Kinesin/sovereign
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit after Claude implementation

Browse Source
This commit is contained in:
Ian Roddis
2026-03-23 14:29:32 -03:00
commit 5920d3fd7a
62 changed files with 1847 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
roles/graylog/defaults/main.yml
+4
View File
@@ -0,0 +1,4 @@
---
graylog_data_dir: "{{ sovereign_base_dir }}/graylog"
opensearch_version: "2.15.0"
mongodb_version: "6.0"
roles/graylog/handlers/main.yml
+6
View File
@@ -0,0 +1,6 @@
---
- name: restart graylog
community.docker.docker_compose_v2:
project_src: "{{ graylog_data_dir }}"
state: present
recreate: always
roles/graylog/tasks/main.yml
+50
View File
@@ -0,0 +1,50 @@
---
- name: Create Graylog directories
ansible.builtin.file:
path: "{{ item }}"
state: directory
mode: '0755'
loop:
- "{{ graylog_data_dir }}"
- "{{ graylog_data_dir }}/data"
- "{{ graylog_data_dir }}/config"
- "{{ graylog_data_dir }}/opensearch"
- name: Set OpenSearch data directory permissions
ansible.builtin.file:
path: "{{ graylog_data_dir }}/opensearch"
owner: "1000"
group: "1000"
mode: '0775'
- name: Set vm.max_map_count for OpenSearch
ansible.posix.sysctl:
name: vm.max_map_count
value: '262144'
state: present
sysctl_set: true
- name: Deploy Graylog docker-compose
ansible.builtin.template:
src: docker-compose.yml.j2
dest: "{{ graylog_data_dir }}/docker-compose.yml"
mode: '0644'
notify: restart graylog
- name: Start Graylog
community.docker.docker_compose_v2:
project_src: "{{ graylog_data_dir }}"
state: present
- name: Wait for Graylog to be ready
ansible.builtin.uri:
url: "http://localhost:9000/api/system/loglevel"
method: GET
user: admin
password: "{{ graylog_root_password_sha2 }}"
force_basic_auth: true
status_code: 200
register: result
until: result.status == 200
retries: 30
delay: 10
roles/graylog/templates/docker-compose.yml.j2
+70
View File
@@ -0,0 +1,70 @@
services:
mongodb:
image: mongo:{{ mongodb_version }}
container_name: graylog-mongodb
restart: unless-stopped
volumes:
- {{ graylog_data_dir }}/data/mongodb:/data/db
networks:
- internal
opensearch:
image: opensearchproject/opensearch:{{ opensearch_version }}
container_name: graylog-opensearch
restart: unless-stopped
environment:
- "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
- "bootstrap.memory_lock=true"
- "discovery.type=single-node"
- "action.auto_create_index=false"
- "plugins.security.ssl.http.enabled=false"
- "plugins.security.disabled=true"
- "OPENSEARCH_INITIAL_ADMIN_PASSWORD=changeme_os_admin"
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- {{ graylog_data_dir }}/opensearch:/usr/share/opensearch/data
networks:
- internal
graylog:
image: graylog/graylog:{{ graylog_version }}
container_name: graylog
restart: unless-stopped
depends_on:
- mongodb
- opensearch
environment:
GRAYLOG_NODE_ID_FILE: "/usr/share/graylog/data/config/node-id"
GRAYLOG_HTTP_BIND_ADDRESS: "0.0.0.0:9000"
GRAYLOG_ELASTICSEARCH_HOSTS: "http://opensearch:9200"
GRAYLOG_MONGODB_URI: "mongodb://mongodb:27017/graylog"
GRAYLOG_PASSWORD_SECRET: "{{ graylog_password_secret }}"
GRAYLOG_ROOT_PASSWORD_SHA2: "{{ graylog_root_password_sha2 }}"
GRAYLOG_HTTP_EXTERNAL_URI: "https://{{ graylog_domain }}/"
GRAYLOG_TRANSPORT_EMAIL_ENABLED: "true"
GRAYLOG_TRANSPORT_EMAIL_HOSTNAME: "{{ smtp_host }}"
GRAYLOG_TRANSPORT_EMAIL_PORT: "{{ smtp_port }}"
GRAYLOG_TRANSPORT_EMAIL_FROM_EMAIL: "{{ smtp_from }}"
ports:
- "127.0.0.1:9000:9000"
- "0.0.0.0:12201:12201/udp" # GELF UDP - must be accessible from all containers
volumes:
- {{ graylog_data_dir }}/data/graylog:/usr/share/graylog/data
- {{ graylog_data_dir }}/config:/usr/share/graylog/data/config
labels:
- "traefik.enable=true"
- "traefik.http.routers.graylog.rule=Host(`{{ graylog_domain }}`)"
- "traefik.http.routers.graylog.tls=true"
- "traefik.http.routers.graylog.tls.certresolver=letsencrypt"
- "traefik.http.services.graylog.loadbalancer.server.port=9000"
networks:
- internal
- {{ sovereign_network_name }}
networks:
internal:
{{ sovereign_network_name }}:
external: true