Vish/homelab-optimized
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
25c35324145d8ca2675f28588e10c8c9972aae28
homelab-optimized/hosts/vms/matrix-ubuntu/crowdsec.yaml
Gitea Mirror Bot 25c3532414
Some checks failed
Documentation / Deploy to GitHub Pages (push) Has been cancelled
Details
Documentation / Build Docusaurus (push) Has been cancelled
Details
Sanitized mirror from private repository - 2026-04-19 09:44:40 UTC
2026-04-19 09:44:40 +00:00

64 lines
2.4 KiB
YAML
Raw Blame History

# CrowdSec Security Stack - Intrusion Detection & Prevention
# =============================================================================
# Co-located with NPM on matrix-ubuntu for direct log access (no rsync needed).
# CrowdSec engine (LAPI) parses NPM access/error logs and host syslog.
# Blocking is handled by crowdsec-firewall-bouncer-nftables installed on the
# host (not containerized) — drops packets at the network layer via nftables,
# avoiding nginx auth_request conflicts with Authentik SSO.
#
# Ports: 8580 (LAPI), 6060 (Prometheus metrics)
#
# Setup steps after first deploy:
# 1. Install firewall bouncer on host:
# curl -s https://install.crowdsec.net | sudo sh
# sudo apt install crowdsec-firewall-bouncer-nftables
# 2. Generate bouncer API key:
# docker exec crowdsec cscli bouncers add firewall-bouncer
# 3. Configure /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml:
# api_url: http://127.0.0.1:8580/
# api_key: <generated key>
# deny_log: true
# 4. Start bouncer: sudo systemctl enable --now crowdsec-firewall-bouncer
# 5. Enroll in CrowdSec console (optional):
# docker exec crowdsec cscli console enroll <key>
#
# Collections installed via COLLECTIONS env var:
# - crowdsecurity/nginx-proxy-manager — NPM log parser + scenarios
# - crowdsecurity/base-http-scenarios — generic HTTP attack detection
# - crowdsecurity/http-cve — known CVE exploit detection
# - crowdsecurity/linux — SSH brute force, etc.
# =============================================================================
services:
crowdsec:
image: crowdsecurity/crowdsec:latest
container_name: crowdsec
restart: unless-stopped
security_opt:
- no-new-privileges:true
environment:
TZ: America/Los_Angeles
COLLECTIONS: >-
crowdsecurity/nginx-proxy-manager
crowdsecurity/base-http-scenarios
crowdsecurity/http-cve
crowdsecurity/linux
GID: "1000"
CROWDSEC_PROMETHEUS_LISTEN_ADDR: "0.0.0.0"
CROWDSEC_PROMETHEUS_LISTEN_PORT: "6060"
volumes:
- /opt/crowdsec/config:/etc/crowdsec
- /opt/crowdsec/data:/var/lib/crowdsec/data
# NPM logs — direct mount, same host
- /opt/npm/data/logs:/var/log/npm:ro
- /var/log:/var/log/host:ro
ports:
- "8580:8080"
- "6060:6060"
healthcheck:
test: ["CMD", "cscli", "version"]
interval: 30s
timeout: 10s
retries: 3
start_period: 30s
Reference in New Issue View Git Blame Copy Permalink