Update to 2021-02-23 19:00

roles/crowdsec/defaults/main.yml

@@ -1,71 +1,71 @@
 ---
 
 # Version to install
-crowdsec_version: 1.0.7
+cs_version: 1.0.7
 # URL of the archive
-crowdsec_archive_url: https://github.com/crowdsecurity/crowdsec/releases/download/v{{ crowdsec_version }}/crowdsec-release.tgz
+cs_archive_url: https://github.com/crowdsecurity/crowdsec/releases/download/v{{ cs_version }}/crowdsec-release.tgz
 # Expected sha1 of the archive
-crowdsec_archive_sha1: 7c9dc58c6648c8fd43b297427d6a53fe940cbf13
+cs_archive_sha1: 7c9dc58c6648c8fd43b297427d6a53fe940cbf13
 
 # Can be sqlite or mysql
-crowdsec_db_engine: sqlite
+cs_db_engine: sqlite
 # This is for mysql backend
-crowdsec_db_server: "{{ mysql_server | default('localhost') }}"
-crowdsec_db_port: 3306
-crowdsec_db_name: crowdsec
-crowdsec_db_user: crowdsec
+cs_db_server: "{{ mysql_server | default('localhost') }}"
+cs_db_port: 3306
+cs_db_name: crowdsec
+cs_db_user: crowdsec
 # If not defined, a random one will be generated and store in /etc/crowdsec/meta/ansible_dbpass
-# crowdsec_db_pass: S3cr3t.
+# cs_db_pass: S3cr3t.
 
 # You can disable the Local API, if using a remote one for example
-crowdsec_lapi_enabled: True
+cs_lapi_enabled: True
 # Set to true if Local API is enabled, and you intend to use it through a trusted reverse proxy
-crowdsec_use_forwarded_headers: False
+cs_use_forwarded_headers: False
 # Port on which the Local API will listen
-crowdsec_lapi_port: 8080
-# List of IP/CIDR allowed to access crowdsec_lapi_port
-crowdsec_lapi_src_ip: []
+cs_lapi_port: 8080
+# List of IP/CIDR allowed to access cs_lapi_port
+cs_lapi_src_ip: []
 
 # Address of the Local API server
 # The default config will make it standalone
-crowdsec_lapi_url: http://localhost:{{ crowdsec_lapi_port }}/
-crowdsec_lapi_user: "{{ inventory_hostname }}"
+cs_lapi_url: http://localhost:{{ cs_lapi_port }}/
+cs_lapi_user: "{{ inventory_hostname }}"
 # On installation, ansible will register this host on the Local API
 # And will then validate the registration on the following server.
 # So set it to your own Local API server so ansible will delegate the task
-crowdsec_lapi_server: "{{ inventory_hostname }}"
+cs_lapi_server: "{{ inventory_hostname }}"
 
 # Use the central API, to share your banned IP, and received list of IP to ban
-# Requires crowdsec_lapi_enabled to be true too
-crowdsec_capi_enabled: False
+# Requires cs_lapi_enabled to be true too
+cs_capi_enabled: False
 # You can either register manuelly and the the user/pass with those variable
 # Else, ansible will register and configure the credentials
-# crowdsec_capi_user: 123456789
-# crowdsec_capi_pass: azertyuiop
+# cs_capi_user: 123456789
+# cs_capi_pass: azertyuiop
 
 # Port on which the prometheus metric endpoint will bind to
-crowdsec_prometheus_port: 6060
+cs_prometheus_port: 6060
 # List of IP/CIDR allowed to access the prometheus port
-crowdsec_prometheus_src_ip: []
+cs_prometheus_src_ip: []
 
