Initial commit after Claude implementation

2026-03-23 14:29:32 -03:00
commit 5920d3fd7a
62 changed files with 1847 additions and 0 deletions
@@ -0,0 +1,3 @@
+---
+wazuh_data_dir: "{{ sovereign_base_dir }}/wazuh"
+wazuh_indexer_memory: "512m"
@@ -0,0 +1,6 @@
+---
+- name: restart wazuh
+  community.docker.docker_compose_v2:
+    project_src: "{{ wazuh_data_dir }}"
+    state: present
+    recreate: always
@@ -0,0 +1,28 @@
+---
+- name: Create Wazuh directories
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    mode: '0755'
+  loop:
+    - "{{ wazuh_data_dir }}"
+    - "{{ wazuh_data_dir }}/config"
+
+- name: Set vm.max_map_count for Wazuh indexer (OpenSearch)
+  ansible.posix.sysctl:
+    name: vm.max_map_count
+    value: '262144'
+    state: present
+    sysctl_set: true
+
+- name: Deploy Wazuh docker-compose
+  ansible.builtin.template:
+    src: docker-compose.yml.j2
+    dest: "{{ wazuh_data_dir }}/docker-compose.yml"
+    mode: '0644'
+  notify: restart wazuh
+
+- name: Start Wazuh
+  community.docker.docker_compose_v2:
+    project_src: "{{ wazuh_data_dir }}"
+    state: present
@@ -0,0 +1,106 @@
+services:
+  wazuh-manager:
+    image: wazuh/wazuh-manager:{{ wazuh_version }}
+    container_name: wazuh-manager
+    restart: unless-stopped
+    hostname: wazuh.manager
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+      nofile:
+        soft: 655360
+        hard: 655360
+    environment:
+      INDEXER_URL: "https://wazuh-indexer:9200"
+      INDEXER_USERNAME: admin
+      INDEXER_PASSWORD: "{{ wazuh_admin_password }}"
+      FILEBEAT_SSL_VERIFICATION_MODE: full
+      SSL_CERTIFICATE_AUTHORITIES: /etc/ssl/root-ca.pem
+      SSL_CERTIFICATE: /etc/ssl/filebeat.pem
+      SSL_KEY: /etc/ssl/filebeat.key
+      API_USERNAME: wazuh-wui
+      API_PASSWORD: "{{ wazuh_api_password }}"
+    ports:
+      - "1514:1514"
+      - "1515:1515"
+      - "514:514/udp"
+      - "55000:55000"
+    volumes:
+      - {{ wazuh_data_dir }}/wazuh-manager-master:/var/ossec/data
+      - {{ wazuh_data_dir }}/wazuh-indexer-certs/root-ca-manager.pem:/etc/ssl/root-ca.pem
+      - {{ wazuh_data_dir }}/wazuh-indexer-certs/wazuh.manager.pem:/etc/ssl/filebeat.pem
+      - {{ wazuh_data_dir }}/wazuh-indexer-certs/wazuh.manager-key.pem:/etc/ssl/filebeat.key
+      - {{ wazuh_data_dir }}/config:/wazuh-config-mount/etc
+    networks:
+      - internal
+      - {{ sovereign_network_name }}
+    logging:
+      driver: gelf
+      options:
+        gelf-address: "udp://{{ graylog_host }}:{{ graylog_gelf_port }}"
+        tag: "wazuh-manager"
+
+  wazuh-indexer:
+    image: wazuh/wazuh-indexer:{{ wazuh_version }}
+    container_name: wazuh-indexer
+    restart: unless-stopped
+    hostname: wazuh-indexer
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+      nofile:
+        soft: 65536
+        hard: 65536
+    environment:
+      OPENSEARCH_JAVA_OPTS: "-Xms{{ wazuh_indexer_memory }} -Xmx{{ wazuh_indexer_memory }}"
+    volumes:
+      - {{ wazuh_data_dir }}/wazuh-indexer-data:/var/lib/wazuh-indexer
+      - {{ wazuh_data_dir }}/wazuh-indexer-certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
+      - {{ wazuh_data_dir }}/wazuh-indexer-certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.key
+      - {{ wazuh_data_dir }}/wazuh-indexer-certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem
+      - {{ wazuh_data_dir }}/wazuh-indexer-certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem
+      - {{ wazuh_data_dir }}/wazuh-indexer-certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem
+    networks:
+      - internal
+
+  wazuh-dashboard:
+    image: wazuh/wazuh-dashboard:{{ wazuh_version }}
+    container_name: wazuh-dashboard
+    restart: unless-stopped
+    hostname: wazuh-dashboard
+    depends_on:
+      - wazuh-indexer
+    environment:
+      INDEXER_USERNAME: admin
+      INDEXER_PASSWORD: "{{ wazuh_admin_password }}"
+      WAZUH_API_URL: https://wazuh-manager
+      DASHBOARD_USERNAME: kibanaserver
+      DASHBOARD_PASSWORD: "{{ wazuh_admin_password }}"
+      API_USERNAME: wazuh-wui
+      API_PASSWORD: "{{ wazuh_api_password }}"
+    volumes:
+      - {{ wazuh_data_dir }}/wazuh-indexer-certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
+      - {{ wazuh_data_dir }}/wazuh-indexer-certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
+      - {{ wazuh_data_dir }}/wazuh-indexer-certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.wazuh.rule=Host(`{{ wazuh_domain }}`)"
+      - "traefik.http.routers.wazuh.tls=true"
+      - "traefik.http.routers.wazuh.tls.certresolver=letsencrypt"
+      - "traefik.http.services.wazuh.loadbalancer.server.port=5601"
+      - "traefik.http.services.wazuh.loadbalancer.server.scheme=https"
+    networks:
+      - internal
+      - {{ sovereign_network_name }}
+    logging:
+      driver: gelf
+      options:
+        gelf-address: "udp://{{ graylog_host }}:{{ graylog_gelf_port }}"
+        tag: "wazuh-dashboard"
+
+networks:
+  internal:
+  {{ sovereign_network_name }}:
+    external: true