leon/nix-config
leon
/
nix-config
forked from c3d2/nix-config
1
0
Fork 0
Code Pull Requests Activity

kibana: revive

This commit is contained in:
Astro 2022-12-23 20:25:00 +01:00
parent 73861f5f7e
commit 7169365fd8
4 changed files with 253 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.sops.yaml
View File

@ -38,6 +38,7 @@ keys:
- &hedgedoc age1jt5pj0c0fvmzg7quaucq4n2rzcx9ajzstp8ruwc8ewjpay5vqfqsdjaal8
- &hydra age1px8sjpcmnz27ayczzu883n0p5ad34vnzj6rl9y2eyye546v0m3dqfqx459
- &jabber age1tnq862ekxepjkes6efr282uj9gtcsqru04s5k0l2enq5djxyt5as0k0c2a
- &kibana age15nj7xkv7nrewxam4cd0uw6glxeh9xmq46lu4zdnq23trqch4pufqm9phq6
- &leon age1cm0cjk2764s4pv5g7e67as34g9xtcltex96ga87wckndw62wqqlsvkscqc
- &leoncloud age1aw9s4kcd6ys64ddzzfya9ajzln2tv8pm9uvz6d85v0r6eq4dudqq5vts86
- &mailtngbert age1jr5mc4ekmjf4uk2ue4xcuy0yl202phlu2t6c544qfj45ahzag56s4d0kzj
@ -87,6 +88,7 @@ creation_rules:
- *hedgedoc
- *hydra
- *jabber
- *kibana
- *leon
- *leoncloud
- *mailtngbert
@ -175,6 +177,12 @@ creation_rules:
age:
- *hydra
- *polygon-snowflake
- path_regex: hosts/kibana/[^/]+\.yaml$
key_groups:
- pgp: *admins
age:
- *kibana
- *polygon-snowflake
- path_regex: hosts/mailtngbert/[^/]+\.yaml$
key_groups:
- pgp: *admins

7
flake.nix
View File

@ -750,6 +750,13 @@
./hosts/rc3ticker
];
};
kibana = nixosSystem' {
modules = [
self.nixosModules.cluster-options
./hosts/kibana
];
};
};
nixosModules = {

57
hosts/kibana/default.nix Normal file
View File

@ -0,0 +1,57 @@
{ zentralwerk, config, pkgs, lib, ... }:
{
deployment = {
mem = 2048;
vcpu = 4;
storage = "big";
hypervisor = "qemu";
};
networking.hostName = "kibana";
networking.firewall.allowedTCPPorts = [ 80 443 ];
nixpkgs.config.allowUnfree = true;
services.elasticsearch = {
enable = true;
package = pkgs.elasticsearch7;
};
services.kibana = {
enable = true;
package = pkgs.kibana7;
};
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets."nginx/htpasswd" = {
owner = "nginx";
path = "/run/nginx/htpasswd";
};
services.nginx = let
vhost = url: {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = url;
extraConfig = ''
auth_basic "Chaos";
auth_basic_user_file ${config.sops.secrets."nginx/htpasswd".path};
'';
};
};
in {
enable = true;
clientMaxBodySize = "100m";
virtualHosts = {
"kibana.hq.c3d2.de" =
vhost "http://127.0.0.1:${toString config.services.kibana.port}";
"kibana-es.hq.c3d2.de" =
vhost "http://127.0.0.1:${toString config.services.elasticsearch.port}";
};
};
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "22.11"; # Did you read the comment?
}

