From d3a8d000c3857a7a9cef4024ae688f20e0ca9b8c Mon Sep 17 00:00:00 2001 From: Jermeiah S Date: Thu, 26 Jun 2025 14:12:50 -0400 Subject: [PATCH] feature: added inital graylog config with secrets --- configurations/nixos/graylog-tofu/default.nix | 63 +++++++++++++++++++ secrets.yaml | 5 +- 2 files changed, 66 insertions(+), 2 deletions(-) create mode 100644 configurations/nixos/graylog-tofu/default.nix diff --git a/configurations/nixos/graylog-tofu/default.nix b/configurations/nixos/graylog-tofu/default.nix new file mode 100644 index 0000000..293c7f2 --- /dev/null +++ b/configurations/nixos/graylog-tofu/default.nix @@ -0,0 +1,63 @@ +{ + flake, + modulesPath, + lib, + config, + pkgs, + ... +}: + +let + inherit (flake) inputs; + inherit (inputs) self; +in +{ + imports = [ + self.nixosModules.default + "${modulesPath}/virtualisation/lxc-container.nix" + ]; + nixpkgs.config.allowUnfreePredicate = + pkg: + builtins.elem (lib.getName pkg) [ + "graylog_6.0" + "mongodb-6_0" + "mongodb" + ]; + + sops.secrets.graylog = { + owner = "graylog"; + group = "graylog"; + }; + systemd.services.graylog.serviceConfig.EnvironmentFile = config.sops.secrets.graylog.path; + services = { + graylog = { + enable = true; + extraConfig = '' + http_external_uri = https://graylog.example.com/ + ''; + elasticsearchHosts = [ "http://127.0.0.1:9200" ]; + package = pkgs.graylog-6_0; + passwordSecret = ""; + rootPasswordSha2 = ""; + }; + mongodb = { + enable = true; + package = pkgs.mongodb-6_0; + }; + opensearch = { + enable = true; + settings = { + "cluster.name" = "default"; + }; + }; + }; + deploy = { + enable = false; + }; + networking = { + hostName = "graylog-tofu"; + }; + environment.systemPackages = [ + ]; + system.stateVersion = "25.05"; +} diff --git a/secrets.yaml b/secrets.yaml index 2036413..d9bdc93 100644 --- a/secrets.yaml +++ b/secrets.yaml @@ -1,6 +1,7 @@ otfenv: ENC[AES256_GCM,data:vHSZN364zAhuTBii4IGbQk3bPCu7GBR7K8Z8ce3U/uIOCXNvEi3micq+AEPEooPEQkWL/eslg92uREcgo/JEMYbSuWHWLFNNehhYTeBZ+YXLwuDgJLWzaJGouktF1aF7uQDMsydaX2UjUnLQjf/VdJm3YnoJAGE3QQtbp9ehK0YiHA1hS3XMlwvNuepZfX8Hx7qZTEs6zNa3R8tZvj24jryVsGFvTN+0R1pb7YvqXeLhR3tCkm53S2IJFFXebq2EdaHNbyEIGmfcK2uhdSvpXiGI,iv:lwADUz6mA//G0/jAdAp1eRkn9RvRXXzps5r5RIpWR5A=,tag:YlNtrT4t0R6SYxIR1tRe4g==,type:str] forgejo-runners-token: ENC[AES256_GCM,data:y6m9JciySpqJ8QOtHGoUG5McPXyZSODqRHCLVY0m+O+vfys2tvmkK3fGKtOlNA==,iv:NYbjaOkRumwJbZBPZlltIeQkaNOrUKQLmVb0uFNXX+g=,tag:f+rH81mGvS0QKrfmLoXEHQ==,type:str] forgejo-nix-key: ENC[AES256_GCM,data:LKC8t2KSrILh0nc5xlSgQ9OuhQcc3m84fE9UJeVi1lXsv0mn+MddQw083WaDxMdlZKjbH0QclDfIkJCbHpJ/wEWVXzkVGErCJmdWeH1YEgElj5FuaFrDmbKNn8rhV7t3FYn04ni8iypLV/wPBqvVI/Yt,iv:r/SHHXjA2raRIKs/fZxJodVgMunp+RmL1SjVZOGli+E=,tag:MmBhUHCZRgSW2uhBd4o72A==,type:str] +graylog: ENC[AES256_GCM,data:KmQ4yisUXCrexpK9v7irhSsF1pAm0pMZ/mh91iEuf7jR14u6d2prPF7Uv6Z48Otx7WyPJ+ec+hIRmuLTNHbGxTDIOQnXui32No5H/Hnj06pMqW2Jsir/Bfr8eCRZxJKMTKhl4f0KVSKGKAbbV1saJPHtcybqfX65i8NQCeDFB+m/ViyLslMJKrYga8laoxTBYa4Kdi/0LiEuvi6uGQ8JwhDWzK/6EQkc/z0VNXdSYcz0kd8z26iuDhe/B3sesk8wgKDNkfjmTH2jgN8I+o700l9s/2Ob9QbIoA==,iv:P4AMWPnYNUUuy1CRip6yKbjRRkcLdCLWW9oiuxskhbY=,tag:L+TJmmSbImk2MnDeun2zNQ==,type:str] sops: age: - recipient: age1ja6zky2xlptgmu04ghp30z9gcyw240p4p8jpqeznt9msmmrwjdjshl6rx3 @@ -39,7 +40,7 @@ sops: aXdJMnFId3Nnc093cVpNOGUyKzFuYlEKaszE8RHwN9EQYKemh9fVq6O/YxmC5nMM hV6FMTuZC/pE75Zzmz8f2ZFHJrqwQB/2xgTpMiudvbQHrZRUEKMCEA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-06-26T00:55:16Z" - mac: ENC[AES256_GCM,data:UYsuGDLofBEMqj0qcZKmRxVDKOdaS15jzpLerSGxA5EWoqcoJohYBz1STTtobBtfnVa1UV/EOPXKqsONv2iWe4HKJh5byKwJm3Y3omGbd/8xm+o1q9EKB9CZJAHlOkBl6rgkWnlApgxpPaD1FFsAeTTwndnrTPeefBsMTs4H03w=,iv:SK5bNm5LN1xp5FJIxvaz5claDJw/MtRt+q4bSM34Eqg=,tag:mx/JkyYNKk1vkGRLtyBZwA==,type:str] + lastmodified: "2025-06-26T18:10:04Z" + mac: ENC[AES256_GCM,data:LykqI0ZWdPgdftbHxW6aMGGn3ecfwTWl/L7kn39MjF1fWNVIgYL7mtySgSXwM72xhDFXSgI0GTn9ytQbfV/vCOiuZtZkr98jPdEP8iOUSBN6vL//0p4QLLrhLYyFJRLQNHOgO+m5nSDmDOd2qBf1ZbLAfFUNtyGSFioqu4jxqlM=,iv:ZJF6yd58zQxyZxSXWUAihLHkJGug9TWcff52LTcht9E=,tag:WYzNHoXaqMOzd1nd5f3Ypg==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2