nixos/hosts/fw/modules/wazuh.nix

{ config, pkgs, ... }:

{
  virtualisation.oci-containers.containers = {
    # Wazuh Manager Container
    wazuh-manager = {
      autoStart = false;
      image = "docker://wazuh/wazuh-manager:latest";
      volumes = [
        "/var/lib/wazuh:/var/ossec"
      ];
      extraOptions = [
        "--network=server"
        "--mac-address=10:10:00:00:00:01"
        "--ip=${config.networkPrefix}.97.31"
      ];
    };

    # Wazuh Indexer Container (Elasticsearch)
    wazuh-indexer = {
      autoStart = false;
      image = "docker://wazuh/wazuh-indexer:latest";
      volumes = [
        "/var/lib/wazuh-indexer:/usr/share/elasticsearch/data"
      ];
      environment = {
        "discovery.type" = "single-node";
      };
      extraOptions = [
        "--network=server"
        "--mac-address=10:10:00:00:00:02"
        "--ip=${config.networkPrefix}.97.32"
      ];
    };

    # Wazuh Dashboard Container (Kibana)
    wazuh-dashboard = {
      autoStart = false;
      image = "docker://wazuh/wazuh-dashboard:latest";
      volumes = [
        "/var/lib/wazuh-indexer:/usr/share/elasticsearch/data"
      ];
      environment = {
        "discovery.type" = "single-node";
      };
      environment = {
        # Optionally, configure to connect to the indexer/manager:
        WAZUH_INDEXER_URL = "http://wazuh-indexer.cloonar.com:9200";
        WAZUH_MANAGER_URL = "http://wazuh-manager.cloonar.com:55000";
      };
      extraOptions = [
        "--network=server"
        "--mac-address=10:10:00:00:00:03"
        "--ip=${config.networkPrefix}.97.33"
      ];
    };
  };
}