forked from c3d2/nix-config
60 lines
1.5 KiB
Nix
60 lines
1.5 KiB
Nix
{ zentralwerk, config, pkgs, lib, ... }:
|
|
|
|
{
|
|
deployment = {
|
|
mem = 2048;
|
|
vcpu = 4;
|
|
storage = "big";
|
|
hypervisor = "qemu";
|
|
};
|
|
networking.hostName = "kibana";
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
|
services.elasticsearch = {
|
|
enable = true;
|
|
package = pkgs.elasticsearch7;
|
|
};
|
|
services.kibana = {
|
|
enable = true;
|
|
package = pkgs.kibana7;
|
|
};
|
|
|
|
services.buzz2elastic.enable = true;
|
|
|
|
sops.defaultSopsFile = ./secrets.yaml;
|
|
sops.secrets."nginx/htpasswd" = {
|
|
owner = "nginx";
|
|
path = "/run/nginx/htpasswd";
|
|
};
|
|
|
|
services.nginx = let
|
|
vhost = url: {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
locations."/" = {
|
|
proxyPass = url;
|
|
extraConfig = ''
|
|
auth_basic "Chaos";
|
|
auth_basic_user_file ${config.sops.secrets."nginx/htpasswd".path};
|
|
'';
|
|
};
|
|
};
|
|
in {
|
|
enable = true;
|
|
clientMaxBodySize = "100m";
|
|
virtualHosts = {
|
|
"kibana.hq.c3d2.de" =
|
|
vhost "http://127.0.0.1:${toString config.services.kibana.port}";
|
|
"kibana-es.hq.c3d2.de" =
|
|
vhost "http://127.0.0.1:${toString config.services.elasticsearch.port}";
|
|
};
|
|
};
|
|
|
|
# This value determines the NixOS release with which your system is to be
|
|
# compatible, in order to avoid breaking some software such as database
|
|
# servers. You should change this only after NixOS release notes say you
|
|
# should.
|
|
system.stateVersion = "22.11"; # Did you read the comment?
|
|
}
|