409721414b
set all defaults in config.yaml and leave environment variables empty. This way when they are set we know that we must override the values in config.yaml. ignore tainted objects when calling install/upgrade/remove use_wal is false by default
55 lines
1.4 KiB
YAML
55 lines
1.4 KiB
YAML
common:
|
|
daemonize: false
|
|
log_media: stdout
|
|
log_level: info
|
|
log_dir: /var/log/
|
|
working_dir: .
|
|
config_paths:
|
|
config_dir: /etc/crowdsec/
|
|
data_dir: /var/lib/crowdsec/data/
|
|
simulation_path: /etc/crowdsec/simulation.yaml
|
|
hub_dir: /etc/crowdsec/hub/
|
|
index_path: /etc/crowdsec/hub/.index.json
|
|
notification_dir: /etc/crowdsec/notifications/
|
|
plugin_dir: /usr/local/lib/crowdsec/plugins/
|
|
crowdsec_service:
|
|
acquisition_path: /etc/crowdsec/acquis.yaml
|
|
parser_routines: 1
|
|
plugin_config:
|
|
user: nobody
|
|
group: nobody
|
|
cscli:
|
|
output: human
|
|
db_config:
|
|
log_level: info
|
|
type: sqlite
|
|
db_path: /var/lib/crowdsec/data/crowdsec.db
|
|
flush:
|
|
max_items: 5000
|
|
max_age: 7d
|
|
use_wal: false
|
|
api:
|
|
client:
|
|
insecure_skip_verify: false
|
|
credentials_path: /etc/crowdsec/local_api_credentials.yaml
|
|
server:
|
|
log_level: info
|
|
listen_uri: 0.0.0.0:8080
|
|
profiles_path: /etc/crowdsec/profiles.yaml
|
|
trusted_ips: # IP ranges, or IPs which can have admin API access
|
|
- 127.0.0.1
|
|
- ::1
|
|
online_client: # Central API credentials (to push signals and receive bad IPs)
|
|
#credentials_path: /etc/crowdsec/online_api_credentials.yaml
|
|
tls:
|
|
cert_file: /etc/ssl/cert.pem
|
|
key_file: /etc/ssl/key.pem
|
|
agents_allowed_ou:
|
|
- agent-ou
|
|
bouncers_allowed_ou:
|
|
- bouncer-ou
|
|
prometheus:
|
|
enabled: true
|
|
level: full
|
|
listen_addr: 0.0.0.0
|
|
listen_port: 6060
|