmx2g" ];
  };
  systemd.services.elasticsearch.serviceConfig.Restart = "always";

  # does not work, needs to be set on hv (done through ansible)
  boot.kernel.sysctl = {
    "vm.max_map_count"="262144";
  };

  services.elasticsearch-curator = {
    enable = true;
    actionYAML = ''
  ---
  actions:
    1:
      action: delete_indices
      description: >-
        Delete indices older than 45 days (based on index name), for logstash-
        prefixed indices. Ignore the error if the filter does not result in an
        actionable list of indices (ignore_empty_list) and exit cleanly.
      options:
        ignore_empty_list: True
        disable_action: False
      filters:
      - filtertype: pattern
        kind: prefix
        value: logstash-
      - filtertype: age
        source: name
        direction: older
        timestring: '%Y.%m.%d'
        unit: days
        unit_count: 45
    '';
  };

  system.stateVersion = "18.09"; # Did you read the comment?

}