 # Default duration of a ban
-crowdsec_ban_duration: 15m
+cs_ban_duration: 15m
 
 # List of parsers to install from the hub
-crowdsec_parsers:
-  - crowdsecurity/syslog-logs
-  - crowdsecurity/geoip-enrich
-  - crowdsecurity/dateparse-enrich
-  - crowdsecurity/whitelists
+cs_parsers: []
+#  - crowdsecurity/syslog-logs
+#  - crowdsecurity/geoip-enrich
+#  - crowdsecurity/dateparse-enrich
+#  - crowdsecurity/whitelists
 #  - crowdsecurity/sshd-logs
 #  - crowdsecurity/iptables-logs
 # List of scenarios to install from the hub
-crowdsec_scenarios:
-  - crowdsecurity/ban-defcon-drop_range
+cs_scenarios: []
+#  - crowdsecurity/ban-defcon-drop_range
 #  - crowdsecurity/ssh-bf
 # List of postoverflows to install from the hub
-crowdsec_postoverflows:
-  - crowdsecurity/cdn-whitelist
-  - crowdsecurity/rdns
-  - crowdsecurity/seo-bots-whitelist
+cs_postoverflows: []
+#  - crowdsecurity/cdn-whitelist
+#  - crowdsecurity/rdns
+#  - crowdsecurity/seo-bots-whitelist
 

roles/crowdsec/meta/main.yml

@@ -2,4 +2,4 @@
 
 dependencies:
   - role: mysql_server
-    when: crowdsec_db_server in ['localhost','127.0.0.1']
+    when: cs_db_server in ['localhost','127.0.0.1']

roles/crowdsec/tasks/cleanup.yml

@@ -4,5 +4,5 @@
   file: path={{ item }} state=absent
   loop:
     - /tmp/crowdsec-release.tgz
-    - /tmp/crowdsec-v{{ crowdsec_version }}
-  tags: crowdsec
+    - /tmp/crowdsec-v{{ cs_version }}
+  tags: cs

roles/crowdsec/tasks/conf.yml

@@ -9,45 +9,45 @@
     - profiles.yaml
     - parsers/s02-enrich/trusted_ip.yaml
   notify: reload crowdsec
-  tags: crowdsec
+  tags: cs
 
 # Create the database
 - import_tasks: ../includes/webapps_create_mysql_db.yml
   vars:
-    - db_name: "{{ crowdsec_db_name }}"
-    - db_user: "{{ crowdsec_db_user }}"
-    - db_server: "{{ crowdsec_db_server }}"
-    - db_pass: "{{ crowdsec_db_pass }}"
+    - db_name: "{{ cs_db_name }}"
+    - db_user: "{{ cs_db_user }}"
+    - db_server: "{{ cs_db_server }}"
+    - db_pass: "{{ cs_db_pass }}"
   when:
-    - crowdsec_db_engine == 'mysql'
-    - crowdsec_lapi_enabled
-  tags: crowdsec
+    - cs_db_engine == 'mysql'
+    - cs_lapi_enabled
+  tags: cs
 
-- when: crowdsec_lapi_pass is not defined
+- when: cs_lapi_pass is not defined
   block:
     - name: Declare on the local API
-      command: cscli machines add {{ crowdsec_lapi_user }} --auto --force --file /dev/stdout --output raw
-      register: crowdsec_lapi_credentials
-      delegate_to: "{{ crowdsec_lapi_server }}"
-    - set_fact: crowdsec_lapi_credentials_yaml={{ crowdsec_lapi_credentials.stdout | from_yaml }}
-    - copy: content={{ crowdsec_lapi_credentials_yaml.password }} dest=/etc/crowdsec/meta/lapi_pass mode=600
-    - set_fact: crowdsec_lapi_pass={{ crowdsec_lapi_credentials_yaml.password }}
-  tags: crowdsec
+      command: cscli machines add {{ cs_lapi_user }} --auto --force --file /dev/stdout --output raw
+      register: cs_lapi_credentials
+      delegate_to: "{{ cs_lapi_server }}"
+    - set_fact: cs_lapi_credentials_yaml={{ cs_lapi_credentials.stdout | from_yaml }}
+    - copy: content={{ cs_lapi_credentials_yaml.password }} dest=/etc/crowdsec/meta/lapi_pass mode=600
+    - set_fact: cs_lapi_pass={{ cs_lapi_credentials_yaml.password }}
+  tags: cs
 