181
hosts/kibana/secrets.yaml Normal file
View File

@ -0,0 +1,181 @@
nginx:
htpasswd: ENC[AES256_GCM,data:I1/wMtEpkG/0SxtvWajL+3V97g==,iv:N08Vaqb7qWC5VWnIRVu+Y1T3EAlZkjMt2uTUcgXu0AU=,tag:nGkVd/TXDRp/3qUhV9T4tw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age15nj7xkv7nrewxam4cd0uw6glxeh9xmq46lu4zdnq23trqch4pufqm9phq6
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzRUlBcmIyNXBlVnFJbWNS
RXY3T0d2R1ZGVGw4aGRWVWtpZTJlb1hIY0RzCkY3V1NJak02VWJYM3lid2RaQjRu
SUNUZkMwZlZhWk41TUFUY0IyTnFlcTAKLS0tIHdNenBISTJJbXNLVUVIb2wxUUJp
RGJYMnZwTm1TSVVmeWhkL2EyVFRFT00KL7x5DPK6JKxsJf3VygOppneGVHluh565
RMQI+OcC0qbf7hGh/bDe5+HHykxLKbwmaZ3HXSSZgOLRm5N6kEuUtg==
-----END AGE ENCRYPTED FILE-----
- recipient: age12aukzah0pt2rck52hwn08kezyxueqz2f49ld7hpyuzmu847vavdqkunn5c
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6N1RIdXFGYkpDWUlmaWx5
NVIxSzN0MFZpUXlzK2o1WFloS09QMHhCTFJFClBsNm5LMjNwa2E4bVNNRm0zRjhw
K0pHWVRSRWhmSVFIQVM2NTJQT2I0QWsKLS0tIGMyZSt4VnlqaG1KQ2plTkFLZyt2
WHVwT09QbjVvWnV3dGxSSzJGZDB3a2cKU23IEFYPRgjqn3CgEEeWzZCTVxaGOljc
T6RDdPZctKrFa6ABQuVt/GtJr0J13wkeNytpV3GPHE7eohNSJh87Ig==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-12-23T19:39:07Z"
mac: ENC[AES256_GCM,data:Ja2csLBTT2iI07G8sOJQABjmDcywXNZqYS+ZSzas0z/maBu+ODOLGntZ+KImomds4ZKGL1eduZ6soL4efdQHyaUGTk+P+X8OiAShQcFCv2Wq7SeKbvDuEXP5HRKyhKkYJFeoYrjUgrT3OBzbF1dPyZyveBnaHM4H7xJm8NAK06o=,iv:/DBkKeOI/OGepHndGtkaKpyu1R64vmXIoPHsKwS+fF4=,tag:QpUOSJWm8Gu4uwL077cEPA==,type:str]
pgp:
- created_at: "2022-12-23T19:38:41Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMA6j84+xkv3y7AQ//UG1Hhe3FIkkwk4nyjfo9Z5Mk6AVLwVZoRvLHlJ6XujHQ
QGUIH3wwN9/8Jay7ciTyiAT6gFJjhXYCS6kToCRhiVblpWvngTBU0rqqdOYvb6yL
+k/8HW1ORoUeC6luuUx3gCf8A5JQWNitwhNeM+yQUr8rOUWRWejJ+IMYHVBw11dD
Q5oa9Aa0yl4Xs1NE4oCXOqs9mMY0Rvgto5aIZcTfMInyUWJp4EUbQJrlBv4dCeHv
qVVZIN+nX41MzK5Dgqm4EZmTXKxiX2rE+Pd7HSA/gEtHdHeGVV+w5y8YZg0Pn2K7
fNJHv5G7jTX/usNB3jUD/LycvmnNiykNdIAsiSvG5hkXC6jaCLfnNVpcBgTtVns4
fZ3OqGUiZaQ+Sm1mX84/hPMGWYIHiD7sXXlC2Zpvjymsuu5raSmI49dpepCP4NOH
wdlFRWI+Aep0VvhznEOJLEca6VjyHbN/QswmSCvWw5B2fHpobWXuTU4LqnVHIJxn
RElzL/1WMNA6Nv0WU5QbdI28cEZn17/Vmb9CUgy4JOIwL5FgsdVECzLJOw6Ge2zt
+gnLe61lBM/8zHQKf01rNyCF01xkVCgPo9DS2W5wF+igIfCTGgqGfx1/Tir1+MDI
ayeuCg2gOQpObg2dySDiAHFm+Du1dFASxGD9IIOaVv7rQQuG52M7g9zpbvVwb2TS
UQFpyvHZNW5zqfiq8SYfh3HyxO1khxumzR5+ecvmUNItvZuaSbnMPuPTZZiYuEjR
endK+gavia7ZcrA+/awB2cYfuZMHKHfGyqvCi92cJL37Zw==
=VoIN
-----END PGP MESSAGE-----
fp: A5EE826D645DBE35F9B0993358512AE87A69900F
- created_at: "2022-12-23T19:38:41Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMA8zMZ+ak7y/zAQ/9EefSwn5eHfUz3fUtXXGtwl7RgqQ775lYRD5NshEFRkOr
sa+dR4p2tD6rgUAkz8wUcaYpj7VHxTEtyX095FBZoSl+OvVm165+Q3Mzy4GWO3gG
/9Ts8Sh7UtoRoqPeaTBacknyhXddneRfLfON4GaU3zsMej+LKhAY9UdUB3PKDT6+
x+T4FVHf1UBIf2J/Ixhtn7OZJtgiSUjkE+9+6Niu3StmowsB/fys9BKor6kKDKdi
UwzYWCCAWyN6WvVeIotQej0IgosNTOkuffi1kbOl0MGx/8QUbHVZsLGNgCUi1uPe
sDK/EtLR7juYnSW8i5wZ6GnN2oTWF5egRAg1dg96uXeHV7K24mlvaXjjZvklIpjO
TFvuqjFg9nHgGrTdgItlE6/Lo0jdnebuCTObInsSgnu2ofpOSEGc04YCLgS476Wt
dmfbQHfiony8XswngCm2VUBHROur8MwdhB6uc8i7ceCwtt1W2qLB5NmNmzIfteoK
3bMwj8XzTbmy0o9KOM4p2rW23Xxc382RMw1CWv5xSjQq8srWeoKcD7tu18RMkfwX
WLkOdafYgoF1hL7wbKWjgysJjOj4ZtmBABCCf8WVy47LEm3E6rmLJI9U86+SWB1A
MmyYavwkWT5ZnM1IT/dYmz82Ax9reKSmw9M1wFxToF8tKvnQkW28z1skeFBIZufS
UQHMHr9XKfvhnElg9lqIiaoQi4VOEZrMbG1pNrybeljeUF3Ru29IVkwy74oCapKR
7MQJp/ZS2bE4vcR8P5IePgch95dg3/cWw7e12mO3o5bKfg==
=xZox
-----END PGP MESSAGE-----
fp: D4E89C6A0A58EE803EF708EFA9B23715F7AA3F1A
- created_at: "2022-12-23T19:38:41Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcBMA45bZkLXmBFpAQf+K2iUuPD/QQqIFgFRV1UvKGKtWI+sifN1YaJdTM79b3S7
x44yHUFe1ONVyUsH9cYECqL37yENvfr6kbx/idOmbJj542TwC8vS47rJJFzz5TMe
cPbz3Y38gFQaL1tq5rkt57v5Mf9ohXUEeFbfjOwAMr3ohpBnFYQtAgQ5cnZVRg9y
y0c/VUXS5906SHEpTLjpgCJ5zLDOG+spsEiNkXRpWQuC1RoHWDr9UzgUklyc+e9B
QbCVGRCjPkdltDoGobEzNsezbkeqXiTVFouAhYUaZDT1LfkO/CdjxVEPqiDqsFrq
gUnhQIV0Eo1bfVaLyMqIDsvV6U5e0x87+1n6U8SgKdJRAb5Gq5XfanVpUskSeUX7
UsmhphGBBKzAcslPevJ/30WX3Seo/m6R/UEr81PkUP8VPL88KucefOyffsL9yS3h
jKF/A9Amdwr13ifTI9X4fgnQ
=Jlh5
-----END PGP MESSAGE-----
fp: A4B0F5A80C2E2448A97BEC25BB829C4DECA6CCB9
- created_at: "2022-12-23T19:38:41Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMAwMCBBrc/JA6AQ//fHoX9DyMOM9sz0ZPhw/GWEX+dyVqb0Zz4/81WCWNy7Rf
eBPTEWXe/8wZNomLfweAUmHhZ4IVOq1ZsOVv4xAnjwZ56cbxeDjAymYzi67i+Zop
/uvGDswstjNxpzlWez7QAF0aws8FkYYU6cZXXd9hHb5cOBIiQB5mC94yPU9MVAIb
