{ hostRegistry, config, pkgs, lib, ... }:

let
  graylogPort = 9000;
in
{
  networking = {
    hostName = "logging";
    interfaces.eth0.ipv4.addresses = [{
      address = hostRegistry.hosts.logging.ip4;
      prefixLength = 26;
    }];
    defaultGateway = "172.20.73.1";
    firewall = {
      allowedTCPPorts = [ 22 80 443 5044 12201 514 ];
      allowedUDPPorts = [ 514 ];
      enable = false;
    };
    dhcpcd.denyInterfaces = [ "eth1" ];
    # interface for mgmt network
    interfaces.eth1 = {
      ipv4.addresses = [{
        address = "10.0.0.251";
        prefixLength = 24;
      }];
      useDHCP = false;
    };
  };

  # Don't loop
  services.journalbeat.enable = lib.mkForce false;

  services.openssh = {
    enable = true;
  };

  services.nginx = {
    enable = true;
    virtualHosts = {
      "logging.serv.zentralwerk.org" = {
        default = true;
        enableACME = true;
        forceSSL = true;
        locations = { "/".proxyPass = "http://127.0.0.1:${toString graylogPort}/"; };
      };
    };
  };

  services.graylog = {
    enable = true;
    passwordSecret =
      "SDwK3ug9U4gYSVtj3h22i0l57QO6p5RE58sNehAgU3vXgqGa2HuNyhL19vhoUKFqy28rqGfDQkRD5834NqPi5wLsy8H1hz5V";
    elasticsearchHosts = [ "http://localhost:9200" ];
    rootPasswordSha2 =
      "2bed7d6138c04098c05f492174c31d45d873f5146ad775e4c26a4863fa370d7d";
    mongodbUri = "mongodb://localhost/graylog";
    extraConfig = ''
      http_bind_address = 127.0.0.1:${toString graylogPort}
      http_publish_uri = https://logging.serv.zentralwerk.org/
      elasticsearch_shards = 1
      allow_highlighting = true
      allow_leading_wildcard_searches = true
    '';
    user = "root";
  };

  services.mongodb = {
    enable = true;
  };

  # noXlibs breaks cairo:
  environment.noXlibs = false;
  nixpkgs.config.allowUnfree = true;
  services.elasticsearch = {
    enable = true;
    extraJavaOptions = [ "-Xms2g" "-Xmx2g" ];
  };
  systemd.services.elasticsearch.serviceConfig.Restart = "always";

  # does not work, needs to be set on hv (done through ansible)
  boot.kernel.sysctl = { "vm.max_map_count" = "262144"; };

  services.elasticsearch-curator = {
    enable = true;
    actionYAML = ''
      ---
      actions:
        1:
          action: delete_indices
          description: >-
            Delete indices older than 45 days (based on index name), for logstash-
            prefixed indices. Ignore the error if the filter does not result in an
            actionable list of indices (ignore_empty_list) and exit cleanly.
          options:
            ignore_empty_list: True
            disable_action: False
          filters:
          - filtertype: pattern
            kind: prefix
            value: logstash-
          - filtertype: age
            source: name
            direction: older
            timestring: '%Y.%m.%d'
            unit: days
            unit_count: 45
        '';
  };

  systemd.services.graylog.serviceConfig.Restart = "always";

  system.stateVersion = "21.05";
}