crowdsec/docker/config.yaml

common:
  daemonize: false
  log_media: stdout
  log_level: info
  log_dir: /var/log/
config_paths:
  config_dir: /etc/crowdsec/
  data_dir: /var/lib/crowdsec/data/
  simulation_path: /etc/crowdsec/simulation.yaml
  hub_dir: /etc/crowdsec/hub/
  index_path: /etc/crowdsec/hub/.index.json
  notification_dir: /etc/crowdsec/notifications/
  plugin_dir: /usr/local/lib/crowdsec/plugins/
crowdsec_service:
  acquisition_path: /etc/crowdsec/acquis.yaml
  acquisition_dir: /etc/crowdsec/acquis.d
  parser_routines: 1
plugin_config:
  user: nobody
  group: nobody
cscli:
  output: human
db_config:
  log_level: info
  type: sqlite
  db_path: /var/lib/crowdsec/data/crowdsec.db
  flush:
    max_items: 5000
    max_age: 7d
  use_wal: false
api:
  client:
    insecure_skip_verify: false
    credentials_path: /etc/crowdsec/local_api_credentials.yaml
  server:
    log_level: info
    listen_uri: 0.0.0.0:8080
    profiles_path: /etc/crowdsec/profiles.yaml
    trusted_ips: # IP ranges, or IPs which can have admin API access
      - 127.0.0.1
      - ::1
    online_client: # Central API credentials (to push signals and receive bad IPs)
    #credentials_path: /etc/crowdsec/online_api_credentials.yaml
    tls:
      agents_allowed_ou:
        - agent-ou
      bouncers_allowed_ou:
        - bouncer-ou
prometheus:
  enabled: true
  level: full
  listen_addr: 0.0.0.0
  listen_port: 6060
local api (#482) Co-authored-by: AlteredCoder Co-authored-by: erenJag 2020-11-30 09:37:17 +00:00			`common:`
			`daemonize: false`
			`log_media: stdout`
			`log_level: info`
			`log_dir: /var/log/`
			`config_paths:`
			`config_dir: /etc/crowdsec/`
			`data_dir: /var/lib/crowdsec/data/`
			`simulation_path: /etc/crowdsec/simulation.yaml`
			`hub_dir: /etc/crowdsec/hub/`
			`index_path: /etc/crowdsec/hub/.index.json`
add notification plugins in docker image (#951) 2021-09-09 14:05:21 +00:00			`notification_dir: /etc/crowdsec/notifications/`
			`plugin_dir: /usr/local/lib/crowdsec/plugins/`
local api (#482) Co-authored-by: AlteredCoder Co-authored-by: erenJag 2020-11-30 09:37:17 +00:00			`crowdsec_service:`
			`acquisition_path: /etc/crowdsec/acquis.yaml`
Docker readme: update build instructions, recommend acquis.d and config.yaml.local (#2115) 2023-03-10 16:30:08 +00:00			`acquisition_dir: /etc/crowdsec/acquis.d`
local api (#482) Co-authored-by: AlteredCoder Co-authored-by: erenJag 2020-11-30 09:37:17 +00:00			`parser_routines: 1`
add notification plugins in docker image (#951) 2021-09-09 14:05:21 +00:00			`plugin_config:`
Docker config/auth/TLS refactoring from from v1.4.4 (#1967) 2023-01-04 15:43:35 +00:00			`user: nobody`
			`group: nobody`
local api (#482) Co-authored-by: AlteredCoder Co-authored-by: erenJag 2020-11-30 09:37:17 +00:00			`cscli:`
			`output: human`
			`db_config:`
			`log_level: info`
			`type: sqlite`
			`db_path: /var/lib/crowdsec/data/crowdsec.db`
			`flush:`
			`max_items: 5000`
			`max_age: 7d`
docker: fix/improve support for persistent configurations (#1915) set all defaults in config.yaml and leave environment variables empty. This way when they are set we know that we must override the values in config.yaml. ignore tainted objects when calling install/upgrade/remove use_wal is false by default 2022-12-10 21:09:25 +00:00			`use_wal: false`
local api (#482) Co-authored-by: AlteredCoder Co-authored-by: erenJag 2020-11-30 09:37:17 +00:00			`api:`
			`client:`
Fix default configurations (#597) * fix default perms on SQLite file * seed the prng securely * fix defaults to enforce certificates verification * ensure file is within path * ensure the directory doesn't exist beforehand * verify certificate by default * disable http ip forward headers 2021-02-02 13:15:13 +00:00			`insecure_skip_verify: false`
local api (#482) Co-authored-by: AlteredCoder Co-authored-by: erenJag 2020-11-30 09:37:17 +00:00			`credentials_path: /etc/crowdsec/local_api_credentials.yaml`
			`server:`
			`log_level: info`
			`listen_uri: 0.0.0.0:8080`
			`profiles_path: /etc/crowdsec/profiles.yaml`
Add trusted IPs which have admin API access (#1352) * Add trusted IPs which have admin API access 2022-03-16 16:28:34 +00:00			`trusted_ips: # IP ranges, or IPs which can have admin API access`
			`- 127.0.0.1`
			`- ::1`
Minor changes to specific logs (#900) - Minor changes to specific logs - Fix LAPI to not push signals to CAPI when disabled #907 2021-08-25 16:30:05 +00:00			`online_client: # Central API credentials (to push signals and receive bad IPs)`
Docker config/auth/TLS refactoring from from v1.4.4 (#1967) 2023-01-04 15:43:35 +00:00			`#credentials_path: /etc/crowdsec/online_api_credentials.yaml`
docker: fix/improve support for persistent configurations (#1915) set all defaults in config.yaml and leave environment variables empty. This way when they are set we know that we must override the values in config.yaml. ignore tainted objects when calling install/upgrade/remove use_wal is false by default 2022-12-10 21:09:25 +00:00			`tls:`
			`agents_allowed_ou:`
			`- agent-ou`
			`bouncers_allowed_ou:`
			`- bouncer-ou`
local api (#482) Co-authored-by: AlteredCoder Co-authored-by: erenJag 2020-11-30 09:37:17 +00:00			`prometheus:`
			`enabled: true`
			`level: full`
			`listen_addr: 0.0.0.0`
			`listen_port: 6060`