2019-10-24 02:20:38 +02:00
|
|
|
{ config, lib, pkgs, ... }:
|
2019-12-20 05:54:26 +01:00
|
|
|
let port = 9000;
|
|
|
|
in {
|
2019-10-24 02:20:38 +02:00
|
|
|
# configure nginx
|
|
|
|
services.nginx = {
|
|
|
|
enable = true;
|
|
|
|
virtualHosts = {
|
|
|
|
"graylog.workhorse.private" = {
|
|
|
|
locations."/" = {
|
|
|
|
proxyPass = "http://localhost:${toString port}";
|
|
|
|
extraConfig = ''
|
|
|
|
proxy_set_header Host $host:$server_port;
|
|
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
proxy_read_timeout 90;
|
2019-12-20 05:54:26 +01:00
|
|
|
proxy_redirect http://localhost:${
|
|
|
|
toString port
|
|
|
|
} https://graylog.workhorse.private/;
|
2019-10-24 02:20:38 +02:00
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
services.mongodb.enable = true;
|
2020-03-16 08:23:54 +01:00
|
|
|
services.elasticsearch.enable = true;
|
|
|
|
services.elasticsearch.listenAddress =
|
|
|
|
"${config.networking.hostName}.private";
|
2019-10-24 02:20:38 +02:00
|
|
|
|
|
|
|
services.graylog.enable = true;
|
2019-12-20 05:54:26 +01:00
|
|
|
services.graylog.elasticsearchHosts =
|
|
|
|
[ "http://${config.services.elasticsearch.listenAddress}:9200" ];
|
2019-10-24 02:20:38 +02:00
|
|
|
|
|
|
|
# https://docs.graylog.org/en/3.0/pages/configuration/server.conf.html
|
|
|
|
services.graylog.extraConfig = ''
|
|
|
|
http_bind_address = 0.0.0.0:${toString port}
|
|
|
|
http_publish_uri = http://workhorse.private:${toString port}/
|
|
|
|
'';
|
|
|
|
|
|
|
|
# other wise this does not work
|
|
|
|
services.graylog.nodeIdFile = "/var/lib/graylog/node-id";
|
|
|
|
|
|
|
|
# pwgen -N 1 -s 96
|
2019-12-20 05:54:26 +01:00
|
|
|
services.graylog.passwordSecret =
|
|
|
|
lib.fileContents <secrets/graylog/password-secret>;
|
2019-10-24 02:20:38 +02:00
|
|
|
|
|
|
|
# echo -n yourpassword | shasum -a 256
|
2019-12-20 05:54:26 +01:00
|
|
|
services.graylog.rootPasswordSha2 =
|
|
|
|
lib.fileContents <secrets/graylog/root-password-hash>;
|
2019-10-24 02:20:38 +02:00
|
|
|
|
2020-03-09 16:49:15 +01:00
|
|
|
services.graylog.plugins = [ pkgs.graylogPlugins.slack ];
|
|
|
|
|
2020-03-06 08:28:38 +01:00
|
|
|
# not working at the moment
|
|
|
|
#services.geoip-updater.enable = true;
|
2019-10-24 02:20:38 +02:00
|
|
|
|
|
|
|
# https://wiki.splunk.com/Http_status.csv
|
|
|
|
environment.etc."graylog/server/httpCodes.csv" = {
|
|
|
|
enable = true;
|
|
|
|
text = ''
|
|
|
|
status,status_description,status_type
|
|
|
|
100,Continue,Informational
|
|
|
|
101,Switching Protocols,Informational
|
|
|
|
200,OK,Successful
|
|
|
|
201,Created,Successful
|
|
|
|
202,Accepted,Successful
|
|
|
|
203,Non-Authoritative Information,Successful
|
|
|
|
204,No Content,Successful
|
|
|
|
205,Reset Content,Successful
|
|
|
|
206,Partial Content,Successful
|
|
|
|
300,Multiple Choices,Redirection
|
|
|
|
301,Moved Permanently,Redirection
|
|
|
|
302,Found,Redirection
|
|
|
|
303,See Other,Redirection
|
|
|
|
304,Not Modified,Redirection
|
|
|
|
305,Use Proxy,Redirection
|
|
|
|
307,Temporary Redirect,Redirection
|
|
|
|
400,Bad Request,Client Error
|
|
|
|
401,Unauthorized,Client Error
|
|
|
|
402,Payment Required,Client Error
|
|
|
|
403,Forbidden,Client Error
|
|
|
|
404,Not Found,Client Error
|
|
|
|
405,Method Not Allowed,Client Error
|
|
|
|
406,Not Acceptable,Client Error
|
|
|
|
407,Proxy Authentication Required,Client Error
|
|
|
|
408,Request Timeout,Client Error
|
|
|
|
409,Conflict,Client Error
|
|
|
|
410,Gone,Client Error
|
|
|
|
411,Length Required,Client Error
|
|
|
|
412,Precondition Failed,Client Error
|
|
|
|
413,Request Entity Too Large,Client Error
|
|
|
|
414,Request-URI Too Long,Client Error
|
|
|
|
415,Unsupported Media Type,Client Error
|
|
|
|
416,Requested Range Not Satisfiable,Client Error
|
|
|
|
417,Expectation Failed,Client Error
|
|
|
|
500,Internal Server Error,Server Error
|
|
|
|
501,Not Implemented,Server Error
|
|
|
|
502,Bad Gateway,Server Error
|
|
|
|
503,Service Unavailable,Server Error
|
|
|
|
504,Gateway Timeout,Server Error
|
|
|
|
505,HTTP Version Not Supported,Server Error
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2020-03-11 03:57:21 +01:00
|
|
|
environment.etc."graylog/server/known_servers.csv" = {
|
|
|
|
enable = true;
|
|
|
|
text = ''
|
|
|
|
"ip","host_name"
|
|
|
|
"95.216.1.150","lassul.us"
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
environment.etc."graylog/systemd/loglevel.csv" = {
|
|
|
|
enable = true;
|
|
|
|
text = ''
|
|
|
|
"value","Servity","Description"
|
|
|
|
"0","emergency","System is unusable"
|
|
|
|
"1","alert","Should be corrected immediately"
|
|
|
|
"2","cirtical","Critical conditions"
|
|
|
|
"3","error","Error Condition"
|
|
|
|
"4","warning","May indicate that an error will occur if action is not taken."
|
2020-10-09 00:01:21 +02:00
|
|
|
"4","warn","May indicate that an error will occur if action is not taken."
|
2020-03-11 03:57:21 +01:00
|
|
|
"5","notice","Events that are unusual, but not error conditions."
|
|
|
|
"6","info","Normal operational messages that require no action."
|
|
|
|
"7","debug","Information useful to developers for debugging the application."
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2019-10-24 02:20:38 +02:00
|
|
|
}
|