makefu: move out to own repo, add vacation-note

author: makefu <github@syntax-fehler.de> 2023-07-28 22:24:15 +0200
committer: makefu <github@syntax-fehler.de> 2023-07-28 22:24:15 +0200
commit: 060a8f28fa1fc648bdf66afb31a5d1efac868837 (patch)
tree: 2b354eacc7897365ee45244fe7a51720e0d0333f /makefu/2configs/logging
parent: cbfcc890e3b76d942b927809bf981a5fa7289e6a (diff)
4 files changed, 0 insertions, 206 deletions
diff --git a/makefu/2configs/logging/client.nix b/makefu/2configs/logging/client.nix
deleted file mode 100644
index 04d2de0d..00000000
--- a/makefu/2configs/logging/client.nix
+++ /dev/null
@@ -1,32 +0,0 @@
-{pkgs, buil, config, ...}:
-let
-  log-server = config.makefu.log-server;
-  log-port = 9200;
-in {
-  services.journalbeat = {
-    enable = true;
-    # TODO: filter for certain journal fields, not all
-    extraConfig = ''
-      journalbeat:
-        name: logs-${config.krebs.build.host.name}
-        seek_position: cursor
-        cursor_seek_fallback: tail
-        write_cursor_state: true
-        cursor_flush_period: 5s
-        clean_field_names: true
-        convert_to_numbers: false
-        move_metadata_to_field: journal
-        default_type: journal
-      output.elasticsearch:
-        enabled: true
-        hosts: ["${log-server}:${builtins.toString log-port}"]
-        template.enabled: false
-      #output.console:
-      #  enabled: true
-      logging.level: info
-      logging.to_syslog: true
-      logging.selectors: ["*"]
-
-    '';
-  };
-}
diff --git a/makefu/2configs/logging/filter/dnsmasq.conf b/makefu/2configs/logging/filter/dnsmasq.conf
deleted file mode 100644
index 1570b1c6..00000000
--- a/makefu/2configs/logging/filter/dnsmasq.conf
+++ /dev/null
@@ -1,19 +0,0 @@
-
-if ( [program] == "dnsmasq") {
-    grok {
-        patterns_dir => ["${./patterns}"]
-        match => {
-          "message" => [
-              "^%{logdate:LOGDATE} dnsmasq\[[\d]+\]\: query\[[\w]+\] %{domain:DOMAIN} from %{clientip:CLIENTIP}"
-            , "^%{logdate:LOGDATE} dnsmasq\[[\d]+\]\: reply %{domain:DOMAIN} is %{ip:IP}"
-            , "^%{logdate:LOGDATE} dnsmasq\[[\d]+\]\: %{blocklist:BLOCKLIST} %{domain:DOMAIN} is %{ip:IP}"
-          ]
-        }
-    }
-    date {
-      match => [ "LOGDATE", "MMM dd HH:mm:ss", "MMM  d HH:mm:ss", "ISO8601" ]
-    }
-    geoip {
-      source => "IP"
-    }
-}
diff --git a/makefu/2configs/logging/patterns/dnsmasq b/makefu/2configs/logging/patterns/dnsmasq
deleted file mode 100644
index c1e700d5..00000000
--- a/makefu/2configs/logging/patterns/dnsmasq
+++ /dev/null
@@ -1,15 +0,0 @@
-BLOCKLIST [\/\w\.]+
-DOMAIN [\w\.\-]+
-DNSID \d+
-PORT \d+
-DNSRESPONSE cached|reply|forwarded|query
-# TODO: there are some strange responses for certain queries like <CNAME> or ...
-IPORWORD %{IP}|[<>\.\/\w>]+
-
-# TODO use public suffix list by mozilla
-TLD [a-z]{2,63}
-# matches CCSLD and TLD together (e.g. co.uk )
-CCSLD_TLD [a-z]+\.uk
-# actually after a CCTLD this would be the third level domain ...
