feature: added inital graylog config with secrets

configurations/nixos/graylog-tofu/default.nix

@@ -0,0 +1,63 @@
+{
+  flake,
+  modulesPath,
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+
+let
+  inherit (flake) inputs;
+  inherit (inputs) self;
+in
+{
+  imports = [
+    self.nixosModules.default
+    "${modulesPath}/virtualisation/lxc-container.nix"
+  ];
+  nixpkgs.config.allowUnfreePredicate =
+    pkg:
+    builtins.elem (lib.getName pkg) [
+      "graylog_6.0"
+      "mongodb-6_0"
+      "mongodb"
+    ];
+
+  sops.secrets.graylog = {
+    owner = "graylog";
+    group = "graylog";
+  };
+  systemd.services.graylog.serviceConfig.EnvironmentFile = config.sops.secrets.graylog.path;
+  services = {
+    graylog = {
+      enable = true;
+      extraConfig = ''
+        http_external_uri = https://graylog.example.com/
+      '';
+      elasticsearchHosts = [ "http://127.0.0.1:9200" ];
+      package = pkgs.graylog-6_0;
+      passwordSecret = "";
+      rootPasswordSha2 = "";
+    };
+    mongodb = {
+      enable = true;
+      package = pkgs.mongodb-6_0;
+    };
+    opensearch = {
+      enable = true;
+      settings = {
+        "cluster.name" = "default";
+      };
+    };
+  };
+  deploy = {
+    enable = false;
+  };
+  networking = {
+    hostName = "graylog-tofu";
+  };
+  environment.systemPackages = [
+  ];
+  system.stateVersion = "25.05";
+}