 - when:
-    - crowdsec_lapi_enabled
-    - crowdsec_capi_enabled
-    - crowdsec_capi_user is not defined or crowdsec_capi_pass is not defined
+    - cs_lapi_enabled
+    - cs_capi_enabled
+    - cs_capi_user is not defined or cs_capi_pass is not defined
   block:
     - name: Register on the central API
       command: cscli capi register -o raw -f /dev/stdout
-      register: crowdsec_capi_credentials
-    - set_fact: crowdsec_capi_credentials_yaml={{ crowdsec_capi_credentials.stdout | from_yaml }}
-    - copy: content={{ crowdsec_capi_credentials_yaml.login }} dest=/etc/crowdsec/meta/capi_user mode=600
-    - copy: content={{ crowdsec_capi_credentials_yaml.password }} dest=/etc/crowdsec/meta/capi_pass mode=600
-    - set_fact: crowdsec_capi_user={{ crowdsec_capi_credentials_yaml.login }}
-    - set_fact: crowdsec_capi_pass={{ crowdsec_capi_credentials_yaml.password }}
-  tags: crowdsec
+      register: cs_capi_credentials
+    - set_fact: cs_capi_credentials_yaml={{ cs_capi_credentials.stdout | from_yaml }}
+    - copy: content={{ cs_capi_credentials_yaml.login }} dest=/etc/crowdsec/meta/capi_user mode=600
+    - copy: content={{ cs_capi_credentials_yaml.password }} dest=/etc/crowdsec/meta/capi_pass mode=600
+    - set_fact: cs_capi_user={{ cs_capi_credentials_yaml.login }}
+    - set_fact: cs_capi_pass={{ cs_capi_credentials_yaml.password }}
+  tags: cs
 
 - name: Deploy credentials config
   template: src={{ item }}_api_credentials.yaml.j2 dest=/etc/crowdsec/{{ item }}_api_credentials.yaml mode=600
@@ -55,64 +55,64 @@
     - online
     - local
   notify: restart crowdsec
-  tags: crowdsec
+  tags: cs
 
 - name: List installed parsers
   shell: cscli parsers list -o json
-  register: crowdsec_installed_parsers
+  register: cs_installed_parsers
   changed_when: False
-  tags: crowdsec
+  tags: cs
 
 - name: Install parsers
   command: cscli parsers install {{ item }}
-  when: item not in crowdsec_installed_parsers.stdout | from_json | map(attribute='name') | list
-  loop: "{{ crowdsec_parsers }}"
+  when: item not in cs_installed_parsers.stdout | from_json | map(attribute='name') | list
+  loop: "{{ cs_parsers }}"
   notify: reload crowdsec
-  tags: crowdsec
+  tags: cs
 
 - name: Upgrade parsers
   command: csscli parsers upgrade {{ item }}
-  loop: "{{ crowdsec_parsers }}"
-  when: crowdsec_install_mode == 'upgrade'
+  loop: "{{ cs_parsers }}"
+  when: cs_install_mode == 'upgrade'
   notify: reload crowdsec
-  tags: crowdsec
+  tags: cs
 
 - name: List installed scenarios
   command: cscli scenarios list -o json
-  register: crowdsec_installed_scenarios
+  register: cs_installed_scenarios
   changed_when: False
-  tags: crowdsec
+  tags: cs
 
 - name: Install scenarios
   command: cscli scenarios install {{ item }}
-  when: item not in crowdsec_installed_scenarios.stdout | from_json | map(attribute='name') | list
-  loop: "{{ crowdsec_scenarios }}"
+  when: item not in cs_installed_scenarios.stdout | from_json | map(attribute='name') | list
+  loop: "{{ cs_scenarios }}"
   notify: reload crowdsec
-  tags: crowdsec
+  tags: cs
 
