name: ids
volumes:
  logs: {}
  grafana-storage: {}
services:
  suricata:
    stdin_open: true
    tty: true
    network_mode: host
    volumes:
      - ./eve.json:/var/log/suricata/eve.json:rw
      - ./suricata:/etc/suricata
      - ./suricata-rules:/var/lib/suricata/rules
    cap_add:
      - net_admin
      - net_raw
      - sys_nice
    image: jasonish/suricata:latest
    command: -i eth0

  loki:
    image: grafana/loki:2.9.2
    ports:
      - "3100:3100"
    volumes:
      - ./loki-local-config.yaml:/etc/loki/local-config.yaml
    command: -config.file=/etc/loki/local-config.yaml

  promtail:
    image: grafana/promtail:2.9.2
    stdin_open: true
    tty: true
    volumes:
      - ./eve.json:/var/log/eve.json:ro
      - ./promtail-config.yml:/etc/promtail/config.yml
    command: -config.file=/etc/promtail/config.yml

  grafana:
    volumes:
      - grafana-storage:/var/lib/grafana
    environment:
      - GF_PATHS_PROVISIONING=/etc/grafana/provisioning
      - GF_AUTH_ANONYMOUS_ENABLED=true
      - GF_AUTH_ANONYMOUS_ORG_ROLE=Admin
    entrypoint:
      - sh
      - -euc
      - |
        mkdir -p /etc/grafana/provisioning/datasources
        cat <<EOF > /etc/grafana/provisioning/datasources/ds.yaml
        apiVersion: 1
        datasources:
        - name: Loki
          type: loki
          access: proxy 
          orgId: 1
          url: http://loki:3100
          basicAuth: false
          isDefault: true
          version: 1
          editable: false
        EOF
        /run.sh
    image: grafana/grafana:latest
    ports:
      - "3000:3000"