marco
/
zivildienst
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
zivildienst/infrastructure/modules/compute/nix/elasticsearch.nix

54 lines
2.4 KiB
Nix
Raw Blame History

{ pkgs, lib, ... }:
{
nixpkgs.config.allowUnfree = true;
services.elasticsearch.enable = true;
services.elasticsearch.package = pkgs.elasticsearch7;
services.elasticsearch.dataDir = "/mnt/data/elasticsearch";
services.elasticsearch.listenAddress = "10.0.1.51";
services.elasticsearch.extraConf = ''
discovery.type: single-node
xpack.security.enabled: true
'';
systemd.services.elasticsearch.postStart = lib.mkForce ''
test -f /mnt/data/elasticsearch/config/elasticsearch.keystore && exit 0
mkdir -p /mnt/data/elasticsearch/config
export PATH=$PATH:${lib.makeBinPath [ pkgs.elasticsearch7 ]}:${lib.makeBinPath [ pkgs.jdk8_headless ]}:${lib.makeBinPath [ pkgs.curl ]}:${lib.makeBinPath [ pkgs.systemd ]}
export ES_HOME=/mnt/data/elasticsearch
export JAVA_HOME=${pkgs.jdk8_headless}/jre
password="$(head -n 1 /opt/cloud-init-misc-data/elasticsearch_password)"
printf "Setting up a new keystore for Elasticsearch, with default password for user 'elastic'\n"
printf "changeme" | elasticsearch-keystore add -f -x bootstrap.password
chown -R elasticsearch:elasticsearch /mnt/data/elasticsearch/config
printf "Waiting for Elasticsearch to come back up"
until $(curl -s -I -o /dev/null http://10.0.1.51:9200); do
printf '.'
sleep 5
done
printf "Setting up Kibana user\n"
curl -uelastic:changeme -XPUT -H 'Content-Type: application/json' 'http://10.0.1.51:9200/_xpack/security/user/elastic/_password' -d "{ \"password\":\"$password\"}"
curl -uelastic:"$password" -XPUT -H 'Content-Type: application/json' 'http://10.0.1.51:9200/_xpack/security/user/kibana/_password' -d "{ \"password\":\"$password\"}"
'';
services.kibana.enable = true;
services.kibana.package = pkgs.kibana7;
services.kibana.dataDir = "/mnt/data/kibana";
services.kibana.listenAddress = "0.0.0.0";
services.kibana.elasticsearch.hosts = [ "http://10.0.1.51:9200" ];
services.kibana.elasticsearch.username = "kibana";
services.kibana.elasticsearch.password = (builtins.readFile /opt/cloud-init-misc-data/elasticsearch_password);
system.activationScripts = {
mnt = {
text = "mkdir -p /mnt/data/{elasticsearch,kibana} && chown -R elasticsearch:elasticsearch /mnt/data/elasticsearch && chown -R kibana:root /mnt/data/kibana";
deps = [];
};
};
networking.firewall.allowedTCPPorts = [ 9200 9300 5601 ];
}
Reference in New Issue View Git Blame Copy Permalink