87 lines
2.1 KiB
Nix
87 lines
2.1 KiB
Nix
# Edit this configuration file to define what should be installed on
|
||
# your system. Help is available in the configuration.nix(5) man page
|
||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||
|
||
{ config, pkgs, lib, ... }:
|
||
|
||
{
|
||
imports =
|
||
[ ../../../lib/lxc-container.nix
|
||
../../../lib/shared.nix
|
||
../../../lib/admins.nix
|
||
];
|
||
|
||
environment.systemPackages = with pkgs; [
|
||
vim
|
||
];
|
||
|
||
networking = {
|
||
hostName = "logging";
|
||
interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.13"; prefixLength = 26; } ];
|
||
defaultGateway = "172.20.73.1";
|
||
firewall = {
|
||
allowedTCPPorts = [
|
||
22
|
||
9000
|
||
80
|
||
443
|
||
5044
|
||
12201
|
||
514
|
||
];
|
||
allowedUDPPorts = [
|
||
514
|
||
];
|
||
enable = false;
|
||
};
|
||
dhcpcd.denyInterfaces = [ "eth1" ];
|
||
# interface for mgmt network
|
||
interfaces.eth1 = {
|
||
ipv4.addresses = [{
|
||
address = "10.0.0.251";
|
||
prefixLength = 24;
|
||
}];
|
||
useDHCP = false;
|
||
};
|
||
};
|
||
|
||
services.openssh = {
|
||
enable = true;
|
||
permitRootLogin = "yes";
|
||
};
|
||
|
||
services.nginx = {
|
||
enable = true;
|
||
virtualHosts = {
|
||
default = {
|
||
locations = {
|
||
"/".proxyPass = "http://127.0.0.1:9000/";
|
||
};
|
||
};
|
||
};
|
||
};
|
||
|
||
services.graylog = {
|
||
enable = true;
|
||
passwordSecret = "SDwK3ug9U4gYSVtj3h22i0l57QO6p5RE58sNehAgU3vXgqGa2HuNyhL19vhoUKFqy28rqGfDQkRD5834NqPi5wLsy8H1hz5V";
|
||
# mongo.serv.zentralwerk. ?
|
||
elasticsearchHosts = [ "http://elastic1.serv.zentralwerk.org:9200" ];
|
||
rootPasswordSha2 = "3e784172684dcd89d66175b8719cd7894cc96b454ef1d5aa74bd92b3c57da7cd";
|
||
# mongo.serv.zentralwerk. ?
|
||
mongodbUri = "mongodb://mongo.serv.zentralwerk.org/graylog";
|
||
extraConfig = ''
|
||
http_bind_address = 0.0.0.0:9000
|
||
http_publish_uri = http://logging.serv.zentralwerk.org/
|
||
elasticsearch_shards = 1
|
||
allow_highlighting = true
|
||
allow_leading_wildcard_searches = true
|
||
'';
|
||
user = "root";
|
||
};
|
||
|
||
systemd.services.graylog.serviceConfig.Restart = "always";
|
||
|
||
system.stateVersion = "20.09"; # Did you read the comment?
|
||
|
||
}
|