aykhans/my-self-host-services
1
0
Fork 0
mirror of https://github.com/aykhans/my-self-host-services.git synced 2026-05-29 15:35:59 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: aykhans/my-self-host-services:main
Branches Tags
aykhans/my-self-host-services:main
..
compare: aykhans/my-self-host-services:14e61156185c69821f516f635f1f1c1ae07ac196
Branches Tags
aykhans/my-self-host-services:main

1 Commits
main .. 14e6115618

Author SHA1 Message Date
aykhans 14e6115618 crowdsec: add profiles/profiles.yaml 2026-05-17 13:52:59 +04:00
6 changed files with 7 additions and 11 deletions
Expand all files Collapse all files
caddy/Caddyfile
+2 -4
View File
@@ -53,12 +53,10 @@
{$GITEA_DOMAIN} {
import access-log
request_body {
max_size 2048MB
max_size 512MB
}
@not_registry not path /v2/*
route {
crowdsec
appsec @not_registry
import security
reverse_proxy http://gitea:3000 {
header_up Host {http.request.host}
}
crowdsec/.env.example
-1
View File
@@ -4,7 +4,6 @@
# and in caddy/.env (CADDY) and the host firewall bouncer config (FW).
CROWDSEC_BOUNCER_KEY_CADDY=
CROWDSEC_BOUNCER_KEY_FW=
CROWDSEC_BOUNCER_KEY_EXPORTER=
############# Console enrollment #############
# Enroll key from https://app.crowdsec.net (free).
crowdsec/docker-compose.yaml
+1 -2
View File
@@ -26,7 +26,6 @@ services:
Dominic-Wagner/vaultwarden
BOUNCER_KEY_caddy: "${CROWDSEC_BOUNCER_KEY_CADDY}"
BOUNCER_KEY_firewall: "${CROWDSEC_BOUNCER_KEY_FW}"
BOUNCER_KEY_exporter: "${CROWDSEC_BOUNCER_KEY_EXPORTER}"
ENROLL_KEY: "${CROWDSEC_ENROLL_KEY:-}"
ENROLL_INSTANCE_NAME: "${CROWDSEC_ENROLL_INSTANCE_NAME:-aykhans-prod}"
ports:
@@ -62,7 +61,7 @@ services:
- caddy
environment:
CROWDSEC_LAPI_URL: "http://crowdsec:8080"
CROWDSEC_API_KEY: "${CROWDSEC_BOUNCER_KEY_EXPORTER}"
CROWDSEC_API_KEY: "${CROWDSEC_BOUNCER_KEY_CADDY}"
POLL_INTERVAL_SECS: "30"
LISTEN_PORT: "9100"
GEOIP_CITY_DB: "/geoip/GeoLite2-City.mmdb"
crowdsec/profiles/profiles.yaml
+2 -2
View File
@@ -1,18 +1,18 @@
name: default_ip_remediation
filters:
- Alert.Remediation == true && Alert.GetScope() == "Ip"
duration_expr: Sprintf('%dh', min(730, (GetDecisionsCount(Alert.GetValue())+1)*4))
decisions:
- type: ban
duration: 4h
duration_expr: Sprintf('%dh', min(168, (GetDecisionsCount(Alert.GetValue())+1)*4))
on_success: break
---
name: default_range_remediation
filters:
- Alert.Remediation == true && Alert.GetScope() == "Range"
duration_expr: Sprintf('%dh', min(730, (GetDecisionsCount(Alert.GetValue())+1)*4))
decisions:
- type: ban
duration: 4h
duration_expr: Sprintf('%dh', min(168, (GetDecisionsCount(Alert.GetValue())+1)*4))
on_success: break
memos/docker-compose.yaml
+1 -1
View File
@@ -6,7 +6,7 @@ networks:
services:
memos:
image: neosmemo/memos:0.29
image: neosmemo/memos:0.27
restart: unless-stopped
container_name: memos
labels:
watchtower/docker-compose.yaml
+1 -1
View File
@@ -10,7 +10,7 @@ services:
- "--label-enable"
- "--cleanup"
- "--interval"
- "28800" # 8 hours
- "600" # 10 minutes
logging:
driver: "json-file"
options: