From d69eee2b75a2191a6b47be27d3380fe0441a44ca Mon Sep 17 00:00:00 2001
From: Astro <astro@spaceboyz.net>
Date: Sat, 23 May 2020 01:17:16 +0200
Subject: [PATCH] containers/kibana: init

---
 hosts/containers/kibana/configuration.nix | 66 +++++++++++++++++++++++
 krops.nix                                 |  1 +
 2 files changed, 67 insertions(+)
 create mode 100644 hosts/containers/kibana/configuration.nix

diff --git a/hosts/containers/kibana/configuration.nix b/hosts/containers/kibana/configuration.nix
new file mode 100644
index 00000000..cd71c8f7
--- /dev/null
+++ b/hosts/containers/kibana/configuration.nix
@@ -0,0 +1,66 @@
+{ config, pkgs, lib, ... }:
+
+{
+  imports = [
+    <nixpkgs/nixos/modules/profiles/minimal.nix>
+    <lib>
+    <lib/lxc-container.nix>
+    <lib/shared.nix>
+  ];
+
+  networking.hostName = "kibana";
+  networking.interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.44"; prefixLength = 26; } ];
+  networking.defaultGateway = "172.20.73.1";
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+  # Required for krops
+  services.openssh.enable = true;
+  environment.systemPackages = [ pkgs.git ];
+
+  nixpkgs.config.allowUnfree = true;
+  services.elasticsearch = {
+    enable = true;
+    package = pkgs.elasticsearch7;
+  };
+  services.kibana = {
+    enable = true;
+    package = pkgs.kibana7;
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    email = "mail@c3d2.de";
+  };
+  services.nginx =
+    let
+      authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
+      vhost = url: {
+        forceSSL = true;
+        enableACME = true;
+        locations."/" = {
+          proxyPass = url;
+          extraConfig = ''
+            auth_basic "Chaos";
+            auth_basic_user_file ${authFile};
+          '';
+        };
+      };
+    in
+    {
+      enable = true;
+      recommendedGzipSettings = true;
+      recommendedProxySettings = true;
+      virtualHosts = {
+        "kibana.hq.c3d2.de" =
+          vhost "http://localhost:${toString config.services.kibana.port}";
+        "kibana-es.hq.c3d2.de" =
+          vhost "http://127.0.0.1:${toString config.services.elasticsearch.port}";
+      };
+    };
+
+  # This value determines the NixOS release with which your system is to be
+  # compatible, in order to avoid breaking some software such as database
+  # servers. You should change this only after NixOS release notes say you
+  # should.
+  system.stateVersion = "20.03"; # Did you read the comment?
+}
diff --git a/krops.nix b/krops.nix
index 6e31df4d..daa1759c 100644
--- a/krops.nix
+++ b/krops.nix
@@ -31,4 +31,5 @@ in {
   scrape = deployContainer "scrape" "172.20.73.32";
   ledstripes = deployContainer "ledstripes" "172.22.99.168";
   freifunk = deployContainer "freifunk" "172.20.72.40";
+  kibana = deployContainer "kibana" "172.20.73.44";
 }