From ddb208b95dd0c4427bd3a8789ec5a6792844bed2 Mon Sep 17 00:00:00 2001
From: ediblerope <fredrik@nordhammer.it>
Date: Mon, 6 Apr 2026 21:31:02 +0100
Subject: [PATCH] Fix ELK: explicitly disable ES 8.x security on both
 containers

ES 8.x enables security and enrollment by default. Adding
xpack.security.enrollment.enabled=false to Elasticsearch and
xpack.security.enabled=false to Kibana suppresses the enrollment
token screen and lets Kibana connect directly over HTTP.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 services/elk.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/services/elk.nix b/services/elk.nix
index e218ff6..4b4448c 100644
--- a/services/elk.nix
+++ b/services/elk.nix
@@ -35,6 +35,8 @@ in
           "discovery.type" = "single-node";
           # Security disabled — ES is not exposed externally
           "xpack.security.enabled" = "false";
+          # Disable enrollment flow (ES 8.x auto-enables this when security is on)
+          "xpack.security.enrollment.enabled" = "false";
           # Keep heap at 1g; ES default is 50% of RAM which is excessive here
           "ES_JAVA_OPTS" = "-Xms1g -Xmx1g";
         };
@@ -46,6 +48,8 @@ in
         image = "docker.elastic.co/kibana/kibana:${elasticVersion}";
         environment = {
           "ELASTICSEARCH_HOSTS" = "http://elasticsearch:9200";
+          # Tell Kibana security is off — suppresses the enrollment token screen
+          "xpack.security.enabled" = "false";
           # Cap Node.js heap — default is uncapped
           "NODE_OPTIONS" = "--max-old-space-size=512";
         };