Delete no longer existing hosts
This commit is contained in:
parent
7e6bf649fa
commit
c5a2cad5ab
21
flake.nix
21
flake.nix
|
@ -607,13 +607,6 @@
|
|||
];
|
||||
};
|
||||
|
||||
kibana = nixosSystem' {
|
||||
modules = [
|
||||
./config/lxc-container.nix
|
||||
./hosts/containers/kibana
|
||||
];
|
||||
};
|
||||
|
||||
public-access-proxy = nixosSystem' {
|
||||
modules = [
|
||||
self.nixosModules.microvm
|
||||
|
@ -653,20 +646,6 @@
|
|||
];
|
||||
};
|
||||
|
||||
mail = nixosSystem' {
|
||||
modules = [
|
||||
./config/lxc-container.nix
|
||||
./hosts/containers/mail
|
||||
];
|
||||
};
|
||||
|
||||
logging = nixosSystem' {
|
||||
modules = [
|
||||
./config/lxc-container.nix
|
||||
./hosts/containers/logging
|
||||
];
|
||||
};
|
||||
|
||||
c3d2-web = nixosSystem' {
|
||||
modules = [
|
||||
{ _module.args = { inherit nixos; }; }
|
||||
|
|
|
@ -1,57 +0,0 @@
|
|||
{ zentralwerk, config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
networking.hostName = "kibana";
|
||||
networking.interfaces.eth0.ipv4.addresses = [{
|
||||
address = "172.20.73.44";
|
||||
prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
|
||||
}];
|
||||
networking.defaultGateway = "172.20.73.1";
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
|
||||
# Required for deployment
|
||||
services.openssh.enable = true;
|
||||
|
||||
# noXlibs breaks cairo:
|
||||
environment.noXlibs = false;
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
services.elasticsearch = {
|
||||
enable = true;
|
||||
package = pkgs.elasticsearch7;
|
||||
};
|
||||
services.kibana = {
|
||||
enable = true;
|
||||
package = pkgs.kibana7;
|
||||
};
|
||||
|
||||
services.nginx = let
|
||||
authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
|
||||
vhost = url: {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = url;
|
||||
extraConfig = ''
|
||||
auth_basic "Chaos";
|
||||
auth_basic_user_file ${authFile};
|
||||
'';
|
||||
};
|
||||
};
|
||||
in {
|
||||
enable = true;
|
||||
clientMaxBodySize = "100m";
|
||||
virtualHosts = {
|
||||
"kibana.hq.c3d2.de" =
|
||||
vhost "http://127.0.0.1:${toString config.services.kibana.port}";
|
||||
"kibana-es.hq.c3d2.de" =
|
||||
vhost "http://127.0.0.1:${toString config.services.elasticsearch.port}";
|
||||
};
|
||||
};
|
||||
|
||||
# This value determines the NixOS release with which your system is to be
|
||||
# compatible, in order to avoid breaking some software such as database
|
||||
# servers. You should change this only after NixOS release notes say you
|
||||
# should.
|
||||
system.stateVersion = "20.03"; # Did you read the comment?
|
||||
}
|
|
@ -1,113 +0,0 @@
|
|||
{ zentralwerk, config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
graylogPort = 9000;
|
||||
in
|
||||
{
|
||||
networking = {
|
||||
hostName = "logging";
|
||||
interfaces.eth0.ipv4.addresses = [{
|
||||
address = config.c3d2.hosts.logging.ip4;
|
||||
prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
|
||||
}];
|
||||
defaultGateway = "172.20.73.1";
|
||||
firewall = {
|
||||
allowedTCPPorts = [ 22 80 443 5044 12201 514 ];
|
||||
allowedUDPPorts = [ 514 ];
|
||||
enable = false;
|
||||
};
|
||||
dhcpcd.denyInterfaces = [ "eth1" ];
|
||||
# interface for mgmt network
|
||||
interfaces.eth1 = {
|
||||
ipv4.addresses = [{
|
||||
address = "10.0.0.251";
|
||||
prefixLength = 24;
|
||||
}];
|
||||
useDHCP = false;
|
||||
};
|
||||
};
|
||||
|
||||
# Don't loop
|
||||
services.journalbeat.enable = lib.mkForce false;
|
||||
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts = {
|
||||
"logging.serv.zentralwerk.org" = {
|
||||
default = true;
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations = { "/".proxyPass = "http://127.0.0.1:${toString graylogPort}/"; };
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.graylog = {
|
||||
enable = true;
|
||||
passwordSecret =
|
||||
"SDwK3ug9U4gYSVtj3h22i0l57QO6p5RE58sNehAgU3vXgqGa2HuNyhL19vhoUKFqy28rqGfDQkRD5834NqPi5wLsy8H1hz5V";
|
||||
elasticsearchHosts = [ "http://localhost:9200" ];
|
||||
rootPasswordSha2 =
|
||||
"2bed7d6138c04098c05f492174c31d45d873f5146ad775e4c26a4863fa370d7d";
|
||||
mongodbUri = "mongodb://localhost/graylog";
|
||||
extraConfig = ''
|
||||
http_bind_address = 127.0.0.1:${toString graylogPort}
|
||||
http_publish_uri = https://logging.serv.zentralwerk.org/
|
||||
elasticsearch_shards = 1
|
||||
allow_highlighting = true
|
||||
allow_leading_wildcard_searches = true
|
||||
'';
|
||||
user = "root";
|
||||
};
|
||||
|
||||
services.mongodb = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
# noXlibs breaks cairo:
|
||||
environment.noXlibs = false;
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
services.elasticsearch = {
|
||||
enable = true;
|
||||
extraJavaOptions = [ "-Xms2g" "-Xmx2g" ];
|
||||
};
|
||||
systemd.services.elasticsearch.serviceConfig.Restart = "always";
|
||||
|
||||
# does not work, needs to be set on hv (done through ansible)
|
||||
boot.kernel.sysctl = { "vm.max_map_count" = "262144"; };
|
||||
|
||||
services.elasticsearch-curator = {
|
||||
enable = true;
|
||||
actionYAML = ''
|
||||
---
|
||||
actions:
|
||||
1:
|
||||
action: delete_indices
|
||||
description: >-
|
||||
Delete indices older than 45 days (based on index name), for logstash-
|
||||
prefixed indices. Ignore the error if the filter does not result in an
|
||||
actionable list of indices (ignore_empty_list) and exit cleanly.
|
||||
options:
|
||||
ignore_empty_list: True
|
||||
disable_action: False
|
||||
filters:
|
||||
- filtertype: pattern
|
||||
kind: prefix
|
||||
value: logstash-
|
||||
- filtertype: age
|
||||
source: name
|
||||
direction: older
|
||||
timestring: '%Y.%m.%d'
|
||||
unit: days
|
||||
unit_count: 45
|
||||
'';
|
||||
};
|
||||
|
||||
systemd.services.graylog.serviceConfig.Restart = "always";
|
||||
|
||||
system.stateVersion = "21.05";
|
||||
}
|
|
@ -1,10 +0,0 @@
|
|||
{ zentralwerk, ... }:
|
||||
{
|
||||
networking.hostName = "mail";
|
||||
networking.useNetworkd = true;
|
||||
networking.interfaces.eth0.ipv4.addresses = [{
|
||||
address = "172.20.73.58";
|
||||
prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
|
||||
}];
|
||||
networking.defaultGateway = "172.20.73.1";
|
||||
}
|
Loading…
Reference in New Issue