{ config, lib, pkgs, ... }: let port = 9000; in { # configure nginx services.nginx = { enable = true; virtualHosts = { "graylog.workhorse.private" = { locations."/" = { proxyPass = "http://localhost:${toString port}"; extraConfig = '' proxy_set_header Host $host:$server_port; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 90; proxy_redirect http://localhost:${ toString port } https://graylog.workhorse.private/; ''; }; }; }; }; services.mongodb.enable = true; services.elasticsearch = { enable = true; listenAddress = "${config.networking.hostName}.private"; extraJavaOptions = [ "-Des.http.cname_in_publish_address=true" ]; }; services.graylog.enable = true; services.graylog.elasticsearchHosts = [ "http://${config.services.elasticsearch.listenAddress}:9200" ]; # https://docs.graylog.org/en/3.0/pages/configuration/server.conf.html services.graylog.extraConfig = '' http_bind_address = 0.0.0.0:${toString port} http_publish_uri = http://workhorse.private:${toString port}/ ''; # other wise this does not work services.graylog.nodeIdFile = "/var/lib/graylog/node-id"; # pwgen -N 1 -s 96 services.graylog.passwordSecret = lib.fileContents ; # echo -n yourpassword | shasum -a 256 services.graylog.rootPasswordSha2 = lib.fileContents ; services.graylog.plugins = [ pkgs.graylogPlugins.slack ]; # not working at the moment #services.geoip-updater.enable = true; # https://wiki.splunk.com/Http_status.csv environment.etc."graylog/server/httpCodes.csv" = { enable = true; text = '' status,status_description,status_type 100,Continue,Informational 101,Switching Protocols,Informational 200,OK,Successful 201,Created,Successful 202,Accepted,Successful 203,Non-Authoritative Information,Successful 204,No Content,Successful 205,Reset Content,Successful 206,Partial Content,Successful 300,Multiple Choices,Redirection 301,Moved Permanently,Redirection 302,Found,Redirection 303,See Other,Redirection 304,Not Modified,Redirection 305,Use Proxy,Redirection 307,Temporary Redirect,Redirection 400,Bad Request,Client Error 401,Unauthorized,Client Error 402,Payment Required,Client Error 403,Forbidden,Client Error 404,Not Found,Client Error 405,Method Not Allowed,Client Error 406,Not Acceptable,Client Error 407,Proxy Authentication Required,Client Error 408,Request Timeout,Client Error 409,Conflict,Client Error 410,Gone,Client Error 411,Length Required,Client Error 412,Precondition Failed,Client Error 413,Request Entity Too Large,Client Error 414,Request-URI Too Long,Client Error 415,Unsupported Media Type,Client Error 416,Requested Range Not Satisfiable,Client Error 417,Expectation Failed,Client Error 500,Internal Server Error,Server Error 501,Not Implemented,Server Error 502,Bad Gateway,Server Error 503,Service Unavailable,Server Error 504,Gateway Timeout,Server Error 505,HTTP Version Not Supported,Server Error ''; }; environment.etc."graylog/server/known_servers.csv" = { enable = true; text = '' "ip","host_name" "95.216.1.150","lassul.us" ''; }; environment.etc."graylog/systemd/loglevel.csv" = { enable = true; text = '' "value","Servity","Description" "0","emergency","System is unusable" "1","alert","Should be corrected immediately" "2","cirtical","Critical conditions" "3","error","Error Condition" "4","warning","May indicate that an error will occur if action is not taken." "5","notice","Events that are unusual, but not error conditions." "6","info","Normal operational messages that require no action." "7","debug","Information useful to developers for debugging the application." ''; }; }