-PUBLIC_SUFFIX (xn--)?%{FUNCTIONAL_SLD}\.(%{CCSLD_TLD}|%{TLD})
-FUNCTIONAL_SLD [a-z0-9-]{1,63}
diff --git a/makefu/2configs/logging/server.nix b/makefu/2configs/logging/server.nix
deleted file mode 100644
index f2fccec2..00000000
--- a/makefu/2configs/logging/server.nix
+++ /dev/null
@@ -1,140 +0,0 @@
-{pkgs, config, ...}:
-
-let
-  es-port = 9200;
-  kibana-port = 5601;
-  primaryName = "log.${config.krebs.build.host.name}";
-  serverAliases = [ "${primaryName}.r" "${primaryName}.lan" ];
-in {
-
-  services.nginx.virtualHosts.${primaryName} = {
-    inherit serverAliases;
-    locations."/" =  {
-      proxyPass = "http://localhost:5601/";
-      extraConfig = ''
-          proxy_set_header   Host $host;
-          proxy_set_header   X-Real-IP          $remote_addr;
-          proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
-      '';
-    };
-  };
-  services.elasticsearch = {
-    enable = true;
-    port = es-port;
-  };
-  services.kibana = {
-    enable = true;
-    port = kibana-port;
-  };
-
-  networking.firewall.extraCommands = ''
-    iptables -A INPUT -i retiolum -p tcp --dport ${toString es-port} -j ACCEPT
-    iptables -A INPUT -i retiolum -p tcp --dport ${toString kibana-port} -j ACCEPT
-  '';
-
-  # send logs directly to elasticsearch
-  services.journalbeat = {
-    enable = true;
-    package = pkgs.journalbeat7;
-    extraConfig = ''
-      logging:
-        to_syslog: true
-        level: info
-        metrics.enabled: false
-        template.enabled: false
-      output.logstash:
-        hosts: [ "127.0.0.1:5044" ]
-        template.enabled: false
-        index: journalbeat
-      journalbeat.inputs:
-      - paths: []
-        seek: cursor
-    '';
-  };
-
-  services.logstash = {
-    enable = true;
-    # package = pkgs.logstash5;
-    # plugins = [ pkgs.logstash-contrib ];
-    inputConfig =
-    ''
-      syslog {
-        timezone => "Etc/UTC"
-      }
-      beats {
-        port => 5044
-      }
-    '';
-    filterConfig =
-    ''
-      # Assume Beats
-      if [syslog] {
-        mutate {
-          add_field => { "program" => "%{[syslog][identifier]}" }
-        }
-      }
-    '' +
-    ''
-    if ![program] {
-      mutate {
-        add_field => { "program" => "unknown" }
-      }
-    }
-    '' +
-    ''
-      if ([program] == "logstash") {
-        drop {}
-      }
-    '' +
-    ''
-    if ( [program] == "dnsmasq") {
-        grok {
-            patterns_dir => ["${./patterns}"]
-            match => {
-              "message" => [
-                  "^%{DNSID:dnsid} %{IP:client}/%{PORT} %{DNSRESPONSE:dnstype}\[[\w]+\] %{DOMAIN:domain} from %{IP}"
-                , "^%{DNSID:dnsid} %{IP:client}/%{PORT} %{DNSRESPONSE:dnstype} %{DOMAIN:domain} is %{IPORWORD:resolved_ip}"
-                , "^%{DNSID:dnsid} %{IP:client}/%{PORT} %{DNSRESPONSE:dnstype} %{DOMAIN:domain} to %{IP:upstream_dns}"
-              ]
-            }
-        }
-        if [resolved_ip] {
-          geoip {
-            source => "resolved_ip"
-          }
-        }
-        mutate {
-          rename => { "host" => "syslog_host" }
-        }
-        # Target is to parse the the first and second significant part of the domain
-        grok {
-          patterns_dir => ["${./patterns}"]
-          match => { "domain" => [ "%{PUBLIC_SUFFIX:dns_suffix}$" ] }
-        }
-        if [client] {
-          mutate { copy => { "client" => "clientip" } }
-          dns {
-            reverse => [ "client"]
-            action => "replace"
-            hostsfile => [ "/etc/hosts" ]
-            hit_cache_ttl => 1600
-            failed_cache_ttl => 60
-          }
-        }
-    }
-  '' + ''
-    if ( [program] == "proftpd") {
-      kv {
-        field_split => "  "
-      }
-    }
-    '';
-    outputConfig = 
-    ''
-      #stdout {
-      #  codec => rubydebug
-      #}
-      elasticsearch { }
-    '';
-  };
-}
author	makefu <github@syntax-fehler.de>	2023-07-28 22:24:15 +0200
committer	makefu <github@syntax-fehler.de>	2023-07-28 22:24:15 +0200
commit	060a8f28fa1fc648bdf66afb31a5d1efac868837 (patch)
tree	2b354eacc7897365ee45244fe7a51720e0d0333f /makefu/2configs/logging
parent	cbfcc890e3b76d942b927809bf981a5fa7289e6a (diff)