ZL/s47p6fKK8tWFo1UnB03YOwusWA3kiTrhGvMXsrdXlaO/s1QVWP/hD5lOoQGKy
YGEzMNplcjwlqqwz1AFgdg+rwfOKuzHViqXZrH/RdNEwrxY2c8hTGQq+HLs+GpAB
fApXSWTgOo23F1qP8c5dWdN14OwbHRfrA4qSIlq9FWzWnHkgfqmWMdG/1wsHFmCH
ZuMDwCbZgvtTEWcwfaagqmcuhw3vhKz6zJHU4bbWVCarej1N662gJbR89J4sV7lH
Zlu0mF2NFy3rMG1Cwycxdf0KU/H4OsqeJwY5DNXzikksvyb8BsIG8P/SROF+vuZl
iujVug0c6sJ/KJvGz3NwIZXvLYWrPHn+Wx3YBWGBAd/Rxrgc2R/+KuQ91tQ+OhNf
nIMc+ChdBaqnOzGxgNXhJIl/YQi+vHrndewob0X8s+4CqF1JORZUvyHXaVn5BNxo
jAc5VviPzX98+At5N3d5vJKT62nP6Gi13P+viMepID5dkAkP3lQAWLE/NFKqMvXS
UQE4I296j2D0axTNgm2eyxUaCcW3J2HUWwQib60UvKFH8Jw8DuGdcyNiLViJ/azO
5kjDHn6RYfQFP9NCaUr72jAlohucfe+Za/aizylD/qeylA==
=zUMH
-----END PGP MESSAGE-----
fp: 4F9F44A64CC2E438979329E1F122F05437696FCE
- created_at: "2022-12-23T19:38:41Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMA9XEenRNYVGHARAA2UsL7W7o53lH23VCNZuOqUCkkQLNLq02dM29ISbZV8Wh
VWBuntwQ5JAvRyV/UvjjRKRfbHqkLucOZ5zlELxnYrqHzJtOUIi4+zzSnTJu+ria
1bh4AARim8IDHglL4s+bOhKcSMFl5s5WzH84MwkAkDLg/U3Tc0uBiYOUsi59t3+s
EhKv0oYJu4CiffoAVCqVLxoVbNB8qDpaT+gtasNRqzUBjTCQw4PYeed3h3/uj4/d
n1wY0D0u1gEuY73s+JBPknZshpYWxSsXnOFwnB7pgI5Fl+T0pSywvvZZYhSC3j22
N00ug+DwFLy2gpKS6kIJpqLAt7sNHMgkULzXBNPLzf9oNETt59y/jwtFIQY6XxMx
ZkmHNNkueN25Mt2jFAzum5sdDRxTTcAjD2OspxT7eeZPadXn3Ola9RmEzB5HhNhA
ApNkeVIHAfQOvJzDO1QnvECjL/kfqp/+vIrhEikWl2e3BoXe67sg0r3AAuTTrL7Q
HVhv3sEeB7zK/gpt5fbtdscNXuCltdd3YZvjtIortwCtGkSHGy+w9MO0vp4GfApo
0VNE74v8V0BOeOTKuaPGf7fO4FEUxGWu9+fhQQ82FeZTZQs6I+b1Fetdsw9Yp3Xo
IJXQ9XtsPolVn17irZxkkb3oy3dSXRGrVz2u9CTjv0E9Q+oAIu4FPZ9KqVSR0+DS
UQHxJPhlpHUESqNr8vbNxC5xtEWDX9//3wq7X4fcZP84oJKdJMr3dErQJluEMXUY
f1rvMq8+vj9g6ALOqX7SAxlkCFjBAvZgl0I2XZYJGjiQAA==
=KlD3
-----END PGP MESSAGE-----
fp: 4B12EFA69166CA8C23FC47E49CD3A46248B660CA
- created_at: "2022-12-23T19:38:41Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcBMA/Z87ylQaotQAQf/cfb8+CTRIgjvCjisWLY8hiH+VStw/v1A9i7UhrhFO4zN
xV5pCe3YHPeebsUdyhLJQz97b03Vq3Y5H8Z923q3XJVpvFdCrWSa+k4hYzb/dszX
UN4Ci/BCXFst3rY9RUNtcyBcJ2Ea8/2kaQXHxngWlsGkTZwfIb9/+7ru8NQGtCXo
cza3mWVcAiUw6fzawJaPNpSgeTLg/CebYkISHilCjAC7xMQfYfhPF2QtCVbT9jQj
wVyB3scbO94G5Lac1jH/5Bfbzb7Cc9XpgvTD5BHe5W/9iW88qfGjSJmbpUSNKUiX
C80y9n50xTZYPpckNEUVDc77l46onomQ7A4KxLhq2tJRAdRq/crQqGhQ625j9ft1
