feature: added inital graylog config with secrets

2025-06-26 14:12:50 -04:00 · 2025-06-26 14:12:50 -04:00 · d3a8d000c3
commit d3a8d000c3
parent a9d7eb9cda
2 changed files with 66 additions and 2 deletions
--- a/configurations/nixos/graylog-tofu/default.nix
+++ b/configurations/nixos/graylog-tofu/default.nix
@ -0,0 +1,63 @@
+{
+  flake,
+  modulesPath,
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+
+let
+  inherit (flake) inputs;
+  inherit (inputs) self;
+in
+{
+  imports = [
+    self.nixosModules.default
+    "${modulesPath}/virtualisation/lxc-container.nix"
+  ];
+  nixpkgs.config.allowUnfreePredicate =
+    pkg:
+    builtins.elem (lib.getName pkg) [
+      "graylog_6.0"
+      "mongodb-6_0"
+      "mongodb"
+    ];
+
+  sops.secrets.graylog = {
+    owner = "graylog";
+    group = "graylog";
+  };
+  systemd.services.graylog.serviceConfig.EnvironmentFile = config.sops.secrets.graylog.path;
+  services = {
+    graylog = {
+      enable = true;
+      extraConfig = ''
+        http_external_uri = https://graylog.example.com/
+      '';
+      elasticsearchHosts = [ "http://127.0.0.1:9200" ];
+      package = pkgs.graylog-6_0;
+      passwordSecret = "";
+      rootPasswordSha2 = "";
+    };
+    mongodb = {
+      enable = true;
+      package = pkgs.mongodb-6_0;
+    };
+    opensearch = {
+      enable = true;
+      settings = {
+        "cluster.name" = "default";
+      };
+    };
+  };
+  deploy = {
+    enable = false;
+  };
+  networking = {
+    hostName = "graylog-tofu";
+  };
+  environment.systemPackages = [
+  ];
+  system.stateVersion = "25.05";
+}
--- a/secrets.yaml
+++ b/secrets.yaml
@ -1,6 +1,7 @@
 otfenv: ENC[AES256_GCM,data:vHSZN364zAhuTBii4IGbQk3bPCu7GBR7K8Z8ce3U/uIOCXNvEi3micq+AEPEooPEQkWL/eslg92uREcgo/JEMYbSuWHWLFNNehhYTeBZ+YXLwuDgJLWzaJGouktF1aF7uQDMsydaX2UjUnLQjf/VdJm3YnoJAGE3QQtbp9ehK0YiHA1hS3XMlwvNuepZfX8Hx7qZTEs6zNa3R8tZvj24jryVsGFvTN+0R1pb7YvqXeLhR3tCkm53S2IJFFXebq2EdaHNbyEIGmfcK2uhdSvpXiGI,iv:lwADUz6mA//G0/jAdAp1eRkn9RvRXXzps5r5RIpWR5A=,tag:YlNtrT4t0R6SYxIR1tRe4g==,type:str]
 forgejo-runners-token: ENC[AES256_GCM,data:y6m9JciySpqJ8QOtHGoUG5McPXyZSODqRHCLVY0m+O+vfys2tvmkK3fGKtOlNA==,iv:NYbjaOkRumwJbZBPZlltIeQkaNOrUKQLmVb0uFNXX+g=,tag:f+rH81mGvS0QKrfmLoXEHQ==,type:str]
 forgejo-nix-key: ENC[AES256_GCM,data:LKC8t2KSrILh0nc5xlSgQ9OuhQcc3m84fE9UJeVi1lXsv0mn+MddQw083WaDxMdlZKjbH0QclDfIkJCbHpJ/wEWVXzkVGErCJmdWeH1YEgElj5FuaFrDmbKNn8rhV7t3FYn04ni8iypLV/wPBqvVI/Yt,iv:r/SHHXjA2raRIKs/fZxJodVgMunp+RmL1SjVZOGli+E=,tag:MmBhUHCZRgSW2uhBd4o72A==,type:str]
+graylog: ENC[AES256_GCM,data:KmQ4yisUXCrexpK9v7irhSsF1pAm0pMZ/mh91iEuf7jR14u6d2prPF7Uv6Z48Otx7WyPJ+ec+hIRmuLTNHbGxTDIOQnXui32No5H/Hnj06pMqW2Jsir/Bfr8eCRZxJKMTKhl4f0KVSKGKAbbV1saJPHtcybqfX65i8NQCeDFB+m/ViyLslMJKrYga8laoxTBYa4Kdi/0LiEuvi6uGQ8JwhDWzK/6EQkc/z0VNXdSYcz0kd8z26iuDhe/B3sesk8wgKDNkfjmTH2jgN8I+o700l9s/2Ob9QbIoA==,iv:P4AMWPnYNUUuy1CRip6yKbjRRkcLdCLWW9oiuxskhbY=,tag:L+TJmmSbImk2MnDeun2zNQ==,type:str]
 sops:
    age:
        - recipient: age1ja6zky2xlptgmu04ghp30z9gcyw240p4p8jpqeznt9msmmrwjdjshl6rx3
@ -39,7 +40,7 @@ sops:
            aXdJMnFId3Nnc093cVpNOGUyKzFuYlEKaszE8RHwN9EQYKemh9fVq6O/YxmC5nMM
            hV6FMTuZC/pE75Zzmz8f2ZFHJrqwQB/2xgTpMiudvbQHrZRUEKMCEA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-06-26T00:55:16Z"
-    mac: ENC[AES256_GCM,data:UYsuGDLofBEMqj0qcZKmRxVDKOdaS15jzpLerSGxA5EWoqcoJohYBz1STTtobBtfnVa1UV/EOPXKqsONv2iWe4HKJh5byKwJm3Y3omGbd/8xm+o1q9EKB9CZJAHlOkBl6rgkWnlApgxpPaD1FFsAeTTwndnrTPeefBsMTs4H03w=,iv:SK5bNm5LN1xp5FJIxvaz5claDJw/MtRt+q4bSM34Eqg=,tag:mx/JkyYNKk1vkGRLtyBZwA==,type:str]
+    lastmodified: "2025-06-26T18:10:04Z"
+    mac: ENC[AES256_GCM,data:LykqI0ZWdPgdftbHxW6aMGGn3ecfwTWl/L7kn39MjF1fWNVIgYL7mtySgSXwM72xhDFXSgI0GTn9ytQbfV/vCOiuZtZkr98jPdEP8iOUSBN6vL//0p4QLLrhLYyFJRLQNHOgO+m5nSDmDOd2qBf1ZbLAfFUNtyGSFioqu4jxqlM=,iv:ZJF6yd58zQxyZxSXWUAihLHkJGug9TWcff52LTcht9E=,tag:WYzNHoXaqMOzd1nd5f3Ypg==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.10.2