 - name: Upgrade scenarios
   command: csscli scenarios upgrade {{ item }}
-  loop: "{{ crowdsec_scenarios }}"
-  when: crowdsec_install_mode == 'upgrade'
+  loop: "{{ cs_scenarios }}"
+  when: cs_install_mode == 'upgrade'
   notify: reload crowdsec
-  tags: crowdsec
+  tags: cs
 
 - name: List installed postoverflows
   command: cscli postoverflows list -o json
-  register: crowdsec_installed_postoverflows
+  register: cs_installed_postoverflows
   changed_when: False
-  tags: crowdsec
+  tags: cs
 
 - name: Install postoverflows
   command: cscli postoverflows install {{ item }}
-  when: item not in crowdsec_installed_postoverflows.stdout | from_json | map(attribute='name') | list
-  loop: "{{ crowdsec_postoverflows }}"
+  when: item not in cs_installed_postoverflows.stdout | from_json | map(attribute='name') | list
+  loop: "{{ cs_postoverflows }}"
   notify: reload crowdsec
-  tags: crowdsec
+  tags: cs
 
 - name: Upgrade postoverflows
   command: csscli postoverflows upgrade {{ item }}
-  loop: "{{ crowdsec_postoverflows }}"
-  when: crowdsec_install_mode == 'upgrade'
+  loop: "{{ cs_postoverflows }}"
+  when: cs_install_mode == 'upgrade'
   notify: reload crowdsec
-  tags: crowdsec
+  tags: cs

roles/crowdsec/tasks/directories.yml

@@ -14,4 +14,4 @@
     - dir: /etc/crowdsec/scenarios
     - dir: /etc/crowdsec/postoverflows/s00-enrich
     - dir: /etc/crowdsec/postoverflows/s01-whitelist
-  tags: crowdsec
+  tags: cs

roles/crowdsec/tasks/facts.yml

@@ -2,34 +2,34 @@
 
 - name: Set initial facts
   block:
-    - set_fact: crowdsec_install_mode='none'
-    - set_fact: crowdsec_current_version=''
-  tags: crowdsec
+    - set_fact: cs_install_mode='none'
+    - set_fact: cs_current_version=''
+  tags: cs
 
 - name: Check if crowdsec is installed
   stat: path=/usr/local/bin/crowdsec
-  register: crowdsec_bin
-  tags: crowdsec
+  register: cs_bin
+  tags: cs
 
 - name: Check installed version
   shell: |
     crowdsec -version 2>&1 | perl -ne 'm/version: v(\d+(\.\d+)*)/ && print $1'
-  register: crowdsec_current_version
+  register: cs_current_version
   changed_when: False
-  when: crowdsec_bin.stat.exists
-  tags: crowdsec
+  when: cs_bin.stat.exists
+  tags: cs
 
 - name: Set install mode
-  set_fact: crowdsec_install_mode='install'
-  when: not crowdsec_bin.stat.exists
-  tags: crowdsec
+  set_fact: cs_install_mode='install'
+  when: not cs_bin.stat.exists
+  tags: cs
 
 - name: Set upgrade mode
-  set_fact: crowdsec_install_mode='upgrade'
+  set_fact: cs_install_mode='upgrade'
   when:
-    - crowdsec_bin.stat.exists
-    - crowdsec_current_version.stdout != crowdsec_version
-  tags: crowdsec
+    - cs_bin.stat.exists
+    - cs_current_version.stdout != cs_version
+  tags: cs
 
 # Create a random db password if needed
 - block:
@@ -37,48 +37,48 @@
       vars:
         - pass_file: "/etc/crowdsec/meta/ansible_db_pass"
         - complex: False
-    - set_fact: crowdsec_db_pass={{ rand_pass }}
+    - set_fact: cs_db_pass={{ rand_pass }}
   when:
-    - crowdsec_db_pass is not defined
-    - crowdsec_lapi_enabled
-  tags: crowdsec
+    - cs_db_pass is not defined
+    - cs_lapi_enabled
+  tags: cs
 
 # Check if local API credentials are available in the meta dir
 - name: Check local API credential files
   stat: path=/etc/crowdsec/meta/lapi_pass
-  register: crowdsec_lapi_pass_file
-  tags: crowdsec
+  register: cs_lapi_pass_file
+  tags: cs
 
 - name: Read the local API pass
   block:
     - slurp: src=/etc/crowdsec/meta/lapi_pass
-      register: crowdsec_lapi_pass_meta
-    - set_fact: crowdsec_lapi_pass={{ crowdsec_lapi_pass_meta.content | b64decode | trim }}
-  when: crowdsec_lapi_pass is not defined and crowdsec_lapi_pass_file.stat.exists
-  tags: crowdsec
+      register: cs_lapi_pass_meta
+    - set_fact: cs_lapi_pass={{ cs_lapi_pass_meta.content | b64decode | trim }}
+  when: cs_lapi_pass is not defined and cs_lapi_pass_file.stat.exists
+  tags: cs
 
 # Check if central API credentials are available in the meta dir
 - name: Check central API credential files
   block: 
     - stat: path=/etc/crowdsec/meta/capi_user
-      register: crowdsec_capi_user_file
+      register: cs_capi_user_file
     - stat: path=/etc/crowdsec/meta/capi_pass
-      register: crowdsec_capi_pass_file
-  tags: crowdsec
+      register: cs_capi_pass_file
+  tags: cs
 
 - name: Read the central API user
   block:
     - slurp: src=/etc/crowdsec/meta/capi_user
-      register: crowdsec_capi_user_meta
-    - set_fact: crowdsec_capi_user={{ crowdsec_capi_user_meta.content | b64decode | trim }}
-  when: crowdsec_capi_user is not defined and crowdsec_capi_user_file.stat.exists
-  tags: crowdsec
+      register: cs_capi_user_meta
+    - set_fact: cs_capi_user={{ cs_capi_user_meta.content | b64decode | trim }}
+  when: cs_capi_user is not defined and cs_capi_user_file.stat.exists
+  tags: cs
 
 - name: Read the central API pass
   block:
     - slurp: src=/etc/crowdsec/meta/capi_pass
-      register: crowdsec_capi_pass_meta
-    - set_fact: crowdsec_capi_pass={{ crowdsec_capi_pass_meta.content | b64decode | trim }}
-  when: crowdsec_capi_pass is not defined and crowdsec_capi_pass_file.stat.exists
-  tags: crowdsec
+      register: cs_capi_pass_meta
+    - set_fact: cs_capi_pass={{ cs_capi_pass_meta.content | b64decode | trim }}
+  when: cs_capi_pass is not defined and cs_capi_pass_file.stat.exists
+  tags: cs
 

roles/crowdsec/tasks/install.yml

@@ -1,12 +1,12 @@
 ---
 
-- when: crowdsec_install_mode != 'none'
+- when: cs_install_mode != 'none'
   block:
     - name: Download crowdsec
       get_url:
-        url: "{{ crowdsec_archive_url }}"
+        url: "{{ cs_archive_url }}"
         dest: /tmp/
-        checksum: sha1:{{ crowdsec_archive_sha1 }}
+        checksum: sha1:{{ cs_archive_sha1 }}
 
     - name: Extract crowdsec
       unarchive:
@@ -15,19 +15,19 @@
         remote_src: True
 
     - name: Install or upgrade crowdsec
-      command: ./wizard.sh --bin{{ crowdsec_install_mode }}
+      command: ./wizard.sh --bin{{ cs_install_mode }}
       args:
-        chdir: /tmp/crowdsec-v{{ crowdsec_version }}/
+        chdir: /tmp/crowdsec-v{{ cs_version }}/
       notify: restart crowdsec
 
