# # ============================================================================= # GENERAL CONFIGURATION # ============================================================================= # APP_NAME = name of application for use in scripts # HOST_INSTALL = true means apt + systemd install on the host, not Docker # HOST_PACKAGE = dpkg package name; drives the "installed" badge # HOST_SERVICE = primary systemd unit; stop/restart actions hit this # HOST_SERVICES = all units; feeds the Services + Logs tabs # HOST_LOG_FILES = |,... mapping for the log viewer # BACKUP = include in backup operations # MONITORING = if true, export this app's metrics to Prometheus + Grafana (needs both apps installed; ships the official CrowdSec Grafana dashboards) # PROMETHEUS_LISTEN = address CrowdSec's metrics endpoint binds to; must be reachable from the Prometheus container (default: all interfaces, port 6060 — keep the :6060 port) # CFG_CROWDSEC_APP_NAME=crowdsec CFG_CROWDSEC_HOST_INSTALL=true CFG_CROWDSEC_HOST_PACKAGE=crowdsec CFG_CROWDSEC_HOST_SERVICE=crowdsec CFG_CROWDSEC_HOST_SERVICES=crowdsec.service,crowdsec-firewall-bouncer.service CFG_CROWDSEC_HOST_LOG_FILES="crowdsec.service|/var/log/crowdsec.log,crowdsec-firewall-bouncer.service|/var/log/crowdsec-firewall-bouncer.log" CFG_CROWDSEC_BACKUP=true CFG_CROWDSEC_MONITORING=false CFG_CROWDSEC_PROMETHEUS_LISTEN=0.0.0.0:6060 # # ============================================================================= # BEHAVIOUR # ============================================================================= # ENABLED = master switch; false disables services (package stays) # AUTO_UPDATE = pull hub parser/scenario updates from hub.crowdsec.net # COMMUNITY_BLOCKLIST = subscribe to the free pooled blocklist (CAPI) # CONSOLE_ENROLL = enroll this agent with the hosted SaaS at app.crowdsec.net (NOT the local dashboard) # CONSOLE_TOKEN = enrollment token from app.crowdsec.net (only used when CONSOLE_ENROLL=true) # BOUNCER = attach the Traefik bouncer middleware to every public route # CFG_CROWDSEC_ENABLED=true CFG_CROWDSEC_AUTO_UPDATE=true CFG_CROWDSEC_COMMUNITY_BLOCKLIST=true CFG_CROWDSEC_CONSOLE_ENROLL=false CFG_CROWDSEC_CONSOLE_TOKEN= CFG_CROWDSEC_BOUNCER=true # # ============================================================================= # METADATA # ============================================================================= # CATEGORY = grouping in the app grid # TITLE = display name # DESCRIPTION = one-liner # LONG_DESCRIPTION = card body text # URL = source / docs link # ACTIONS = available lifecycle verbs # CFG_CROWDSEC_CATEGORY="security,recommended" CFG_CROWDSEC_TITLE="CrowdSec" CFG_CROWDSEC_DESCRIPTION="Intrusion Prevention" CFG_CROWDSEC_LONG_DESCRIPTION="CrowdSec is an open-source intrusion prevention system. It detects attacks from log patterns — brute-force, scans, web exploits — and blocks offending IPs at the firewall. Includes community-shared threat intelligence." CFG_CROWDSEC_URL="https://www.crowdsec.net" CFG_CROWDSEC_ACTIONS="configure|install|restart|shutdown|uninstall|tools" # # ============================================================================= # ADVANCED # ============================================================================= # LAPI_HOST = LAPI bind address; 0.0.0.0 so Traefik can reach via host.docker.internal # BOUNCER_NAME_TRAEFIK = bouncer name registered with cscli bouncers add # TRAEFIK_LAPI_KEY = auto-generated by installCrowdsec; use the rotate Tools action to change # CFG_CROWDSEC_LAPI_HOST=0.0.0.0:8080 CFG_CROWDSEC_BOUNCER_NAME_TRAEFIK=traefik-bouncer CFG_CROWDSEC_TRAEFIK_LAPI_KEY=