nixos-config/terranix/graylog/config.nix
2019-12-20 17:54:26 +13:00

142 lines
4.1 KiB
Nix

# https://github.com/suzuki-shunsuke/go-graylog/tree/master/terraform
{ pgks, lib, ... }: {
imports = [
./modules
./config/elasticsearch.nix
./config/gogs.nix
./config/home-assistant.nix
./config/kernel.nix
#./config/nginx.nix
./config/sshd.nix
./config/sslh.nix
./config/sshguard.nix
./config/tinc.nix
];
# ---- [ default ]
data."graylog_index_set".default.index_prefix = "graylog";
# ---- [ junk ]
resource."graylog_index_set".junk = {
title = "junk index";
index_prefix = "trash";
# https://godoc.org/github.com/suzuki-shunsuke/go-graylog#pkg-constants
rotation_strategy_class =
"org.graylog2.indexer.rotation.strategies.SizeBasedRotationStrategy";
rotation_strategy = {
type =
"org.graylog2.indexer.rotation.strategies.SizeBasedRotationStrategyConfig";
max_size = 1024 * 1024 * 10;
};
retention_strategy_class =
"org.graylog2.indexer.retention.strategies.DeletionRetentionStrategy";
retention_strategy = {
type =
"org.graylog2.indexer.retention.strategies.DeletionRetentionStrategyConfig";
max_number_of_indices = 10;
};
index_analyzer = "standard";
shards = 1;
index_optimization_max_num_segments = 1;
field_type_refresh_interval = 10000;
writable = "true";
};
graylog.stream.junk = { index_set_id = "\${graylog_index_set.junk.id}"; };
# ---- [ thread ]
resource."graylog_index_set".thread = {
title = "thread";
index_prefix = "thread";
# https://godoc.org/github.com/suzuki-shunsuke/go-graylog#pkg-constants
rotation_strategy_class =
"org.graylog2.indexer.rotation.strategies.SizeBasedRotationStrategy";
rotation_strategy = {
type =
"org.graylog2.indexer.rotation.strategies.SizeBasedRotationStrategyConfig";
max_size = 1024 * 1024 * 10;
};
retention_strategy_class =
"org.graylog2.indexer.retention.strategies.DeletionRetentionStrategy";
retention_strategy = {
type =
"org.graylog2.indexer.retention.strategies.DeletionRetentionStrategyConfig";
max_number_of_indices = 20;
};
index_analyzer = "standard";
shards = 1;
index_optimization_max_num_segments = 1;
field_type_refresh_interval = 10000;
writable = "true";
};
graylog.stream.thread = {
index_set_id = "\${graylog_index_set.thread.id}";
#pipelines = [ "\${graylog_pipeline.processThreads.id}" ];
};
#resource."graylog_stream_rule"."is_thread" = {
# field = "is_thread";
# value = "true";
# stream_id = "\${graylog_stream.thread.id}";
# description = "route everything that is a thread";
# #type = 0;
# #inverted = false;
#};
# not necessary because we have a geoip resolver
#graylog.pipeline.processThreads = {
# source = ''
# stage 0 match all
# rule "extract source_ip position";
# '';
# description = "process messages of the thread stream(TF)";
#};
#resource."graylog_pipeline_rule".extractSourceIpPosition = {
# description = "";
# source = ''
# rule "extract source_ip position"
# when
# has_field("source_ip")
# then
# let geo = lookup("geo_city_lookup", to_string($message.source_ip));
# set_field("ip_geolocation", geo["coordinates"]);
# set_field("ip_geo_country_code", geo["country"].iso_code);
# set_field("ip_geo_country_name", geo["country"].names.en);
# set_field("ip_geo_city_name", geo["city"].names.en);
# end
# '';
#};
#resource."graylog_pipeline_rule".extractRemoteIpPosition = {
# description = "";
# source = ''
# rule "extract remote_addr position"
# when
# has_field("remote_addr")
# then
# let geo = lookup("geo_city_lookup", to_string($message.remote_addr));
# set_field("ip_geolocation", geo["coordinates"]);
# set_field("ip_geo_country_code", geo["country"].iso_code);
# set_field("ip_geo_country_name", geo["country"].names.en);
# set_field("ip_geo_city_name", geo["city"].names.en);
# end
# '';
#};
#graylog.all_messages.rules = [ "extract remote_addr position" ];
}