watchtower: set interval to 8 hours

memos: update
caddy fix
2026-05-29 15:35:59 +00:00 · 2026-05-28 12:07:53 +00:00 · 2026-05-28 12:07:18 +00:00 · 2026-05-20 12:37:14 +04:00 · 2026-05-17 18:41:08 +04:00 · 2026-05-17 14:17:17 +04:00
6 changed files with 28 additions and 5 deletions
@@ -53,10 +53,12 @@
 {$GITEA_DOMAIN} {
    import access-log
    request_body {
-        max_size 512MB
+        max_size 2048MB
    }
+    @not_registry not path /v2/*
    route {
-        import security
+        crowdsec
+        appsec @not_registry
        reverse_proxy http://gitea:3000 {
            header_up Host {http.request.host}
        }
@@ -4,6 +4,7 @@
 # and in caddy/.env (CADDY) and the host firewall bouncer config (FW).
 CROWDSEC_BOUNCER_KEY_CADDY=
 CROWDSEC_BOUNCER_KEY_FW=
+CROWDSEC_BOUNCER_KEY_EXPORTER=

 ############# Console enrollment #############
 # Enroll key from https://app.crowdsec.net (free).
@@ -26,6 +26,7 @@ services:
        Dominic-Wagner/vaultwarden
      BOUNCER_KEY_caddy: "${CROWDSEC_BOUNCER_KEY_CADDY}"
      BOUNCER_KEY_firewall: "${CROWDSEC_BOUNCER_KEY_FW}"
+      BOUNCER_KEY_exporter: "${CROWDSEC_BOUNCER_KEY_EXPORTER}"
      ENROLL_KEY: "${CROWDSEC_ENROLL_KEY:-}"
      ENROLL_INSTANCE_NAME: "${CROWDSEC_ENROLL_INSTANCE_NAME:-aykhans-prod}"
    ports:
@@ -36,6 +37,7 @@ services:
      - ./data/db:/var/lib/crowdsec/data
      - ./data/config:/etc/crowdsec
      - ./acquis.d:/etc/crowdsec/acquis.d:ro
+      - ./profiles/profiles.yaml:/etc/crowdsec/profiles.yaml:ro
      - ./parsers/s00-raw/stalwart-logs.yaml:/etc/crowdsec/parsers/s00-raw/stalwart-logs.yaml:ro
      - ./parsers/s01-parse/stalwart-logs-extended.yaml:/etc/crowdsec/parsers/s01-parse/stalwart-logs-extended.yaml:ro
      - ./parsers/s02-enrich/whitelist-trusted.yaml:/etc/crowdsec/parsers/s02-enrich/whitelist-trusted.yaml:ro
@@ -60,7 +62,7 @@ services:
      - caddy
    environment:
      CROWDSEC_LAPI_URL: "http://crowdsec:8080"
-      CROWDSEC_API_KEY: "${CROWDSEC_BOUNCER_KEY_CADDY}"
+      CROWDSEC_API_KEY: "${CROWDSEC_BOUNCER_KEY_EXPORTER}"
      POLL_INTERVAL_SECS: "30"
      LISTEN_PORT: "9100"
      GEOIP_CITY_DB: "/geoip/GeoLite2-City.mmdb"
@@ -0,0 +1,18 @@
+name: default_ip_remediation
+filters:
+  - Alert.Remediation == true && Alert.GetScope() == "Ip"
+duration_expr: Sprintf('%dh', min(730, (GetDecisionsCount(Alert.GetValue())+1)*4))
+decisions:
+  - type: ban
+    duration: 4h
+on_success: break
+
+---
+name: default_range_remediation
+filters:
+  - Alert.Remediation == true && Alert.GetScope() == "Range"
+duration_expr: Sprintf('%dh', min(730, (GetDecisionsCount(Alert.GetValue())+1)*4))
+decisions:
+  - type: ban
+    duration: 4h
+on_success: break
@@ -6,7 +6,7 @@ networks:

 services:
  memos:
-    image: neosmemo/memos:0.27
+    image: neosmemo/memos:0.29
    restart: unless-stopped
    container_name: memos
    labels:
@@ -10,7 +10,7 @@ services:
      - "--label-enable"
      - "--cleanup"
      - "--interval"
-      - "600" # 10 minutes
+      - "28800" # 8 hours
    logging:
      driver: "json-file"
      options:
Author	SHA1	Message	Date
aykhans	daa56d72ef	watchtower: set interval to 8 hours	2026-05-28 12:07:53 +00:00
aykhans	fc73b80930	memos: update	2026-05-28 12:07:18 +00:00
aykhans	a3d051c71a	caddy fix	2026-05-20 12:37:14 +04:00
aykhans	ba03407420	crowdsec: add 'CROWDSEC_BOUNCER_KEY_EXPORTER'	2026-05-17 18:41:08 +04:00
aykhans	8092079047	crowdsec: update profiles/profiles.yaml	2026-05-17 14:17:17 +04:00
aykhans	c9b2d723d8	crowdsec: add profiles/profiles.yaml	2026-05-17 13:56:46 +04:00