     - name: Update crowdsec hub
       command: cscli hub update
 
-  tags: crowdsec
+  tags: cs
 
 - name: Create the systemd unit snippet dir
   file: path=/etc/systemd/system/crowdsec.service.d state=directory
-  tags: crowdsec
+  tags: cs
 
 - name: Make the service restart on failure
   copy:
@@ -39,16 +39,16 @@
     dest: /etc/systemd/system/crowdsec.service.d/restart.conf
   register: crodwsec_unit
   notify: restart crowdsec
-  tags: crowdsec
+  tags: cs
 
 - name: Reload systemd
   systemd: daemon_reload=True
   when: crodwsec_unit.changed
-  tags: crowdsec
+  tags: cs
 
 - name: Install pre and post backup hooks
   template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/crowdsec mode=700
   loop:
     - pre
     - post
-  tags: crowdsec
+  tags: cs

roles/crowdsec/tasks/iptables.yml

@@ -6,10 +6,10 @@
     state: "{{ (item.src_ip | length > 0) | ternary('present','absent') }}"
     rules: "-A INPUT -m state --state NEW -p tcp --dport {{ item.port }} -s {{ item.src_ip | join(',') }} -j ACCEPT"
   loop:
-    - name: crowdsec_lapi_port
-      port: "{{ crowdsec_lapi_port }}"
-      src_ip: "{{ crowdsec_lapi_src_ip }}"
-    - name: crowdsec_prometheus_port
-      port: "{{ crowdsec_prometheus_port }}"
-      src_ip: "{{ crowdsec_prometheus_src_ip }}"
-  tags: firewall,crowdsec
+    - name: cs_lapi_port
+      port: "{{ cs_lapi_port }}"
+      src_ip: "{{ cs_lapi_src_ip }}"
+    - name: cs_prometheus_port
+      port: "{{ cs_prometheus_port }}"
+      src_ip: "{{ cs_prometheus_src_ip }}"
+  tags: firewall,cs

roles/crowdsec/tasks/services.yml

@@ -2,4 +2,4 @@
 
 - name: Start and enable the service
   service: name=crowdsec state=started enabled=True
-  tags: crowdsec
+  tags: cs

roles/crowdsec/templates/config.yaml.j2

@@ -22,13 +22,13 @@ cscli:
 
 db_config:
   log_level: info
-{% if crowdsec_db_engine == 'mysql' %}
+{% if cs_db_engine == 'mysql' %}
   type: mysql
-  user: {{ crowdsec_db_user }}
-  password: {{ crowdsec_db_pass | quote }}
-  db_name: {{ crowdsec_db_name }}
-  host: {{ crowdsec_db_server }}
-  port: {{ crowdsec_db_port }}
+  user: {{ cs_db_user }}
+  password: {{ cs_db_pass | quote }}
+  db_name: {{ cs_db_name }}
+  host: {{ cs_db_server }}
+  port: {{ cs_db_port }}
 {% else %}
   db_path: /var/lib/crowdsec/data/crowdsec.db
 {% endif %}
@@ -41,12 +41,12 @@ api:
     insecure_skip_verify: false
     credentials_path: /etc/crowdsec/local_api_credentials.yaml
 
