Initial commit after Claude implementation

2026-03-23 14:29:32 -03:00
commit 5920d3fd7a
62 changed files with 1847 additions and 0 deletions
@@ -0,0 +1,70 @@
+services:
+  mongodb:
+    image: mongo:{{ mongodb_version }}
+    container_name: graylog-mongodb
+    restart: unless-stopped
+    volumes:
+      - {{ graylog_data_dir }}/data/mongodb:/data/db
+    networks:
+      - internal
+
+  opensearch:
+    image: opensearchproject/opensearch:{{ opensearch_version }}
+    container_name: graylog-opensearch
+    restart: unless-stopped
+    environment:
+      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
+      - "bootstrap.memory_lock=true"
+      - "discovery.type=single-node"
+      - "action.auto_create_index=false"
+      - "plugins.security.ssl.http.enabled=false"
+      - "plugins.security.disabled=true"
+      - "OPENSEARCH_INITIAL_ADMIN_PASSWORD=changeme_os_admin"
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+    volumes:
+      - {{ graylog_data_dir }}/opensearch:/usr/share/opensearch/data
+    networks:
+      - internal
+
+  graylog:
+    image: graylog/graylog:{{ graylog_version }}
+    container_name: graylog
+    restart: unless-stopped
+    depends_on:
+      - mongodb
+      - opensearch
+    environment:
+      GRAYLOG_NODE_ID_FILE: "/usr/share/graylog/data/config/node-id"
+      GRAYLOG_HTTP_BIND_ADDRESS: "0.0.0.0:9000"
+      GRAYLOG_ELASTICSEARCH_HOSTS: "http://opensearch:9200"
+      GRAYLOG_MONGODB_URI: "mongodb://mongodb:27017/graylog"
+      GRAYLOG_PASSWORD_SECRET: "{{ graylog_password_secret }}"
+      GRAYLOG_ROOT_PASSWORD_SHA2: "{{ graylog_root_password_sha2 }}"
+      GRAYLOG_HTTP_EXTERNAL_URI: "https://{{ graylog_domain }}/"
+      GRAYLOG_TRANSPORT_EMAIL_ENABLED: "true"
+      GRAYLOG_TRANSPORT_EMAIL_HOSTNAME: "{{ smtp_host }}"
+      GRAYLOG_TRANSPORT_EMAIL_PORT: "{{ smtp_port }}"
+      GRAYLOG_TRANSPORT_EMAIL_FROM_EMAIL: "{{ smtp_from }}"
+    ports:
+      - "127.0.0.1:9000:9000"
+      - "0.0.0.0:12201:12201/udp"   # GELF UDP - must be accessible from all containers
+    volumes:
+      - {{ graylog_data_dir }}/data/graylog:/usr/share/graylog/data
+      - {{ graylog_data_dir }}/config:/usr/share/graylog/data/config
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.graylog.rule=Host(`{{ graylog_domain }}`)"
+      - "traefik.http.routers.graylog.tls=true"
+      - "traefik.http.routers.graylog.tls.certresolver=letsencrypt"
+      - "traefik.http.services.graylog.loadbalancer.server.port=9000"
+    networks:
+      - internal
+      - {{ sovereign_network_name }}
+
+networks:
+  internal:
+  {{ sovereign_network_name }}:
+    external: true