Add crowdsec to blueprints (#321)

* add docker-compose for crowdsec * add template.toml * edit meta.json * add crowdsec logo * process-meta * Update blueprints/crowdsec/docker-compose.yml --------- Co-authored-by: Mauricio Siu <47042324+Siumauricio@users.noreply.github.com>
2026-06-15 20:25:24 +02:00 · 2025-09-02 07:13:59 +02:00
parent dee68380f6
commit 126f6757c6
4 changed files with 56 additions and 0 deletions
--- a/blueprints/crowdsec/crowdsec_logo.png
+++ b/blueprints/crowdsec/crowdsec_logo.png
--- a/blueprints/crowdsec/docker-compose.yml
+++ b/blueprints/crowdsec/docker-compose.yml
@@ -0,0 +1,31 @@
+# --------------------------------------------------------------------------------
+# note: this is the minimal crowdsec container
+# this compose file prepared to work with two key remediation engines
+# install and configure them via links below:
+# traefik bouncer plugin | https://plugins.traefik.io/plugins/6335346ca4caa9ddeffda116/crowdsec-bouncer-traefik-plugin
+# firewall bouncer (iptables) | https://docs.crowdsec.net/u/bouncers/firewall/
+# --------------------------------------------------------------------------------
+services:
+  crowdsec:
+    image: crowdsecurity/crowdsec:latest
+    environment:
+      GID: "${GID-1000}"
+      COLLECTIONS: "crowdsecurity/linux crowdsecurity/traefik crowdsecurity/http-cve"
+    volumes:
+      - ../files/acquis.yaml:/etc/crowdsec/acquis.yaml # https://docs.crowdsec.net/u/getting_started/post_installation/acquisition_new/
+      - crowdsec-db:/var/lib/crowdsec/data/
+      - crowdsec-config:/etc/crowdsec/
+      - /etc/dokploy/traefik/dynamic/access.log:/var/log/traefik/access.log:ro # make sure access log is enabled in dokploy
+      - ${AUTH_LOG_PATH}:/var/log/ssh/auth.log:ro
+      # - /var/log/fail2ban.log:/var/log/fail2ban/fail2ban.log:ro # uncomment if you have fail2ban installed on the system
+    security_opt:
+      - no-new-privileges:true
+    # uncomment these two lines if you intent to use firewall bouncer installed natively on the host
+    # ports: 
+    #  - "127.0.0.1:8080:8080" # local binding only, necessary for firewall-iptables-bouncer to connect to container's lapi
+    labels:
+      - traefik.enable=false
+    restart: unless-stopped
+volumes:
+  crowdsec-db:
+  crowdsec-config:
--- a/blueprints/crowdsec/template.toml
+++ b/blueprints/crowdsec/template.toml
@@ -0,0 +1,9 @@
+[variables]
+auth_log_path = "/var/log/auth.log"
+
+[config]
+mounts = []
+domains = []
+
+[config.env]
+AUTH_LOG_PATH = "${auth_log_path}"
--- a/meta.json
+++ b/meta.json
@@ -1332,6 +1332,22 @@
      "storage"
    ]
  },
+  {
+    "id": "crowdsec",
+    "name": "Crowdsec",
+    "version": "latest",
+    "description": "CrowdSec provides open source solution for detecting and blocking malicious IPs, safeguarding both infrastructure and application security.",
+    "logo": "crowdsec_logo.png",
+    "links": {
+      "github": "https://github.com/crowdsecurity/crowdsec",
+      "website": "https://crowdsec.net/",
+      "docs": "https://docs.crowdsec.net"
+    },
+    "tags": [
+      "security",
+      "firewall"
+    ]
+  },
  {
    "id": "cyberchef",
    "name": "CyberChef",