2022-05-26 12:19:32 +00:00
|
|
|
|
|
|
|
job "crowdsec-agent" {
|
2022-10-29 08:40:01 +00:00
|
|
|
datacenters = ["homelab", "hetzner"]
|
|
|
|
type = "system"
|
2022-12-10 16:10:32 +00:00
|
|
|
priority = 50
|
2022-05-26 12:19:32 +00:00
|
|
|
meta {
|
|
|
|
forcedeploy = "2"
|
|
|
|
}
|
2022-10-29 08:40:01 +00:00
|
|
|
vault {
|
2022-10-30 08:33:39 +00:00
|
|
|
policies = ["crowdsec"]
|
2022-05-26 12:19:32 +00:00
|
|
|
|
|
|
|
}
|
|
|
|
|
2022-10-29 08:40:01 +00:00
|
|
|
group "crowdsec-agent" {
|
2022-05-26 16:25:11 +00:00
|
|
|
network {
|
|
|
|
mode = "host"
|
2022-10-29 08:40:01 +00:00
|
|
|
port "metric" {
|
2022-05-26 16:25:11 +00:00
|
|
|
to = 6060
|
|
|
|
}
|
|
|
|
}
|
2022-05-26 12:19:32 +00:00
|
|
|
task "crowdsec-agent" {
|
2022-05-26 16:25:11 +00:00
|
|
|
service {
|
2022-10-29 08:40:01 +00:00
|
|
|
name = "crowdsec-metrics"
|
2022-05-26 16:25:11 +00:00
|
|
|
port = "metric"
|
|
|
|
tags = [
|
|
|
|
]
|
|
|
|
}
|
2022-05-26 12:19:32 +00:00
|
|
|
driver = "docker"
|
|
|
|
config {
|
|
|
|
image = "crowdsecurity/crowdsec"
|
2022-05-26 16:25:11 +00:00
|
|
|
ports = ["metric"]
|
2022-05-26 12:19:32 +00:00
|
|
|
volumes = [
|
|
|
|
"/var/run/docker.sock:/var/run/docker.sock",
|
|
|
|
"/var/log:/var/log",
|
|
|
|
"local/acquis.yaml:/etc/crowdsec/acquis.yaml"
|
|
|
|
]
|
|
|
|
|
|
|
|
}
|
|
|
|
env {
|
2023-10-08 08:25:15 +00:00
|
|
|
COLLECTIONS = "andreasbrett/paperless-ngx Dominic-Wagner/vaultwarden LePresidente/jellyfin crowdsecurity/traefik crowdsecurity/home-assistant LePresidente/gitea crowdsecurity/postfix crowdsecurity/dovecot "
|
|
|
|
DISABLE_LOCAL_API = "true"
|
2022-05-26 12:19:32 +00:00
|
|
|
}
|
|
|
|
template {
|
2022-10-29 08:40:01 +00:00
|
|
|
data = <<EOH
|
2022-05-26 12:19:32 +00:00
|
|
|
---
|
|
|
|
source: docker
|
2023-10-08 08:25:15 +00:00
|
|
|
container_name_regexp:
|
|
|
|
- jellyfin*
|
|
|
|
labels:
|
|
|
|
type: jellyfin
|
|
|
|
---
|
|
|
|
source: docker
|
|
|
|
container_name_regexp:
|
|
|
|
- paperless-ng*
|
|
|
|
labels:
|
|
|
|
type: Paperless-ngx
|
|
|
|
---
|
|
|
|
source: docker
|
|
|
|
container_name_regexp:
|
|
|
|
- vaultwarden*
|
|
|
|
labels:
|
|
|
|
type: Vaultwarden
|
|
|
|
---
|
|
|
|
source: docker
|
|
|
|
container_name_regexp:
|
|
|
|
- docker-mailserver*
|
|
|
|
labels:
|
|
|
|
type: syslog
|
|
|
|
---
|
|
|
|
source: docker
|
2022-05-26 12:19:32 +00:00
|
|
|
container_name_regexp:
|
|
|
|
- traefik-*
|
|
|
|
labels:
|
|
|
|
type: traefik
|
2022-05-26 16:25:11 +00:00
|
|
|
---
|
|
|
|
source: docker
|
|
|
|
container_name_regexp:
|
|
|
|
- hass-*
|
|
|
|
labels:
|
|
|
|
type: homeassistant
|
|
|
|
---
|
|
|
|
source: docker
|
|
|
|
container_name_regexp:
|
|
|
|
- gitea-*
|
|
|
|
labels:
|
2022-08-27 07:34:27 +00:00
|
|
|
type: gitea
|
2022-05-26 16:25:11 +00:00
|
|
|
|
|
|
|
|
2022-05-26 12:19:32 +00:00
|
|
|
EOH
|
|
|
|
destination = "local/acquis.yaml"
|
|
|
|
|
|
|
|
}
|
|
|
|
template {
|
2022-10-29 08:40:01 +00:00
|
|
|
data = <<EOH
|
2022-05-26 12:19:32 +00:00
|
|
|
LOCAL_API_URL = {{- range service "crowdsec-api" }} "http://{{ .Address }}:{{ .Port }}"{{- end }}
|
|
|
|
AGENT_USERNAME = "{{ env "node.unique.name" }}"
|
2022-10-30 08:33:39 +00:00
|
|
|
{{with secret "secrets/data/nomad/crowdsec"}}
|
2022-05-26 12:19:32 +00:00
|
|
|
AGENT_PASSWORD = "{{.Data.data.AGENT_PASSWORD}}"
|
|
|
|
{{end}}
|
|
|
|
EOH
|
2022-10-29 08:40:01 +00:00
|
|
|
destination = "secret/agent.env"
|
|
|
|
env = "true"
|
2022-05-26 12:19:32 +00:00
|
|
|
}
|
|
|
|
resources {
|
|
|
|
memory = 100
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|