Nixos-Configuration/configurations/nixos/graylog-tofu/default.nix

{
  flake,
  modulesPath,
  lib,
  config,
  pkgs,
  ...
}:

let
  inherit (flake) inputs;
  inherit (inputs) self;
in
{
  imports = [
    self.nixosModules.default
    "${modulesPath}/virtualisation/lxc-container.nix"
  ];
  nixpkgs.config.allowUnfreePredicate =
    pkg:
    builtins.elem (lib.getName pkg) [
      "graylog_6.0"
      "mongodb-6_0"
      "mongodb"
    ];

  sops.secrets.graylog = {
    owner = "graylog";
    group = "graylog";
  };
  systemd.services.graylog.serviceConfig.EnvironmentFile = config.sops.secrets.graylog.path;
  services = {
    graylog = {
      enable = true;
      extraConfig = ''
        http_external_uri = https://graylog.example.com/
      '';
      elasticsearchHosts = [ "http://127.0.0.1:9200" ];
      package = pkgs.graylog-6_0;
      passwordSecret = "";
      rootPasswordSha2 = "";
    };
    mongodb = {
      enable = true;
      package = pkgs.mongodb-6_0;
    };
    opensearch = {
      enable = true;
      settings = {
        "cluster.name" = "default";
      };
    };
  };
  deploy = {
    enable = false;
  };
  networking = {
    hostName = "graylog-tofu";
  };
  environment.systemPackages = [
  ];
  system.stateVersion = "25.05";
}