feat: add comprehensive access logging to Graylog with GeoIP

- Add fluent-bit inputs for Caddy access logs (JSON) and SSH logs
- Create GeoIP task to download MaxMind GeoLite2-City database
- Mount GeoIP database in Graylog container
- Enable Gitea access logging via environment variables
- Add parsers.conf for Caddy JSON log parsing
- Remove unused nosql/redis container and configuration

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

ansible/roles/podman/defaults/main.yml

@@ -10,7 +10,7 @@ fulfillr_path: "{{ podman_volumes }}/fulfillr"
 gregtime_path: "{{ podman_volumes }}/gregtime"
 hass_path: "{{ podman_volumes }}/hass"
 # nginx_path: removed - nginx no longer used
-nosql_path: "{{ podman_volumes }}/nosql"
+# nosql_path: removed - nosql/redis no longer used
 partkeepr_path: "{{ podman_volumes }}/partkeepr"
 partsy_path: "{{ podman_volumes }}/partsy"
 photos_path: "{{ podman_volumes }}/photos"
@@ -112,3 +112,25 @@ logs_server_name: logs.debyl.io
 
 # Fluent Bit is deployed as a systemd service (not container)
 # for direct journal access - see containers/base/fluent-bit.yml
+
+# Fluent-bit Caddy log forwarding
+caddy_log_path: "{{ caddy_path }}/logs"
+caddy_log_names:
+  - caddy
+  - photos
+  - wiki
+  - assistant
+  - parts
+  - uptime-kuma
+  - graylog
+  - cloud
+  - cloud-skudak
+  - gitea-debyl
+  - fulfillr
+
+# GeoIP configuration for Graylog
+# Requires free MaxMind account: https://dev.maxmind.com/geoip/geolite2-free-geolocation-data
+geoip_path: "{{ graylog_path }}/geoip"
+geoip_database_edition: GeoLite2-City
+# geoip_maxmind_account_id: defined in vault
+# geoip_maxmind_license_key: defined in vault