54 lines
2.4 KiB
Nix
54 lines
2.4 KiB
Nix
{ pkgs, lib, ... }:
|
|
{
|
|
nixpkgs.config.allowUnfree = true;
|
|
|
|
services.elasticsearch.enable = true;
|
|
services.elasticsearch.package = pkgs.elasticsearch7;
|
|
services.elasticsearch.dataDir = "/mnt/data/elasticsearch";
|
|
services.elasticsearch.listenAddress = "10.0.1.51";
|
|
services.elasticsearch.extraConf = ''
|
|
discovery.type: single-node
|
|
xpack.security.enabled: true
|
|
'';
|
|
|
|
systemd.services.elasticsearch.postStart = lib.mkForce ''
|
|
test -f /mnt/data/elasticsearch/config/elasticsearch.keystore && exit 0
|
|
mkdir -p /mnt/data/elasticsearch/config
|
|
|
|
export PATH=$PATH:${lib.makeBinPath [ pkgs.elasticsearch7 ]}:${lib.makeBinPath [ pkgs.jdk8_headless ]}:${lib.makeBinPath [ pkgs.curl ]}:${lib.makeBinPath [ pkgs.systemd ]}
|
|
export ES_HOME=/mnt/data/elasticsearch
|
|
export JAVA_HOME=${pkgs.jdk8_headless}/jre
|
|
|
|
password="$(head -n 1 /opt/cloud-init-misc-data/elasticsearch_password)"
|
|
|
|
printf "Setting up a new keystore for Elasticsearch, with default password for user 'elastic'\n"
|
|
printf "changeme" | elasticsearch-keystore add -f -x bootstrap.password
|
|
chown -R elasticsearch:elasticsearch /mnt/data/elasticsearch/config
|
|
printf "Waiting for Elasticsearch to come back up"
|
|
until $(curl -s -I -o /dev/null http://10.0.1.51:9200); do
|
|
printf '.'
|
|
sleep 5
|
|
done
|
|
printf "Setting up Kibana user\n"
|
|
curl -uelastic:changeme -XPUT -H 'Content-Type: application/json' 'http://10.0.1.51:9200/_xpack/security/user/elastic/_password' -d "{ \"password\":\"$password\"}"
|
|
curl -uelastic:"$password" -XPUT -H 'Content-Type: application/json' 'http://10.0.1.51:9200/_xpack/security/user/kibana/_password' -d "{ \"password\":\"$password\"}"
|
|
'';
|
|
|
|
services.kibana.enable = true;
|
|
services.kibana.package = pkgs.kibana7;
|
|
services.kibana.dataDir = "/mnt/data/kibana";
|
|
services.kibana.listenAddress = "0.0.0.0";
|
|
services.kibana.elasticsearch.hosts = [ "http://10.0.1.51:9200" ];
|
|
services.kibana.elasticsearch.username = "kibana";
|
|
services.kibana.elasticsearch.password = (builtins.readFile /opt/cloud-init-misc-data/elasticsearch_password);
|
|
|
|
system.activationScripts = {
|
|
mnt = {
|
|
text = "mkdir -p /mnt/data/{elasticsearch,kibana} && chown -R elasticsearch:elasticsearch /mnt/data/elasticsearch && chown -R kibana:root /mnt/data/kibana";
|
|
deps = [];
|
|
};
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [ 9200 9300 5601 ];
|
|
}
|