{ config, lib, pkgs, ... }:
let port = 9000;
in {
  # configure nginx
  services.nginx = {
    enable = true;
    virtualHosts = {
      "graylog.workhorse.private" = {
        locations."/" = {
          proxyPass = "http://localhost:${toString port}";
          extraConfig = ''
            proxy_set_header    Host $host:$server_port;
            proxy_set_header    X-Real-IP $remote_addr;
            proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header    X-Forwarded-Proto $scheme;
            proxy_read_timeout  90;
            proxy_redirect      http://localhost:${
              toString port
            } https://graylog.workhorse.private/;
          '';
        };
      };
    };
  };

  services.mongodb.enable = true;
  services.elasticsearch.enable = true;
  services.elasticsearch.listenAddress =
    "${config.networking.hostName}.private";

  services.graylog.enable = true;
  services.graylog.elasticsearchHosts =
    [ "http://${config.services.elasticsearch.listenAddress}:9200" ];

  # https://docs.graylog.org/en/3.0/pages/configuration/server.conf.html
  services.graylog.extraConfig = ''
    http_bind_address = 0.0.0.0:${toString port}
    http_publish_uri = http://workhorse.private:${toString port}/
  '';

  # other wise this does not work
  services.graylog.nodeIdFile = "/var/lib/graylog/node-id";

  # pwgen -N 1 -s 96
  services.graylog.passwordSecret =
    lib.fileContents <secrets/graylog/password-secret>;

  # echo -n yourpassword | shasum -a 256
  services.graylog.rootPasswordSha2 =
    lib.fileContents <secrets/graylog/root-password-hash>;

  services.graylog.plugins = [ pkgs.graylogPlugins.slack ];

  # not working at the moment
  #services.geoip-updater.enable = true;

  # https://wiki.splunk.com/Http_status.csv
  environment.etc."graylog/server/httpCodes.csv" = {
    enable = true;
    text = ''
      status,status_description,status_type
      100,Continue,Informational
      101,Switching Protocols,Informational
      200,OK,Successful
      201,Created,Successful
      202,Accepted,Successful
      203,Non-Authoritative Information,Successful
      204,No Content,Successful
      205,Reset Content,Successful
      206,Partial Content,Successful
      300,Multiple Choices,Redirection
      301,Moved Permanently,Redirection
      302,Found,Redirection
      303,See Other,Redirection
      304,Not Modified,Redirection
      305,Use Proxy,Redirection
      307,Temporary Redirect,Redirection
      400,Bad Request,Client Error
      401,Unauthorized,Client Error
      402,Payment Required,Client Error
      403,Forbidden,Client Error
      404,Not Found,Client Error
      405,Method Not Allowed,Client Error
      406,Not Acceptable,Client Error
      407,Proxy Authentication Required,Client Error
      408,Request Timeout,Client Error
      409,Conflict,Client Error
      410,Gone,Client Error
      411,Length Required,Client Error
      412,Precondition Failed,Client Error
      413,Request Entity Too Large,Client Error
      414,Request-URI Too Long,Client Error
      415,Unsupported Media Type,Client Error
      416,Requested Range Not Satisfiable,Client Error
      417,Expectation Failed,Client Error
      500,Internal Server Error,Server Error
      501,Not Implemented,Server Error
      502,Bad Gateway,Server Error
      503,Service Unavailable,Server Error
      504,Gateway Timeout,Server Error
      505,HTTP Version Not Supported,Server Error
    '';
  };

  environment.etc."graylog/server/known_servers.csv" = {
    enable = true;
    text = ''
      "ip","host_name"
      "95.216.1.150","lassul.us"
    '';
  };

  environment.etc."graylog/systemd/loglevel.csv" = {
    enable = true;
    text = ''
      "value","Servity","Description"
      "0","emergency","System is unusable"
      "1","alert","Should be corrected immediately"
      "2","cirtical","Critical conditions"
      "3","error","Error Condition"
      "4","warning","May indicate that an error will occur if action is not taken."
      "4","warn","May indicate that an error will occur if action is not taken."
      "5","notice","Events that are unusual, but not error conditions."
      "6","info","Normal operational messages that require no action."
      "7","debug","Information useful to developers for debugging the application."
    '';
  };

}