services:
  crowdsec:
    image: crowdsecurity/crowdsec:latest
    container_name: crowdsec
    volumes:
      - data:/var/lib/crowdsec/data
      - config:/etc/crowdsec/
      - /var/log:/var/log:ro
      - ./lapi/online_api_credentials.yaml:/etc/crowdsec/online_api_credentials.yaml:ro
      - ./lapi/config.yaml.local:/etc/crowdsec/config.yaml.local:ro
      - ./lapi/feature.yaml:/etc/crowdsec/feature.yaml:ro
      #- ./lapi/contexts/firewall_extended.yaml:/etc/crowdsec/contexts/firewall_extended.yaml:ro
      #- ./lapi/contexts/suricata_extended.yaml:/etc/crowdsec/contexts/suricata_extended.yaml:ro
      #- ./lapi/contexts/traefik_extended.yaml:/etc/crowdsec/contexts/traefik_extended.yaml:ro
      #- ./lapi/parsers/s02-enrich/allowlist-asn.yaml:/etc/crowdsec/parsers/s02-enrich/allowlist-asn.yaml:ro
      #- ./lapi/parsers/s02-enrich/ip-cidr-allowlist.yaml:/etc/crowdsec/parsers/s02-enrich/ip-cidr-allowlist.yaml:ro
      #- ./lapi/postoverflows/s01-whitelist/asns-allowlist.yaml:/etc/crowdsec/postoverflows/s01-whitelist/asns-allowlist.yaml:ro
      #- ./lapi/postoverflows/s01-whitelist/myfqdns-allowlist.yaml:/etc/crowdsec/postoverflows/s01-whitelist/myfqdns-allowlist.yaml:ro
      #- ./lapi/acquis.d/appsec.yaml:/etc/crowdsec/acquis.d/appsec.yaml:ro
    expose:
      - "8080"
      - "6060"
      - "7422" # AppSec
    environment:
      DISABLE_ONLINE_API: "false" # Set to "true" in testing environments
      DISABLE_AGENT: "false"  # Disable the agent, run a LAPI-only container
      TZ: "America/Chicago"
      CUSTOM_HOSTNAME: "crowdsec"
      BOUNCER_KEY_traefik_bouncer: ${BOUNCER_KEY_traefik_bouncer}
      ENROLL_KEY: ${LAPI_ENROLL_KEY}
      ENROLL_INSTANCE_NAME: ${LAPI_ENROLL_INSTANCE_NAME}
      LOCAL_API_URL: ${CROWDSEC_LOCAL_API_URL}
      AGENT_USERNAME: ${AGENT_USERNAME}
      AGENT_PASSWORD: ${AGENT_PASSWORD}
      COLLECTIONS: crowdsecurity/appsec-crs crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-generic-rules crowdsecurity/whitelist-good-actors crowdsecurity/linux crowdsecurity/freebsd crowdsecurity/opnsense crowdsecurity/opnsense-gui firewallservices/pf crowdsecurity/suricata crowdsecurity/base-http-scenarios crowdsecurity/http-cve crowdsecurity/nginx crowdsecurity/wordpress timokoessler/gitlab crowdsecurity/postfix crowdsecurity/dovecot crowdsecurity/sshd crowdsecurity/endlessh crowdsecurity/traefik
      PARSERS: crowdsecurity/whitelists crowdsecurity/pam-logs crowdsecurity/docker-logs crowdsecurity/geoip-enrich
      SCENARIOS: crowdsecurity/http-cve-probing crowdsecurity/http-generic-bf crowdsecurity/http-dos-invalid-http-versions crowdsecurity/http-admin-interface-probing crowdsecurity/http-wordpress_wpconfig ltsich/http-w00tw00t crowdsecurity/http-probing crowdsecurity/http-bf-wordpress_bf_xmlrpc crowdsecurity/http-backdoors-attempts crowdsecurity/http-bf-wordpress_bf crowdsecurity/http-crawl-non_statics crowdsecurity/http-open-proxy crowdsecurity/http-sensitive-files crowdsecurity/http-sqli-probing crowdsecurity/http-wordpress-scan crowdsecurity/http-wordpress_user-enum crowdsecurity/http-xss-probing crowdsecurity/http-bad-user-agent crowdsecurity/http-cve-2021-41773 crowdsecurity/http-cve-2021-42013 crowdsecurity/http-path-traversal-probing aidalinfo/tcpudp-flood-traefik
      POSTOVERFLOWS: 
      CONTEXTS: 
    restart: unless-stopped
    hostname: crowdsec
    domainname: localdomain.home
    extra_hosts:
      - "crowdsec:127.0.0.1"
      - "crowdsec.localdomain.home crowdsec:192.168.0.5"
    networks:
      dockermacvlan:
        ipv4_address: 192.168.0.5
        aliases:
         - crowdsec.localdomain.home

networks:
  dockermacvlan:
    external: true

volumes:
  data:
  config: