Homelab Wazuh Deployment

Why a security engineer running a small home network picked Wazuh over Splunk, Elastic, and Graylog, what hardware caught the job, and the 29-task implementation plan that went through 5 patches before a single playbook ran against the target server.

How a captain-orchestrated, nine-wave Ansible build went from clean repo to bootstrap-applied on a live HUNSN, including a sudo-rs surprise, a vault leak that demanded an immediate panic-rotate, a group_vars file shadowed by a directory of the same name, and a Multipass dry-run that caught two real playbook bugs before they could touch production.