diff --git a/flake.nix b/flake.nix index 7cfad693..b5d7984a 100644 --- a/flake.nix +++ b/flake.nix @@ -607,13 +607,6 @@ ]; }; - kibana = nixosSystem' { - modules = [ - ./config/lxc-container.nix - ./hosts/containers/kibana - ]; - }; - public-access-proxy = nixosSystem' { modules = [ self.nixosModules.microvm @@ -653,20 +646,6 @@ ]; }; - mail = nixosSystem' { - modules = [ - ./config/lxc-container.nix - ./hosts/containers/mail - ]; - }; - - logging = nixosSystem' { - modules = [ - ./config/lxc-container.nix - ./hosts/containers/logging - ]; - }; - c3d2-web = nixosSystem' { modules = [ { _module.args = { inherit nixos; }; } diff --git a/hosts/containers/kibana/default.nix b/hosts/containers/kibana/default.nix deleted file mode 100644 index 9f679bd6..00000000 --- a/hosts/containers/kibana/default.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ zentralwerk, config, pkgs, lib, ... }: - -{ - networking.hostName = "kibana"; - networking.interfaces.eth0.ipv4.addresses = [{ - address = "172.20.73.44"; - prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len; - }]; - networking.defaultGateway = "172.20.73.1"; - networking.firewall.allowedTCPPorts = [ 80 443 ]; - - # Required for deployment - services.openssh.enable = true; - - # noXlibs breaks cairo: - environment.noXlibs = false; - - nixpkgs.config.allowUnfree = true; - services.elasticsearch = { - enable = true; - package = pkgs.elasticsearch7; - }; - services.kibana = { - enable = true; - package = pkgs.kibana7; - }; - - services.nginx = let - authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY"; - vhost = url: { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = url; - extraConfig = '' - auth_basic "Chaos"; - auth_basic_user_file ${authFile}; - ''; - }; - }; - in { - enable = true; - clientMaxBodySize = "100m"; - virtualHosts = { - "kibana.hq.c3d2.de" = - vhost "http://127.0.0.1:${toString config.services.kibana.port}"; - "kibana-es.hq.c3d2.de" = - vhost "http://127.0.0.1:${toString config.services.elasticsearch.port}"; - }; - }; - - # This value determines the NixOS release with which your system is to be - # compatible, in order to avoid breaking some software such as database - # servers. You should change this only after NixOS release notes say you - # should. - system.stateVersion = "20.03"; # Did you read the comment? -} diff --git a/hosts/containers/logging/default.nix b/hosts/containers/logging/default.nix deleted file mode 100644 index f08c83fd..00000000 --- a/hosts/containers/logging/default.nix +++ /dev/null @@ -1,113 +0,0 @@ -{ zentralwerk, config, pkgs, lib, ... }: - -let - graylogPort = 9000; -in -{ - networking = { - hostName = "logging"; - interfaces.eth0.ipv4.addresses = [{ - address = config.c3d2.hosts.logging.ip4; - prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len; - }]; - defaultGateway = "172.20.73.1"; - firewall = { - allowedTCPPorts = [ 22 80 443 5044 12201 514 ]; - allowedUDPPorts = [ 514 ]; - enable = false; - }; - dhcpcd.denyInterfaces = [ "eth1" ]; - # interface for mgmt network - interfaces.eth1 = { - ipv4.addresses = [{ - address = "10.0.0.251"; - prefixLength = 24; - }]; - useDHCP = false; - }; - }; - - # Don't loop - services.journalbeat.enable = lib.mkForce false; - - services.openssh = { - enable = true; - }; - - services.nginx = { - enable = true; - virtualHosts = { - "logging.serv.zentralwerk.org" = { - default = true; - enableACME = true; - forceSSL = true; - locations = { "/".proxyPass = "http://127.0.0.1:${toString graylogPort}/"; }; - }; - }; - }; - - services.graylog = { - enable = true; - passwordSecret = - "SDwK3ug9U4gYSVtj3h22i0l57QO6p5RE58sNehAgU3vXgqGa2HuNyhL19vhoUKFqy28rqGfDQkRD5834NqPi5wLsy8H1hz5V"; - elasticsearchHosts = [ "http://localhost:9200" ]; - rootPasswordSha2 = - "2bed7d6138c04098c05f492174c31d45d873f5146ad775e4c26a4863fa370d7d"; - mongodbUri = "mongodb://localhost/graylog"; - extraConfig = '' - http_bind_address = 127.0.0.1:${toString graylogPort} - http_publish_uri = https://logging.serv.zentralwerk.org/ - elasticsearch_shards = 1 - allow_highlighting = true - allow_leading_wildcard_searches = true - ''; - user = "root"; - }; - - services.mongodb = { - enable = true; - }; - - # noXlibs breaks cairo: - environment.noXlibs = false; - nixpkgs.config.allowUnfree = true; - services.elasticsearch = { - enable = true; - extraJavaOptions = [ "-Xms2g" "-Xmx2g" ]; - }; - systemd.services.elasticsearch.serviceConfig.Restart = "always"; - - # does not work, needs to be set on hv (done through ansible) - boot.kernel.sysctl = { "vm.max_map_count" = "262144"; }; - - services.elasticsearch-curator = { - enable = true; - actionYAML = '' - --- - actions: - 1: - action: delete_indices - description: >- - Delete indices older than 45 days (based on index name), for logstash- - prefixed indices. Ignore the error if the filter does not result in an - actionable list of indices (ignore_empty_list) and exit cleanly. - options: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: prefix - value: logstash- - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: 45 - ''; - }; - - systemd.services.graylog.serviceConfig.Restart = "always"; - - system.stateVersion = "21.05"; -} diff --git a/hosts/containers/mail/default.nix b/hosts/containers/mail/default.nix deleted file mode 100644 index 92500672..00000000 --- a/hosts/containers/mail/default.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ zentralwerk, ... }: -{ - networking.hostName = "mail"; - networking.useNetworkd = true; - networking.interfaces.eth0.ipv4.addresses = [{ - address = "172.20.73.58"; - prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len; - }]; - networking.defaultGateway = "172.20.73.1"; -}