Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| cc9c76d958 | |||
| 3fd5a39866 | |||
| 05fe650895 |
@@ -39,7 +39,7 @@
|
|||||||
| flaresolverr | ghcr.io/flaresolverr/flaresolverr:latest |
|
| flaresolverr | ghcr.io/flaresolverr/flaresolverr:latest |
|
||||||
| freescout | tiredofit/freescout:latest |
|
| freescout | tiredofit/freescout:latest |
|
||||||
| ghost | ghost:latest |
|
| ghost | ghost:latest |
|
||||||
| gitea | gitea/gitea:1.23.1 |
|
| gitea | gitea/gitea:1.24.0 |
|
||||||
| gitea-db | postgres:14 |
|
| gitea-db | postgres:14 |
|
||||||
| gitea-runner | gitea/act_runner:latest |
|
| gitea-runner | gitea/act_runner:latest |
|
||||||
| gitea-sonarqube-bot | justusbunsi/gitea-sonarqube-bot:v0.4.0 |
|
| gitea-sonarqube-bot | justusbunsi/gitea-sonarqube-bot:v0.4.0 |
|
||||||
|
|||||||
@@ -0,0 +1,49 @@
|
|||||||
|
common:
|
||||||
|
daemonize: false
|
||||||
|
log_media: stdout
|
||||||
|
log_level: info
|
||||||
|
log_dir: /var/log/
|
||||||
|
config_paths:
|
||||||
|
config_dir: /etc/crowdsec/
|
||||||
|
data_dir: /var/lib/crowdsec/data/
|
||||||
|
simulation_path: /etc/crowdsec/simulation.yaml
|
||||||
|
hub_dir: /etc/crowdsec/hub/
|
||||||
|
index_path: /etc/crowdsec/hub/.index.json
|
||||||
|
notification_dir: /etc/crowdsec/notifications/
|
||||||
|
plugin_dir: /usr/local/lib/crowdsec/plugins/
|
||||||
|
crowdsec_service:
|
||||||
|
acquisition_path: /etc/crowdsec/acquis.yaml
|
||||||
|
acquisition_dir: /etc/crowdsec/acquis.d
|
||||||
|
parser_routines: 1
|
||||||
|
plugin_config:
|
||||||
|
user: nobody
|
||||||
|
group: nobody
|
||||||
|
cscli:
|
||||||
|
output: human
|
||||||
|
db_config:
|
||||||
|
log_level: info
|
||||||
|
type: sqlite
|
||||||
|
db_path: /var/lib/crowdsec/data/crowdsec.db
|
||||||
|
flush:
|
||||||
|
max_items: 5000
|
||||||
|
max_age: 7d
|
||||||
|
use_wal: false
|
||||||
|
api:
|
||||||
|
client:
|
||||||
|
insecure_skip_verify: false
|
||||||
|
credentials_path: /etc/crowdsec/local_api_credentials.yaml
|
||||||
|
server:
|
||||||
|
log_level: info
|
||||||
|
listen_uri: 0.0.0.0:8080
|
||||||
|
profiles_path: /etc/crowdsec/profiles.yaml
|
||||||
|
trusted_ips: # IP ranges, or IPs which can have admin API access
|
||||||
|
- 127.0.0.1
|
||||||
|
- ::1
|
||||||
|
online_client: # Central API credentials (to push signals and receive bad IPs)
|
||||||
|
credentials_path: /etc/crowdsec/online_api_credentials.yaml
|
||||||
|
enable: true
|
||||||
|
prometheus:
|
||||||
|
enabled: true
|
||||||
|
level: full
|
||||||
|
listen_addr: 0.0.0.0
|
||||||
|
listen_port: 6060
|
||||||
@@ -0,0 +1,6 @@
|
|||||||
|
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||||
|
{% set secrets_path = 'rinoa-docker/env' %}
|
||||||
|
|
||||||
|
url: https://api.crowdsec.net/
|
||||||
|
login: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['CROWDSEC_ONLINE_PASSWORD'] }}
|
||||||
|
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['CROWDSEC_ONLINE_PASSWORD'] }}
|
||||||
+7
-30
@@ -722,36 +722,13 @@ services:
|
|||||||
security_opt:
|
security_opt:
|
||||||
- no-new-privileges=true
|
- no-new-privileges=true
|
||||||
volumes:
|
volumes:
|
||||||
- source: ${DOCKER_VOLUME_CONFIG}/crowdsec/config.yaml.local
|
- ${DOCKER_VOLUME_CONFIG}/crowdsec/config.yaml.local:/etc/crowdsec/config.yaml
|
||||||
target: /etc/crowdsec/config.yaml.local
|
- ${DOCKER_VOLUME_CONFIG}/crowdsec/local-api-credentials.yaml:/etc/crowdsec/local_api_credentials.yaml
|
||||||
type: bind
|
- ${DOCKER_VOLUME_CONFIG}/crowdsec/online-api-credentials.yaml:/etc/crowdsec/online_api_credentials.yaml
|
||||||
bind:
|
- ${DOCKER_VOLUME_CONFIG}/swag/log/nginx:/var/log/swag:ro
|
||||||
create_host_path: true
|
- crowdsec-config:/etc/crowdsec
|
||||||
- source: ${DOCKER_VOLUME_CONFIG}/crowdsec/local_api_credentials.yaml.local
|
- crowdsec-db:/var/lib/crowdsec/data
|
||||||
target: /etc/crowdsec/local_api_credentials.yaml.local
|
- /var/log/journal:/var/log/host:ro
|
||||||
type: bind
|
|
||||||
bind:
|
|
||||||
create_host_path: true
|
|
||||||
- read_only: true
|
|
||||||
source: ${DOCKER_VOLUME_CONFIG}/swag/log/nginx
|
|
||||||
target: /var/log/swag
|
|
||||||
type: bind
|
|
||||||
bind:
|
|
||||||
create_host_path: true
|
|
||||||
- source: crowdsec-config
|
|
||||||
target: /etc/crowdsec
|
|
||||||
type: volume
|
|
||||||
volume: {}
|
|
||||||
- source: crowdsec-db
|
|
||||||
target: /var/lib/crowdsec/data
|
|
||||||
type: volume
|
|
||||||
volume: {}
|
|
||||||
- bind:
|
|
||||||
create_host_path: true
|
|
||||||
read_only: true
|
|
||||||
source: /var/log/journal
|
|
||||||
target: /var/log/host
|
|
||||||
type: bind
|
|
||||||
crowdsec-dashboard:
|
crowdsec-dashboard:
|
||||||
container_name: crowdsec-dashboard
|
container_name: crowdsec-dashboard
|
||||||
depends_on:
|
depends_on:
|
||||||
|
|||||||
Reference in New Issue
Block a user