Every backup-scope app now carries CFG_<APP>_BACKUP_STRATEGY=auto, so the Backup Strategy dropdown appears in each app's Advanced tab — not just the DB apps. To keep it honest, the 'live' option is hidden where it isn't safe: - apps.json generator emits backup_live_capable per app (from compose backup labels: a dumpable DB, or a live-safe marker). - apps-manager filters the live option out of the strategy select when the current app isn't live-capable, so apps like gitea/focalboard (a DB we don't yet dump) never offer it. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Signed-off-by: librelad <librelad@digitalangels.vip>
70 lines
3.6 KiB
Plaintext
70 lines
3.6 KiB
Plaintext
#
|
|
# =============================================================================
|
|
# GENERAL CONFIGURATION
|
|
# =============================================================================
|
|
# APP_NAME = name of application for use in scripts
|
|
# HOST_INSTALL = true means apt + systemd install on the host, not Docker
|
|
# HOST_PACKAGE = dpkg package name; drives the "installed" badge
|
|
# HOST_SERVICE = primary systemd unit; stop/restart actions hit this
|
|
# HOST_SERVICES = all units; feeds the Services + Logs tabs
|
|
# HOST_LOG_FILES = <unit>|<path>,... mapping for the log viewer
|
|
# BACKUP = include in backup operations
|
|
# MONITORING = if true, export this app's metrics to Prometheus + Grafana (needs both apps installed; ships the official CrowdSec Grafana dashboards)
|
|
# PROMETHEUS_LISTEN = address CrowdSec's metrics endpoint binds to; must be reachable from the Prometheus container (default: all interfaces, port 6060 — keep the :6060 port)
|
|
#
|
|
CFG_CROWDSEC_APP_NAME=crowdsec
|
|
CFG_CROWDSEC_HOST_INSTALL=true
|
|
CFG_CROWDSEC_HOST_PACKAGE=crowdsec
|
|
CFG_CROWDSEC_HOST_SERVICE=crowdsec
|
|
CFG_CROWDSEC_HOST_SERVICES=crowdsec.service,crowdsec-firewall-bouncer.service
|
|
CFG_CROWDSEC_HOST_LOG_FILES="crowdsec.service|/var/log/crowdsec.log,crowdsec-firewall-bouncer.service|/var/log/crowdsec-firewall-bouncer.log"
|
|
CFG_CROWDSEC_BACKUP=true
|
|
CFG_CROWDSEC_BACKUP_STRATEGY=auto
|
|
CFG_CROWDSEC_MONITORING=false
|
|
CFG_CROWDSEC_PROMETHEUS_LISTEN=0.0.0.0:6060
|
|
#
|
|
# =============================================================================
|
|
# BEHAVIOUR
|
|
# =============================================================================
|
|
# ENABLED = master switch; false disables services (package stays)
|
|
# AUTO_UPDATE = pull hub parser/scenario updates from hub.crowdsec.net
|
|
# COMMUNITY_BLOCKLIST = subscribe to the free pooled blocklist (CAPI)
|
|
# CONSOLE_ENROLL = enroll this agent with the hosted SaaS at app.crowdsec.net (NOT the local dashboard)
|
|
# CONSOLE_TOKEN = enrollment token from app.crowdsec.net (only used when CONSOLE_ENROLL=true)
|
|
# BOUNCER = attach the Traefik bouncer middleware to every public route
|
|
#
|
|
CFG_CROWDSEC_ENABLED=true
|
|
CFG_CROWDSEC_AUTO_UPDATE=true
|
|
CFG_CROWDSEC_COMMUNITY_BLOCKLIST=true
|
|
CFG_CROWDSEC_CONSOLE_ENROLL=false
|
|
CFG_CROWDSEC_CONSOLE_TOKEN=
|
|
CFG_CROWDSEC_BOUNCER=true
|
|
#
|
|
# =============================================================================
|
|
# METADATA
|
|
# =============================================================================
|
|
# CATEGORY = grouping in the app grid
|
|
# TITLE = display name
|
|
# DESCRIPTION = one-liner
|
|
# LONG_DESCRIPTION = card body text
|
|
# URL = source / docs link
|
|
# ACTIONS = available lifecycle verbs
|
|
#
|
|
CFG_CROWDSEC_CATEGORY="security,recommended"
|
|
CFG_CROWDSEC_TITLE="CrowdSec"
|
|
CFG_CROWDSEC_DESCRIPTION="Intrusion Prevention"
|
|
CFG_CROWDSEC_LONG_DESCRIPTION="CrowdSec is an open-source intrusion prevention system. It detects attacks from log patterns — brute-force, scans, web exploits — and blocks offending IPs at the firewall. Includes community-shared threat intelligence."
|
|
CFG_CROWDSEC_URL="https://www.crowdsec.net"
|
|
CFG_CROWDSEC_ACTIONS="configure|install|restart|shutdown|uninstall|tools"
|
|
#
|
|
# =============================================================================
|
|
# ADVANCED
|
|
# =============================================================================
|
|
# LAPI_HOST = LAPI bind address; 0.0.0.0 so Traefik can reach via host.docker.internal
|
|
# BOUNCER_NAME_TRAEFIK = bouncer name registered with cscli bouncers add
|
|
# TRAEFIK_LAPI_KEY = auto-generated by installCrowdsec; use the rotate Tools action to change
|
|
#
|
|
CFG_CROWDSEC_LAPI_HOST=0.0.0.0:8080
|
|
CFG_CROWDSEC_BOUNCER_NAME_TRAEFIK=traefik-bouncer
|
|
CFG_CROWDSEC_TRAEFIK_LAPI_KEY=
|