curiousleo · January 5, 2019 14:26
diff --git a/denkrate.nix b/denkrate.nix
 { config, lib, pkgs, ... }:

 with lib;

 let
  kibanaPort = 5601;
  netdataPort = 19999;
  oauthProxyPort = 4180;
  innerNginxPort = 8080;
 in
 { boot.isContainer = true;
  networking.hostName = mkDefault "xmpp-test";
  networking.useDHCP = false;
  networking.firewall.allowedTCPPorts = [ 80 443 4180 ];

  networking.extraHosts = ''
    127.0.0.2 localhost-oauth
    127.0.0.3 localhost-kibana
    127.0.0.4 localhost-netdata
    127.0.0.5 localhost-http
  '';
  
  services.ejabberd.enable = true;
  services.elasticsearch = {
    enable = true;
    package = pkgs.elasticsearch5;
  };
  services.journalbeat = {
    enable = true;
    extraConfig = ''
      journalbeat:
        seek_position: cursor
        cursor_seek_fallback: head
        write_cursor_state: true
        cursor_flush_period: 5s
        clean_field_names: true
        convert_to_numbers: false
        move_metadata_to_field: journal
        default_type: journal
      output.elasticsearch:
        enabled: true
        template.enabled: false
        hosts: ["localhost:9200"]
    '';
  };
  services.kibana = {
    enable = true;
    package = pkgs.kibana5;
    listenAddress = "localhost-kibana";
    port = kibanaPort;
  };
  services.netdata = {
    enable = true;
    configText = ''
      [global]
        bind to = localhost-netdata:${toString netdataPort}
    '';
  };
  services.nginx = {
    enable = true;
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
    virtualHosts = {};
    appendHttpConfig = ''
      server {
        listen      80;
        server_name status.denkrate-dev.de;

        location / {
            proxy_pass http://localhost-oauth:${toString oauthProxyPort};
        }
      }

      server {
        listen      ${toString innerNginxPort};
        server_name localhost-http;

        location / {
            proxy_pass http://localhost-kibana:${toString kibanaPort};
        }
        #location /metrics {
        #    proxy_pass http://localhost-netdata:${toString netdataPort};
        #}
      }
    '';
    # virtualHosts."logs.denkrate-dev.de" = {
    #   locations."/".proxyPass = "http://localhost:${toString kibanaPort}";
    # };
    # virtualHosts."metrics.denkrate-dev.de" = {
    #   locations."/".proxyPass = "http://localhost:${toString netdataPort}";
    # };
  };
  services.oauth2_proxy = {
    enable = true;
    clientID = "c306667938ce52592a1a";
    clientSecret = "69b8ef30be9cb1b78e207873dcff190d1ac80d75";
    provider = "github";
    github.org = "denkrate-admin";
    cookie.secret = "2d3e06d2ab66275d0e69abe293e5592432f9a1bb7fd2df18b02e42cea6935f2d";
    cookie.secure = false;
    email.domains = [ "*" ];
    httpAddress = "http://localhost-oauth:${toString oauthProxyPort}";
    upstream = "http://localhost-http:${toString innerNginxPort}";
  };
 }
	{ config, lib, pkgs, ... }:

	with lib;

	let
	kibanaPort = 5601;
	netdataPort = 19999;
	oauthProxyPort = 4180;
	innerNginxPort = 8080;
	in
	{ boot.isContainer = true;
	networking.hostName = mkDefault "xmpp-test";
	networking.useDHCP = false;
	networking.firewall.allowedTCPPorts = [ 80 443 4180 ];

	networking.extraHosts = ''
	127.0.0.2 localhost-oauth
	127.0.0.3 localhost-kibana
	127.0.0.4 localhost-netdata
	127.0.0.5 localhost-http
	'';

	services.ejabberd.enable = true;
	services.elasticsearch = {
	enable = true;
	package = pkgs.elasticsearch5;
	};
	services.journalbeat = {
	enable = true;
	extraConfig = ''
	journalbeat:
	seek_position: cursor
	cursor_seek_fallback: head
	write_cursor_state: true
	cursor_flush_period: 5s
	clean_field_names: true
	convert_to_numbers: false
	move_metadata_to_field: journal
	default_type: journal
	output.elasticsearch:
	enabled: true
	template.enabled: false
	hosts: ["localhost:9200"]
	'';
	};
	services.kibana = {
	enable = true;
	package = pkgs.kibana5;
	listenAddress = "localhost-kibana";
	port = kibanaPort;
	};
	services.netdata = {
	enable = true;
	configText = ''
	[global]
	bind to = localhost-netdata:${toString netdataPort}
	'';
	};
	services.nginx = {
	enable = true;
	recommendedGzipSettings = true;
	recommendedOptimisation = true;
	recommendedProxySettings = true;
	recommendedTlsSettings = true;
	virtualHosts = {};
	appendHttpConfig = ''
	server {
	listen 80;
	server_name status.denkrate-dev.de;

	location / {
	proxy_pass http://localhost-oauth:${toString oauthProxyPort};
	}
	}

	server {
	listen ${toString innerNginxPort};
	server_name localhost-http;

	location / {
	proxy_pass http://localhost-kibana:${toString kibanaPort};
	}
	#location /metrics {
	# proxy_pass http://localhost-netdata:${toString netdataPort};
	#}
	}
	'';
	# virtualHosts."logs.denkrate-dev.de" = {
	# locations."/".proxyPass = "http://localhost:${toString kibanaPort}";
	# };
	# virtualHosts."metrics.denkrate-dev.de" = {
	# locations."/".proxyPass = "http://localhost:${toString netdataPort}";
	# };
	};
	services.oauth2_proxy = {
	enable = true;
	clientID = "c306667938ce52592a1a";
	clientSecret = "69b8ef30be9cb1b78e207873dcff190d1ac80d75";
	provider = "github";
	github.org = "denkrate-admin";
	cookie.secret = "2d3e06d2ab66275d0e69abe293e5592432f9a1bb7fd2df18b02e42cea6935f2d";
	cookie.secure = false;
	email.domains = [ "*" ];
	httpAddress = "http://localhost-oauth:${toString oauthProxyPort}";
	upstream = "http://localhost-http:${toString innerNginxPort}";
	};
	}