wanderer/infra
1
0
Fork 0
Code Issues 1 Pull Requests Releases Activity
development
infra/nix/hosts/loki/modules/graylog.nix
nixurtur e5b76c2d85
many stuffzz...
2026-01-05 23:09:19 +01:00

109 lines
3.1 KiB
Nix
Raw Permalink Blame History

{lib, config, pkgs, ...}: let
p = config.sops.placeholder;
name = "graylog";
usr = name;
svc = "${usr}.service";
in {
sops = {
templates = lib.mkIf config.services.graylog.enable {
graylog_extra_config = {
owner = usr;
group = usr;
content = ''
http_bind_address = 127.0.0.1:${toString config.wanderllama.graylog.port}
http_external_uri = https://${name}.${p.domainName}/
'';
};
graylog_env = {
owner = usr;
group = usr;
content = ''
GRAYLOG_HTTP_BIND_ADDRESS = 127.0.0.1:${toString config.wanderllama.graylog.port}
GRAYLOG_HTTP_EXTERNAL_URI = https://${name}.${p.domainName}/
'';
};
};
};
services = {
graylog = {
enable = false;
extraConfig = config.sops.templates.graylog_extra_config.path;
elasticsearchHosts = [ "http://${toString config.services.opensearch.settings."network.host"}:${toString config.services.opensearch.settings."http.port"}" ];
# package = pkgs.graylog-6_0;
package = pkgs.graylog-6_1;
passwordSecret = "QJDm71TYNaDsjX30K6MoNe8vkeAnZLfO6uOAcsdTzoQEwv14aizF9dM39OSbMpRX3D3762F4cnGYoEj3vKMsmD8KtcGH7uzd";
rootPasswordSha2 = "a665a45920422f9d417e4867efdc4fb8a04a1f3fff1fa07e998e86f7f7a27ae3";
dataDir = "/DATA/services/graylog/data";
messageJournalDir = "/DATA/services/graylog/journal";
};
mongodb = {
enable = false;
# package = pkgs.mongodb-6_0;
package = pkgs.mongodb-7_0;
dbpath = "/DATA/services/mongodb";
};
opensearch = {
enable = false;
dataDir = "/DATA/services/opensearch";
settings = {
"cluster.name" = "os";
"transport.port" = 9301;
};
};
SystemdJournal2Gelf = {
enable = false;
# graylogServer = "localhost:11201";
graylogServer = "localhost:12201";
};
# end graylog
sanoid.datasets = {
"zroot/DATA/services/${name}" = {
useTemplate = ["production"];
# recursive = "zfs";
recursive = true;
};
"zroot/DATA/services/opensearch" = {
useTemplate = ["production"];
# recursive = "zfs";
recursive = true;
};
"zroot/DATA/services/mongodb" = {
useTemplate = ["production"];
# recursive = "zfs";
recursive = true;
};
};
};
networking.firewall.allowedUDPPorts = [
5555
12201 # gelf udp
];
networking.firewall.allowedTCPPorts = [
5555 # cef tcp
12201 # gelf tcp
];
systemd.services.graylog.serviceConfig.EnvironmentFile = lib.optionalString config.services.graylog.enable config.sops.templates.graylog_env.path;
systemd.paths.graylog = lib.mkIf config.services.graylog.enable {
pathConfig = {
PathChanged = [
config.sops.templates.graylog_extra_config.path
];
Unit = svc;
};
};
#users.users.opensearch = {
# group = usr;
# home = "/DATA/services/opensearch";
# createHome = false;
# isSystemUser = true;
# # extraGroups = ["users"];
# autoSubUidGidRange = true;
#};
#users.groups.opensearch = {};
}
Reference in New Issue View Git Blame Copy Permalink