add crowdsec job
This commit is contained in:
parent
f3e7bb9813
commit
8e44459e51
58
crowdsec-agent.nomad
Normal file
58
crowdsec-agent.nomad
Normal file
@ -0,0 +1,58 @@
|
||||
|
||||
job "crowdsec-agent" {
|
||||
datacenters = ["homelab","hetzner"]
|
||||
type = "system"
|
||||
meta {
|
||||
forcedeploy = "2"
|
||||
}
|
||||
vault{
|
||||
policies= ["access-tables"]
|
||||
|
||||
}
|
||||
|
||||
group "crowdsec-agent"{
|
||||
task "crowdsec-agent" {
|
||||
driver = "docker"
|
||||
config {
|
||||
image = "crowdsecurity/crowdsec"
|
||||
volumes = [
|
||||
"/var/run/docker.sock:/var/run/docker.sock",
|
||||
"/var/log:/var/log",
|
||||
"local/acquis.yaml:/etc/crowdsec/acquis.yaml"
|
||||
]
|
||||
|
||||
}
|
||||
env {
|
||||
COLLECTIONS= "crowdsecurity/traefik"
|
||||
DISABLE_LOCAL_API= "true"
|
||||
}
|
||||
template {
|
||||
data = <<EOH
|
||||
---
|
||||
source: docker
|
||||
container_name_regexp:
|
||||
- traefik-*
|
||||
labels:
|
||||
type: traefik
|
||||
EOH
|
||||
destination = "local/acquis.yaml"
|
||||
|
||||
}
|
||||
template {
|
||||
data = <<EOH
|
||||
LOCAL_API_URL = {{- range service "crowdsec-api" }} "http://{{ .Address }}:{{ .Port }}"{{- end }}
|
||||
AGENT_USERNAME = "{{ env "node.unique.name" }}"
|
||||
{{with secret "secrets/data/crowdsec"}}
|
||||
AGENT_PASSWORD = "{{.Data.data.AGENT_PASSWORD}}"
|
||||
{{end}}
|
||||
EOH
|
||||
destination ="secret/agent.env"
|
||||
env = "true"
|
||||
}
|
||||
resources {
|
||||
memory = 100
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
}
|
63
crowdsec-api.nomad
Normal file
63
crowdsec-api.nomad
Normal file
@ -0,0 +1,63 @@
|
||||
job "crowdsec-api" {
|
||||
datacenters = ["homelab"]
|
||||
type = "service"
|
||||
meta {
|
||||
forcedeploy = "-1"
|
||||
}
|
||||
vault{
|
||||
policies = ["access-tables"]
|
||||
}
|
||||
group "crowdsec-api" {
|
||||
network {
|
||||
mode = "host"
|
||||
port "http" {
|
||||
to = 8080
|
||||
}
|
||||
port "metric"{
|
||||
to = 6060
|
||||
}
|
||||
}
|
||||
task "crowdsec-api" {
|
||||
service {
|
||||
name= "crowdsec-metrics"
|
||||
port = "metric"
|
||||
tags = [
|
||||
]
|
||||
}
|
||||
driver = "docker"
|
||||
service {
|
||||
name= "crowdsec-api"
|
||||
port = "http"
|
||||
tags = [
|
||||
|
||||
]
|
||||
}
|
||||
config {
|
||||
image ="crowdsecurity/crowdsec"
|
||||
ports = ["http","metric"]
|
||||
volumes = [
|
||||
"/mnt/diskstation/nomad/crowdsec/db:/var/lib/crowdsec/data",
|
||||
"/mnt/diskstation/nomad/crowdsec/data:/etc/crowdsec_data",
|
||||
]
|
||||
|
||||
}
|
||||
template {
|
||||
data = <<EOH
|
||||
DISABLE_AGENT = "true"
|
||||
{{with secret "secrets/data/crowdsec"}}
|
||||
AGENT_USERNAME = "{{.Data.data.AGENT_USERNAME}}"
|
||||
AGENT_PASSWORD = "{{.Data.data.AGENT_PASSWORD}}"
|
||||
{{end}}
|
||||
EOH
|
||||
destination ="secret/api.env"
|
||||
env = "true"
|
||||
}
|
||||
resources {
|
||||
memory = 99
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
}
|
||||
}
|
@ -66,6 +66,11 @@ scrape_configs:
|
||||
- server: 'consul.service.consul:8500'
|
||||
services: ['alertmanager']
|
||||
|
||||
- job_name: 'crowdsec'
|
||||
consul_sd_configs:
|
||||
- server: 'consul.service.consul:8500'
|
||||
services: ['crowdsec-metrics']
|
||||
|
||||
|
||||
EOH
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user