aykhans/my-self-host-services
1
0
Fork 0
mirror of https://github.com/aykhans/my-self-host-services.git synced 2026-05-29 15:35:59 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: aykhans/my-self-host-services:14e61156185c69821f516f635f1f1c1ae07ac196
Branches Tags
aykhans/my-self-host-services:main
...
compare: aykhans/my-self-host-services:main
Branches Tags
aykhans/my-self-host-services:main

6 Commits
14e6115618 ... main

Author SHA1 Message Date
aykhans daa56d72ef watchtower: set interval to 8 hours 2026-05-28 12:07:53 +00:00
aykhans fc73b80930 memos: update 2026-05-28 12:07:18 +00:00
aykhans a3d051c71a caddy fix 2026-05-20 12:37:14 +04:00
aykhans ba03407420 crowdsec: add 'CROWDSEC_BOUNCER_KEY_EXPORTER' 2026-05-17 18:41:08 +04:00
aykhans 8092079047 crowdsec: update profiles/profiles.yaml 2026-05-17 14:17:17 +04:00
aykhans c9b2d723d8 crowdsec: add profiles/profiles.yaml 2026-05-17 13:56:46 +04:00
6 changed files with 28 additions and 5 deletions
Expand all files Collapse all files
caddy/Caddyfile
+4 -2
View File
@@ -53,10 +53,12 @@
{$GITEA_DOMAIN} { {$GITEA_DOMAIN} {
import access-log import access-log
request_body { request_body {
max_size 512MB max_size 2048MB
} }
@not_registry not path /v2/*
route { route {
import security crowdsec
appsec @not_registry
reverse_proxy http://gitea:3000 { reverse_proxy http://gitea:3000 {
header_up Host {http.request.host} header_up Host {http.request.host}
} }
crowdsec/.env.example
+1
View File
@@ -4,6 +4,7 @@
# and in caddy/.env (CADDY) and the host firewall bouncer config (FW). # and in caddy/.env (CADDY) and the host firewall bouncer config (FW).
CROWDSEC_BOUNCER_KEY_CADDY= CROWDSEC_BOUNCER_KEY_CADDY=
CROWDSEC_BOUNCER_KEY_FW= CROWDSEC_BOUNCER_KEY_FW=
CROWDSEC_BOUNCER_KEY_EXPORTER=
############# Console enrollment ############# ############# Console enrollment #############
# Enroll key from https://app.crowdsec.net (free). # Enroll key from https://app.crowdsec.net (free).
crowdsec/docker-compose.yaml
+3 -1
View File
@@ -26,6 +26,7 @@ services:
Dominic-Wagner/vaultwarden Dominic-Wagner/vaultwarden
BOUNCER_KEY_caddy: "${CROWDSEC_BOUNCER_KEY_CADDY}" BOUNCER_KEY_caddy: "${CROWDSEC_BOUNCER_KEY_CADDY}"
BOUNCER_KEY_firewall: "${CROWDSEC_BOUNCER_KEY_FW}" BOUNCER_KEY_firewall: "${CROWDSEC_BOUNCER_KEY_FW}"
BOUNCER_KEY_exporter: "${CROWDSEC_BOUNCER_KEY_EXPORTER}"
ENROLL_KEY: "${CROWDSEC_ENROLL_KEY:-}" ENROLL_KEY: "${CROWDSEC_ENROLL_KEY:-}"
ENROLL_INSTANCE_NAME: "${CROWDSEC_ENROLL_INSTANCE_NAME:-aykhans-prod}" ENROLL_INSTANCE_NAME: "${CROWDSEC_ENROLL_INSTANCE_NAME:-aykhans-prod}"
ports: ports:
@@ -36,6 +37,7 @@ services:
- ./data/db:/var/lib/crowdsec/data - ./data/db:/var/lib/crowdsec/data
- ./data/config:/etc/crowdsec - ./data/config:/etc/crowdsec
- ./acquis.d:/etc/crowdsec/acquis.d:ro - ./acquis.d:/etc/crowdsec/acquis.d:ro
- ./profiles/profiles.yaml:/etc/crowdsec/profiles.yaml:ro
- ./parsers/s00-raw/stalwart-logs.yaml:/etc/crowdsec/parsers/s00-raw/stalwart-logs.yaml:ro - ./parsers/s00-raw/stalwart-logs.yaml:/etc/crowdsec/parsers/s00-raw/stalwart-logs.yaml:ro
- ./parsers/s01-parse/stalwart-logs-extended.yaml:/etc/crowdsec/parsers/s01-parse/stalwart-logs-extended.yaml:ro - ./parsers/s01-parse/stalwart-logs-extended.yaml:/etc/crowdsec/parsers/s01-parse/stalwart-logs-extended.yaml:ro
- ./parsers/s02-enrich/whitelist-trusted.yaml:/etc/crowdsec/parsers/s02-enrich/whitelist-trusted.yaml:ro - ./parsers/s02-enrich/whitelist-trusted.yaml:/etc/crowdsec/parsers/s02-enrich/whitelist-trusted.yaml:ro
@@ -60,7 +62,7 @@ services:
- caddy - caddy
environment: environment:
CROWDSEC_LAPI_URL: "http://crowdsec:8080" CROWDSEC_LAPI_URL: "http://crowdsec:8080"
CROWDSEC_API_KEY: "${CROWDSEC_BOUNCER_KEY_CADDY}" CROWDSEC_API_KEY: "${CROWDSEC_BOUNCER_KEY_EXPORTER}"
POLL_INTERVAL_SECS: "30" POLL_INTERVAL_SECS: "30"
LISTEN_PORT: "9100" LISTEN_PORT: "9100"
GEOIP_CITY_DB: "/geoip/GeoLite2-City.mmdb" GEOIP_CITY_DB: "/geoip/GeoLite2-City.mmdb"
crowdsec/profiles/profiles.yaml
+18
View File
@@ -0,0 +1,18 @@
name: default_ip_remediation
filters:
- Alert.Remediation == true && Alert.GetScope() == "Ip"
duration_expr: Sprintf('%dh', min(730, (GetDecisionsCount(Alert.GetValue())+1)*4))
decisions:
- type: ban
duration: 4h
on_success: break
---
name: default_range_remediation
filters:
- Alert.Remediation == true && Alert.GetScope() == "Range"
duration_expr: Sprintf('%dh', min(730, (GetDecisionsCount(Alert.GetValue())+1)*4))
decisions:
- type: ban
duration: 4h
on_success: break
memos/docker-compose.yaml
+1 -1
View File
@@ -6,7 +6,7 @@ networks:
services: services:
memos: memos:
image: neosmemo/memos:0.27 image: neosmemo/memos:0.29
restart: unless-stopped restart: unless-stopped
container_name: memos container_name: memos
labels: labels:
watchtower/docker-compose.yaml
+1 -1
View File
@@ -10,7 +10,7 @@ services:
- "--label-enable" - "--label-enable"
- "--cleanup" - "--cleanup"
- "--interval" - "--interval"
- "600" # 10 minutes - "28800" # 8 hours
logging: logging:
driver: "json-file" driver: "json-file"
options: options: