services:
  crowdsec:
    container_name: externalproxy-crowdsec
    image: crowdsecurity/crowdsec:latest
    hostname: externalproxy-crowdsec
    domainname: localdomain.home
    environment:
      COLLECTIONS: "crowdsecurity/appsec-crs crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-generic-rules crowdsecurity/traefik crowdsecurity/whitelist-good-actors crowdsecurity/linux crowdsecurity/base-http-scenarios crowdsecurity/http-cve crowdsecurity/nginx crowdsecurity/wordpress timokoessler/gitlab"
      PARSERS: crowdsecurity/whitelists crowdsecurity/pam-logs crowdsecurity/docker-logs crowdsecurity/geoip-enrich
      SCENARIOS: crowdsecurity/http-cve-probing crowdsecurity/http-generic-bf crowdsecurity/http-dos-invalid-http-versions crowdsecurity/http-admin-interface-probing crowdsecurity/http-wordpress_wpconfig ltsich/http-w00tw00t crowdsecurity/http-probing crowdsecurity/http-bf-wordpress_bf_xmlrpc crowdsecurity/http-backdoors-attempts crowdsecurity/http-bf-wordpress_bf crowdsecurity/http-crawl-non_statics crowdsecurity/http-open-proxy crowdsecurity/http-sensitive-files crowdsecurity/http-sqli-probing crowdsecurity/http-wordpress-scan crowdsecurity/http-wordpress_user-enum crowdsecurity/http-xss-probing crowdsecurity/http-bad-user-agent crowdsecurity/http-cve-2021-41773 crowdsecurity/http-cve-2021-42013 crowdsecurity/http-path-traversal-probing aidalinfo/tcpudp-flood-traefik
      POSTOVERFLOWS: 
      CONTEXTS: 
      APPSEC_CONFIGS: 
      APPSEC_RULES: 
      DISABLE_LOCAL_API: ${LOCALAPIDISABLE}
      AGENT_USERNAME: ${CROWDSEC_AGENT_USERNAME}
      AGENT_PASSWORD: ${CROWDSEC_AGENT_PASSWORD}
      LOCAL_API_URL: ${CROWDSEC_LOCAL_API_URL}
      TZ: America/Chicago
    expose:
      - "8080"
      - "6060"
      - "7422"
    volumes:
      # For captcha and ban mixed decision
      - ./lapi/acquis.d/traefik.yaml:/etc/crowdsec/acquis.d/traefik.yaml:ro
      #- ./lapi/parsers/s02-enrich/allowlist-asn.yaml:/etc/crowdsec/parsers/s02-enrich/allowlist-asn.yaml:ro
      #- ./lapi/parsers/s02-enrich/ip-cidr-allowlist.yaml:/etc/crowdsec/parsers/s02-enrich/ip-cidr-allowlist.yaml:ro
      #- ./lapi/postoverflows/s01-whitelist/asns-allowlist.yaml:/etc/crowdsec/postoverflows/s01-whitelist/asns-allowlist.yaml:ro
      - ./lapi/feature.yaml:/etc/crowdsec/feature.yaml:ro
      - /etc/localtime:/etc/localtime:ro
      - ./traefik-logs:/var/log/traefik:ro
    restart: unless-stopped
    labels:
      - "traefik.enable=false"
    networks:
      dockermacvlan:
        ipv4_address: 192.168.0.36
        aliases:
          - externalproxy-crowdsec.localdomain.home
          - externalproxy-crowdsec
    healthcheck:
      test: ["CMD", "cscli", "version"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 30s

networks:
  dockermacvlan:
    external: true

volumes:
  data:
  config: