{ config, lib, pkgs, ... }:

with import <stockholm/lib>;
let
in {
  networking.firewall.allowedTCPPorts = [ 80 443 514 ];
  networking.firewall.allowedUDPPorts = [ 80 443 514 ];
	services.logstash = {
			enable = true;
			enableWeb = true;
      inputConfig = ''
				syslog {
          timezone => "Etc/UTC"
        }
      '';
      filterConfig = ''
        if ( [program] == "proftpd") {
          kv {
            field_split => "	"
          }
        }
      '';
      outputConfig = ''
        #stdout {
        #  codec => rubydebug
        #}
        elasticsearch { }
        '';
	};
	services.elasticsearch = {
			enable = true;
	};
	services.kibana = {
			enable = true;
      port = 9332;
	};
  services.nginx = {
    virtualHosts = {
      "log.nsupdate.info" = {
        enableACME = true;
        forceSSL = true;
        basicAuth = import <secrets/kibana-auth.nix>;
        locations = {
          "/" = {
            proxyPass = "http://localhost:9332";
            extraConfig = ''
              proxy_set_header   Host             $host;
              proxy_set_header   X-Real-IP        $remote_addr;
              proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
            '';
          };
        };
      };
    };
  };
}