114 lines
2.9 KiB
Nix
114 lines
2.9 KiB
Nix
{ hostRegistry, config, pkgs, lib, ... }:
|
|
|
|
let
|
|
graylogPort = 9000;
|
|
in
|
|
{
|
|
networking = {
|
|
hostName = "logging";
|
|
interfaces.eth0.ipv4.addresses = [{
|
|
address = hostRegistry.hosts.logging.ip4;
|
|
prefixLength = 26;
|
|
}];
|
|
defaultGateway = "172.20.73.1";
|
|
firewall = {
|
|
allowedTCPPorts = [ 22 80 443 5044 12201 514 ];
|
|
allowedUDPPorts = [ 514 ];
|
|
enable = false;
|
|
};
|
|
dhcpcd.denyInterfaces = [ "eth1" ];
|
|
# interface for mgmt network
|
|
interfaces.eth1 = {
|
|
ipv4.addresses = [{
|
|
address = "10.0.0.251";
|
|
prefixLength = 24;
|
|
}];
|
|
useDHCP = false;
|
|
};
|
|
};
|
|
|
|
# Don't loop
|
|
services.journalbeat.enable = lib.mkForce false;
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
};
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
virtualHosts = {
|
|
"logging.serv.zentralwerk.org" = {
|
|
default = true;
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations = { "/".proxyPass = "http://127.0.0.1:${toString graylogPort}/"; };
|
|
};
|
|
};
|
|
};
|
|
|
|
services.graylog = {
|
|
enable = true;
|
|
passwordSecret =
|
|
"SDwK3ug9U4gYSVtj3h22i0l57QO6p5RE58sNehAgU3vXgqGa2HuNyhL19vhoUKFqy28rqGfDQkRD5834NqPi5wLsy8H1hz5V";
|
|
elasticsearchHosts = [ "http://localhost:9200" ];
|
|
rootPasswordSha2 =
|
|
"2bed7d6138c04098c05f492174c31d45d873f5146ad775e4c26a4863fa370d7d";
|
|
mongodbUri = "mongodb://localhost/graylog";
|
|
extraConfig = ''
|
|
http_bind_address = 127.0.0.1:${toString graylogPort}
|
|
http_publish_uri = https://logging.serv.zentralwerk.org/
|
|
elasticsearch_shards = 1
|
|
allow_highlighting = true
|
|
allow_leading_wildcard_searches = true
|
|
'';
|
|
user = "root";
|
|
};
|
|
|
|
services.mongodb = {
|
|
enable = true;
|
|
};
|
|
|
|
# noXlibs breaks cairo:
|
|
environment.noXlibs = false;
|
|
nixpkgs.config.allowUnfree = true;
|
|
services.elasticsearch = {
|
|
enable = true;
|
|
extraJavaOptions = [ "-Xms2g" "-Xmx2g" ];
|
|
};
|
|
systemd.services.elasticsearch.serviceConfig.Restart = "always";
|
|
|
|
# does not work, needs to be set on hv (done through ansible)
|
|
boot.kernel.sysctl = { "vm.max_map_count" = "262144"; };
|
|
|
|
services.elasticsearch-curator = {
|
|
enable = true;
|
|
actionYAML = ''
|
|
---
|
|
actions:
|
|
1:
|
|
action: delete_indices
|
|
description: >-
|
|
Delete indices older than 45 days (based on index name), for logstash-
|
|
prefixed indices. Ignore the error if the filter does not result in an
|
|
actionable list of indices (ignore_empty_list) and exit cleanly.
|
|
options:
|
|
ignore_empty_list: True
|
|
disable_action: False
|
|
filters:
|
|
- filtertype: pattern
|
|
kind: prefix
|
|
value: logstash-
|
|
- filtertype: age
|
|
source: name
|
|
direction: older
|
|
timestring: '%Y.%m.%d'
|
|
unit: days
|
|
unit_count: 45
|
|
'';
|
|
};
|
|
|
|
systemd.services.graylog.serviceConfig.Restart = "always";
|
|
|
|
system.stateVersion = "21.05";
|
|
}
|