mbw5pILYk5M4Z04ZcRC6Hpp4DJxEGtm3dtlNs72Tgw6BnADn2aaP6Qd/1yY4kdQU
VQ/s8TbTdqKrTXW/FOL95EHe
=qRBP
-----END PGP MESSAGE-----
fp: 9EA68B7F21204979645182E4287B083353C3241C
- created_at: "2022-12-23T19:38:41Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMA9qJIVK2WMV7ARAAkaudjLtVa0E5Zi9+pnTlQeO5qw8jcVXWAdNYrt8LFY0P
8XlLvk1h0AFn/wWAPdCkly9LorMWbT1edT7dKoWhGRMxGbq/RGMnMTyw+da+/LNm
eIqC7nETV+G58TF9HgzUlyR1BdRhwgjapGZ1RPkiNPAVRPstoxy7IKFaLaMwCCTf
9Gd+F1KJ0CVgc679qUQ84Wpn27In85Z6a1t8oFfTvEoU9hVGz0rNBKbTuzFW8oze
hQDaD000OPzyGf7xWPMTnWaNjFco7wbXvMTmtbDcUNFfy31s89/2RiD9quU2p6ZF
M9wm36reAzsg5MuIObT4bPCUbHUs/ANzNFdbh3K84UKcr92isKUg01UZEOG4mecQ
tSDgWd6qmWGunuZPAo8hkvoCrAcn3XaUl7i1/iX81RzT2IoNJi8ds4GqLSlnISK3
Whl96uRO4eH69Zmyq0+yydfpA3uWAkzvqAmjsEPlyj0UhwJy3JqWIonYYXEIHdai
Q/I17N/dw6Y+YEhmzrEFwrRd9PyW+J0OWuLJzLRQKI8+hQQ6h4AH+QQOsCncuW9S
V4yw9ZnU5t51pAgQwEQCXUGmAWOR16JXTPwRxogki97jJ/FLETg2hB/MEGtZCvkY
uLzQbToDMCaSNjMoTa3ssWElWHVU5EZqF/vcCwrbQVgyayha2HsQKg5EsQIZGxjS
UQHe2Xn/096dsqgYJiXM+FTn4nW0ITrCl1JD2uvD0u4FC+93sNHU6uHVcdGhDvNS
4eY0wlcRDbPDJlCugC2nNdeq/PzDpPg/LQDGwLHkYMRa0Q==
=KxOA
-----END PGP MESSAGE-----
fp: 53B26AEDC08246715E15504B236B6291555E8401
- created_at: "2022-12-23T19:38:41Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMA/YLzOYaRIJJARAA1rra7B1wdtzbeaLuioigkcmmd0YoTUUEYWZjqXzxrZ5a
1Lp9xoOaoNLvcoiGQwAjlTSlD41ONyyL3nV6WNXJIclcVeQ6d/FCcEHArtU6z/Ci
bOQxPTPRYWUp6ikPF3hoMfJmYLUFAH6M/lKhsEZ0F7F2CGw8ry/w2S28RZikY6fT
bfwx10GrlJxirXbW4VF7gPuvObqH1plPnzUWKcVLoO42hG47eVTRCyCtr1XexZdz
ko1hrAynx9cVZT6yvBeHAxJQDGuSJTRYQroLgbJnAGMU70sGQj3pI9cPbtCUzE+p
xvPIxvG+ODTokah4XlQVqR4iEstPNXZtQLvhcKmL1aOr12WcDhAgKAzOiMiRlgCO
urDPCM63CDpz9yNe+iato6SR36axNpqJIG35zTnEaqFV3iKa0fxBmfAP+oq0B8rA
5Y6mWWCjaPMmTm+5TScTTt+PT4biySGBrakH6r0SL8PD3gd4qSbhy76kkE0uaupu
ZhicDI3r8BZd3kwFfWOSkdmXfSnEF61FuMbVo8X3HexpSxjaUe1IcrIL0JGv5/jb
u2eHRFUsGeUhNhTTcUGBBImPe3wEOQSIIDKe2hDm5bfxZjAI+Bljx/6s3I4NY6Vs
utTj7I0HGEC9a29+MD+hYoiXKsJkcj81OGvs65M47bxdRsGt+Tvwp/O7Orvvr/zS
UQHc9x/21x5OTqFKNP3ou6T50A58Sl4vKT7KUTSBJnnjy6u5RtJtgmJ5n88CetWM
RmXwps5Y1kI9JZkW4uaWnKCDvrb3g0trSn7NAJ4D4ZcQtg==
=iWEN
-----END PGP MESSAGE-----
fp: 91EBE87016391323642A6803B966009D57E69CC6
unencrypted_suffix: _unencrypted
version: 3.7.3