LibrePortal/containers/crowdsec/crowdsec.config
librelad 875a60f90f LibrePortal v0.1.0 — initial release
A free, open, self-hosted app platform (GNU AGPLv3): one-click app deploys,
Traefik reverse proxy with automatic SSL, rootless Docker support, gluetun
VPN routing, and a web dashboard to manage it all.

Free & open forever to self-host; optional paid hosted services fund it.
See PROMISE.md.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

Signed-off-by: librelad <librelad@digitalangels.vip>
2026-05-21 20:37:54 +01:00

69 lines
3.5 KiB
Plaintext

#
# =============================================================================
# GENERAL CONFIGURATION
# =============================================================================
# APP_NAME = name of application for use in scripts
# HOST_INSTALL = true means apt + systemd install on the host, not Docker
# HOST_PACKAGE = dpkg package name; drives the "installed" badge
# HOST_SERVICE = primary systemd unit; stop/restart actions hit this
# HOST_SERVICES = all units; feeds the Services + Logs tabs
# HOST_LOG_FILES = <unit>|<path>,... mapping for the log viewer
# BACKUP = include in backup operations
# MONITORING = if true, export this app's metrics to Prometheus + Grafana (needs both apps installed; ships the official CrowdSec Grafana dashboards)
# PROMETHEUS_LISTEN = address CrowdSec's metrics endpoint binds to; must be reachable from the Prometheus container (default: all interfaces, port 6060 — keep the :6060 port)
#
CFG_CROWDSEC_APP_NAME=crowdsec
CFG_CROWDSEC_HOST_INSTALL=true
CFG_CROWDSEC_HOST_PACKAGE=crowdsec
CFG_CROWDSEC_HOST_SERVICE=crowdsec
CFG_CROWDSEC_HOST_SERVICES=crowdsec.service,crowdsec-firewall-bouncer.service
CFG_CROWDSEC_HOST_LOG_FILES="crowdsec.service|/var/log/crowdsec.log,crowdsec-firewall-bouncer.service|/var/log/crowdsec-firewall-bouncer.log"
CFG_CROWDSEC_BACKUP=true
CFG_CROWDSEC_MONITORING=false
CFG_CROWDSEC_PROMETHEUS_LISTEN=0.0.0.0:6060
#
# =============================================================================
# BEHAVIOUR
# =============================================================================
# ENABLED = master switch; false disables services (package stays)
# AUTO_UPDATE = pull hub parser/scenario updates from hub.crowdsec.net
# COMMUNITY_BLOCKLIST = subscribe to the free pooled blocklist (CAPI)
# CONSOLE_ENROLL = enroll this agent with the hosted SaaS at app.crowdsec.net (NOT the local dashboard)
# CONSOLE_TOKEN = enrollment token from app.crowdsec.net (only used when CONSOLE_ENROLL=true)
# BOUNCER = attach the Traefik bouncer middleware to every public route
#
CFG_CROWDSEC_ENABLED=true
CFG_CROWDSEC_AUTO_UPDATE=true
CFG_CROWDSEC_COMMUNITY_BLOCKLIST=true
CFG_CROWDSEC_CONSOLE_ENROLL=false
CFG_CROWDSEC_CONSOLE_TOKEN=
CFG_CROWDSEC_BOUNCER=true
#
# =============================================================================
# METADATA
# =============================================================================
# CATEGORY = grouping in the app grid
# TITLE = display name
# DESCRIPTION = one-liner
# LONG_DESCRIPTION = card body text
# URL = source / docs link
# ACTIONS = available lifecycle verbs
#
CFG_CROWDSEC_CATEGORY="security,recommended"
CFG_CROWDSEC_TITLE="CrowdSec"
CFG_CROWDSEC_DESCRIPTION="Intrusion Prevention"
CFG_CROWDSEC_LONG_DESCRIPTION="CrowdSec is an open-source intrusion prevention system. It detects attacks from log patterns — brute-force, scans, web exploits — and blocks offending IPs at the firewall. Includes community-shared threat intelligence."
CFG_CROWDSEC_URL="https://www.crowdsec.net"
CFG_CROWDSEC_ACTIONS="configure|install|restart|shutdown|uninstall|tools"
#
# =============================================================================
# ADVANCED
# =============================================================================
# LAPI_HOST = LAPI bind address; 0.0.0.0 so Traefik can reach via host.docker.internal
# BOUNCER_NAME_TRAEFIK = bouncer name registered with cscli bouncers add
# TRAEFIK_LAPI_KEY = auto-generated by installCrowdsec; use the rotate Tools action to change
#
CFG_CROWDSEC_LAPI_HOST=0.0.0.0:8080
CFG_CROWDSEC_BOUNCER_NAME_TRAEFIK=traefik-bouncer
CFG_CROWDSEC_TRAEFIK_LAPI_KEY=