-{% if crowdsec_lapi_enabled %}
+{% if cs_lapi_enabled %}
   server:
     log_level: info
-    listen_uri: 0.0.0.0:{{ crowdsec_lapi_port }}
+    listen_uri: 0.0.0.0:{{ cs_lapi_port }}
     profiles_path: /etc/crowdsec/profiles.yaml
-{% if crowdsec_capi_enabled %}
+{% if cs_capi_enabled %}
     online_client: 
       credentials_path: /etc/crowdsec/online_api_credentials.yaml
 {% endif %}
@@ -55,6 +55,6 @@ api:
 prometheus:
   enabled: true
   level: full
-  listen_addr: {{ (crowdsec_prometheus_src_ip | length > 0) | ternary(ansible_all_ipv4_addresses[0],'127.0.0.1') }}
-  listen_port: {{ crowdsec_prometheus_port }}
+  listen_addr: {{ (cs_prometheus_src_ip | length > 0) | ternary(ansible_all_ipv4_addresses[0],'127.0.0.1') }}
+  listen_port: {{ cs_prometheus_port }}
 

roles/crowdsec/templates/local_api_credentials.yaml.j2

@@ -1,3 +1,3 @@
-url: {{ crowdsec_lapi_enabled | ternary('http://127.0.0.1:' ~ crowdsec_lapi_port,(crowdsec_lapi_url is search('/$')) | ternary(crowdsec_lapi_url, crowdsec_lapi_url ~ '/')) }}
-login: {{ crowdsec_lapi_user }}
-password: {{ crowdsec_lapi_pass }}
+url: {{ cs_lapi_enabled | ternary('http://127.0.0.1:' ~ cs_lapi_port,(cs_lapi_url is search('/$')) | ternary(cs_lapi_url, cs_lapi_url ~ '/')) }}
+login: {{ cs_lapi_user }}
+password: {{ cs_lapi_pass }}

roles/crowdsec/templates/online_api_credentials.yaml.j2

@@ -1,7 +1,7 @@
 url: https://api.crowdsec.net/
-{% if crowdsec_capi_user is defined %}
-login: {{ crowdsec_capi_user }}
+{% if cs_capi_user is defined %}
+login: {{ cs_capi_user }}
 {% endif %}
-{% if crowdsec_capi_pass is defined %}
-password: {{ crowdsec_capi_pass }}
+{% if cs_capi_pass is defined %}
+password: {{ cs_capi_pass }}
 {% endif %}

roles/crowdsec/templates/pre-backup.j2

@@ -1,17 +1,17 @@
 #!/bin/bash -e
 
 mkdir -p /home/lbkp/crowdsec/
-{% if crowdsec_lapi_enabled %}
-{% if crowdsec_db_engine == 'mysql' %}
+{% if cs_lapi_enabled %}
+{% if cs_db_engine == 'mysql' %}
 /usr/bin/mysqldump \
-{% if crowdsec_db_server not in ['localhost','127.0.0.1'] %}
-  --user={{ crowdsec_db_user | quote }} \
-  --password={{ crowdsec_db_pass | quote }} \
-  --host={{ crowdsec_db_server | quote }} \
-  --port={{ crowdsec_db_port | quote }} \
+{% if cs_db_server not in ['localhost','127.0.0.1'] %}
+  --user={{ cs_db_user | quote }} \
+  --password={{ cs_db_pass | quote }} \
+  --host={{ cs_db_server | quote }} \
+  --port={{ cs_db_port | quote }} \
 {% endif %}
   --quick --single-transaction \
-  --add-drop-table {{ crowdsec_db_name | quote }} | zstd -c > /home/lbkp/crowdsec/{{ crowdsec_db_name }}.sql.zst
+  --add-drop-table {{ cs_db_name | quote }} | zstd -c > /home/lbkp/crowdsec/{{ cs_db_name }}.sql.zst
 {% else %}
 sqlite3 /var/lib/crowdsec/data/crowdsec.db .dump | zstd -c > /home/lbkp/crowdsec/crowdsec.sql.zst
 {% endif %}

roles/crowdsec/templates/profiles.yaml.j2

@@ -3,5 +3,5 @@ filters:
  - Alert.Remediation == true && Alert.GetScope() == "Ip"
 decisions:
  - type: ban
-   duration: {{ crowdsec_ban_duration }}
+   duration: {{ cs_ban_duration }}
 on_success: break