forked from c3d2/nix-config
55 lines
1.1 KiB
Nix
55 lines
1.1 KiB
Nix
{ config, pkgs, ... }:
|
|
|
|
{
|
|
deployment = {
|
|
mem = 2048;
|
|
vcpu = 4;
|
|
storage = "big";
|
|
hypervisor = "qemu";
|
|
};
|
|
networking.hostName = "kibana";
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
|
services.elasticsearch = {
|
|
enable = true;
|
|
package = pkgs.elasticsearch7;
|
|
};
|
|
services.kibana = {
|
|
enable = true;
|
|
package = pkgs.kibana7;
|
|
};
|
|
|
|
services.buzz2elastic.enable = true;
|
|
|
|
sops.defaultSopsFile = ./secrets.yaml;
|
|
sops.secrets."nginx/htpasswd" = {
|
|
owner = "nginx";
|
|
path = "/run/nginx/htpasswd";
|
|
};
|
|
|
|
services.nginx = let
|
|
vhost = url: {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
locations."/" = {
|
|
proxyPass = url;
|
|
extraConfig = ''
|
|
auth_basic "Chaos";
|
|
auth_basic_user_file ${config.sops.secrets."nginx/htpasswd".path};
|
|
'';
|
|
};
|
|
};
|
|
in {
|
|
enable = true;
|
|
clientMaxBodySize = "100m";
|
|
virtualHosts = {
|
|
"kibana.hq.c3d2.de" =
|
|
vhost "http://127.0.0.1:${toString config.services.kibana.port}";
|
|
"kibana-es.hq.c3d2.de" =
|
|
vhost "http://127.0.0.1:${toString config.services.elasticsearch.port}";
|
|
};
|
|
};
|
|
|
|
system.stateVersion = "22.11";
|
|
}
|