rope/nixos
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix ELK: explicitly disable ES 8.x security on both containers

Browse source 
ES 8.x enables security and enrollment by default. Adding
xpack.security.enrollment.enabled=false to Elasticsearch and
xpack.security.enabled=false to Kibana suppresses the enrollment
token screen and lets Kibana connect directly over HTTP.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
ediblerope 2026-04-06 21:31:02 +01:00
parent 699bbd9f9a
commit ddb208b95d
1 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
services/elk.nix
View file

@ -35,6 +35,8 @@ in
"discovery.type" = "single-node";
# Security disabled — ES is not exposed externally
"xpack.security.enabled" = "false";
# Disable enrollment flow (ES 8.x auto-enables this when security is on)
"xpack.security.enrollment.enabled" = "false";
# Keep heap at 1g; ES default is 50% of RAM which is excessive here
"ES_JAVA_OPTS" = "-Xms1g -Xmx1g";
};
@ -46,6 +48,8 @@ in
image = "docker.elastic.co/kibana/kibana:${elasticVersion}";
environment = {
"ELASTICSEARCH_HOSTS" = "http://elasticsearch:9200";
# Tell Kibana security is off — suppresses the enrollment token screen
"xpack.security.enabled" = "false";
# Cap Node.js heap — default is uncapped
"NODE_OPTIONS" = "--max-old-space-size=512";
};