Update to 2021-02-17 12:00

master
Daniel Berteaud 4 years ago
parent 84f5a51e27
commit 2260e74270
  1. 2
      roles/crowdsec/defaults/main.yml
  2. 4
      roles/crowdsec/templates/config.yaml.j2
  3. 6
      roles/crowdsec_bouncer_firewall/tasks/install.yml
  4. 1
      roles/squid/files/acl/service_various.domains
  5. 4
      roles/squid/files/acl/software_various.domains

@ -36,8 +36,6 @@ crowdsec_lapi_server: "{{ inventory_hostname }}"
# Requires crowdsec_lapi_enabled to be true too
crowdsec_capi_enabled: False
# Prometheus metrics
crowdsec_prometheus_enabled: False
# Port on which the prometheus metric endpoint will bind to
crowdsec_prometheus_port: 6060
# List of IP/CIDR allowed to access the prometheus port

@ -48,11 +48,9 @@ api:
{% endif %}
{% endif %}
{% if crowdsec_prometheus_enabled %}
prometheus:
enabled: true
level: full
listen_addr: 0.0.0.0
listen_addr: {{ (crowdsec_prometheus_src_ip | length > 0) | ternary(ansible_all_ipv4_addresses[0],'127.0.0.1') }}
listen_port: {{ crowdsec_prometheus_port }}
{% endif %}

@ -31,10 +31,12 @@
copy:
content: |
[Unit]
{% if ansible_os_family == 'RedHat' or ansible_os_family == 'Debian' %}
# Ensure cs-firewall-bouncer starts before iptables
# so ipset are available
Before=iptables.service
# But it should start after crowdsec to be able to register on the API
Before={{ (ansible_os_family == 'Debian') | ternary('netfilter-persistent','iptables') }}.service
{% endif %}
# It should start after crowdsec to be able to register on the API
After=crowdsec.service
[Service]

@ -3,3 +3,4 @@
apps.identrust.com
dns.api.gandi.net
monip.org

@ -343,3 +343,7 @@ downloads.sentry-cdn.com
# iTop cmd extension store
store.itophub.io
# Crowdsec
crowdsec-statics-assets.s3-eu-west-1.amazonaws.com
api.crowdsec.com

Loading…
Cancel
Save