# https://github.com/suzuki-shunsuke/go-graylog/tree/master/terraform { pgks, lib, ... }: { imports = [ ./modules ./config/elasticsearch.nix ./config/gogs.nix ./config/home-assistant.nix ./config/kernel.nix #./config/nginx.nix ./config/sshd.nix ./config/sslh.nix ./config/sshguard.nix ./config/tinc.nix ]; # ---- [ default ] data."graylog_index_set".default.index_prefix = "graylog"; # ---- [ junk ] resource."graylog_index_set".junk = { title = "junk index"; index_prefix = "trash"; # https://godoc.org/github.com/suzuki-shunsuke/go-graylog#pkg-constants rotation_strategy_class = "org.graylog2.indexer.rotation.strategies.SizeBasedRotationStrategy"; rotation_strategy = { type = "org.graylog2.indexer.rotation.strategies.SizeBasedRotationStrategyConfig"; max_size = 1024 * 1024 * 10; }; retention_strategy_class = "org.graylog2.indexer.retention.strategies.DeletionRetentionStrategy"; retention_strategy = { type = "org.graylog2.indexer.retention.strategies.DeletionRetentionStrategyConfig"; max_number_of_indices = 10; }; index_analyzer = "standard"; shards = 1; index_optimization_max_num_segments = 1; field_type_refresh_interval = 10000; writable = "true"; }; graylog.stream.junk = { index_set_id = "\${graylog_index_set.junk.id}"; }; # ---- [ thread ] resource."graylog_index_set".thread = { title = "thread"; index_prefix = "thread"; # https://godoc.org/github.com/suzuki-shunsuke/go-graylog#pkg-constants rotation_strategy_class = "org.graylog2.indexer.rotation.strategies.SizeBasedRotationStrategy"; rotation_strategy = { type = "org.graylog2.indexer.rotation.strategies.SizeBasedRotationStrategyConfig"; max_size = 1024 * 1024 * 10; }; retention_strategy_class = "org.graylog2.indexer.retention.strategies.DeletionRetentionStrategy"; retention_strategy = { type = "org.graylog2.indexer.retention.strategies.DeletionRetentionStrategyConfig"; max_number_of_indices = 20; }; index_analyzer = "standard"; shards = 1; index_optimization_max_num_segments = 1; field_type_refresh_interval = 10000; writable = "true"; }; graylog.stream.thread = { index_set_id = "\${graylog_index_set.thread.id}"; #pipelines = [ "\${graylog_pipeline.processThreads.id}" ]; }; #resource."graylog_stream_rule"."is_thread" = { # field = "is_thread"; # value = "true"; # stream_id = "\${graylog_stream.thread.id}"; # description = "route everything that is a thread"; # #type = 0; # #inverted = false; #}; # not necessary because we have a geoip resolver #graylog.pipeline.processThreads = { # source = '' # stage 0 match all # rule "extract source_ip position"; # ''; # description = "process messages of the thread stream(TF)"; #}; #resource."graylog_pipeline_rule".extractSourceIpPosition = { # description = ""; # source = '' # rule "extract source_ip position" # when # has_field("source_ip") # then # let geo = lookup("geo_city_lookup", to_string($message.source_ip)); # set_field("ip_geolocation", geo["coordinates"]); # set_field("ip_geo_country_code", geo["country"].iso_code); # set_field("ip_geo_country_name", geo["country"].names.en); # set_field("ip_geo_city_name", geo["city"].names.en); # end # ''; #}; #resource."graylog_pipeline_rule".extractRemoteIpPosition = { # description = ""; # source = '' # rule "extract remote_addr position" # when # has_field("remote_addr") # then # let geo = lookup("geo_city_lookup", to_string($message.remote_addr)); # set_field("ip_geolocation", geo["coordinates"]); # set_field("ip_geo_country_code", geo["country"].iso_code); # set_field("ip_geo_country_name", geo["country"].names.en); # set_field("ip_geo_city_name", geo["city"].names.en); # end # ''; #}; #graylog.all_messages.rules = [ "extract remote_addr position" ]; }