add crowdsec job

This commit is contained in:
vincent 2022-05-26 14:19:32 +02:00
parent f3e7bb9813
commit 8e44459e51
3 changed files with 126 additions and 0 deletions

58
crowdsec-agent.nomad Normal file
View File

@ -0,0 +1,58 @@
job "crowdsec-agent" {
datacenters = ["homelab","hetzner"]
type = "system"
meta {
forcedeploy = "2"
}
vault{
policies= ["access-tables"]
}
group "crowdsec-agent"{
task "crowdsec-agent" {
driver = "docker"
config {
image = "crowdsecurity/crowdsec"
volumes = [
"/var/run/docker.sock:/var/run/docker.sock",
"/var/log:/var/log",
"local/acquis.yaml:/etc/crowdsec/acquis.yaml"
]
}
env {
COLLECTIONS= "crowdsecurity/traefik"
DISABLE_LOCAL_API= "true"
}
template {
data = <<EOH
---
source: docker
container_name_regexp:
- traefik-*
labels:
type: traefik
EOH
destination = "local/acquis.yaml"
}
template {
data = <<EOH
LOCAL_API_URL = {{- range service "crowdsec-api" }} "http://{{ .Address }}:{{ .Port }}"{{- end }}
AGENT_USERNAME = "{{ env "node.unique.name" }}"
{{with secret "secrets/data/crowdsec"}}
AGENT_PASSWORD = "{{.Data.data.AGENT_PASSWORD}}"
{{end}}
EOH
destination ="secret/agent.env"
env = "true"
}
resources {
memory = 100
}
}
}
}

63
crowdsec-api.nomad Normal file
View File

@ -0,0 +1,63 @@
job "crowdsec-api" {
datacenters = ["homelab"]
type = "service"
meta {
forcedeploy = "-1"
}
vault{
policies = ["access-tables"]
}
group "crowdsec-api" {
network {
mode = "host"
port "http" {
to = 8080
}
port "metric"{
to = 6060
}
}
task "crowdsec-api" {
service {
name= "crowdsec-metrics"
port = "metric"
tags = [
]
}
driver = "docker"
service {
name= "crowdsec-api"
port = "http"
tags = [
]
}
config {
image ="crowdsecurity/crowdsec"
ports = ["http","metric"]
volumes = [
"/mnt/diskstation/nomad/crowdsec/db:/var/lib/crowdsec/data",
"/mnt/diskstation/nomad/crowdsec/data:/etc/crowdsec_data",
]
}
template {
data = <<EOH
DISABLE_AGENT = "true"
{{with secret "secrets/data/crowdsec"}}
AGENT_USERNAME = "{{.Data.data.AGENT_USERNAME}}"
AGENT_PASSWORD = "{{.Data.data.AGENT_PASSWORD}}"
{{end}}
EOH
destination ="secret/api.env"
env = "true"
}
resources {
memory = 99
}
}
}
}

View File

@ -66,6 +66,11 @@ scrape_configs:
- server: 'consul.service.consul:8500' - server: 'consul.service.consul:8500'
services: ['alertmanager'] services: ['alertmanager']
- job_name: 'crowdsec'
consul_sd_configs:
- server: 'consul.service.consul:8500'
services: ['crowdsec-metrics']
EOH EOH
} }