Update to 2021-02-23 19:00

3 years ago · e8311ecfce
parent 3431050b2f
commit e8311ecfce
14 changed files with 171 additions and 171 deletions
--- a/roles/crowdsec/defaults/main.yml
+++ b/roles/crowdsec/defaults/main.yml
@ -1,71 +1,71 @@
 ---

 # Version to install
-crowdsec_version: 1.0.7
+cs_version: 1.0.7
 # URL of the archive
-crowdsec_archive_url: https://github.com/crowdsecurity/crowdsec/releases/download/v{{ crowdsec_version }}/crowdsec-release.tgz
+cs_archive_url: https://github.com/crowdsecurity/crowdsec/releases/download/v{{ cs_version }}/crowdsec-release.tgz
 # Expected sha1 of the archive
-crowdsec_archive_sha1: 7c9dc58c6648c8fd43b297427d6a53fe940cbf13
+cs_archive_sha1: 7c9dc58c6648c8fd43b297427d6a53fe940cbf13

 # Can be sqlite or mysql
-crowdsec_db_engine: sqlite
+cs_db_engine: sqlite
 # This is for mysql backend
-crowdsec_db_server: "{{ mysql_server | default('localhost') }}"
-crowdsec_db_port: 3306
-crowdsec_db_name: crowdsec
-crowdsec_db_user: crowdsec
+cs_db_server: "{{ mysql_server | default('localhost') }}"
+cs_db_port: 3306
+cs_db_name: crowdsec
+cs_db_user: crowdsec
 # If not defined, a random one will be generated and store in /etc/crowdsec/meta/ansible_dbpass
-# crowdsec_db_pass: S3cr3t.
+# cs_db_pass: S3cr3t.

 # You can disable the Local API, if using a remote one for example
-crowdsec_lapi_enabled: True
+cs_lapi_enabled: True
 # Set to true if Local API is enabled, and you intend to use it through a trusted reverse proxy
-crowdsec_use_forwarded_headers: False
+cs_use_forwarded_headers: False
 # Port on which the Local API will listen
-crowdsec_lapi_port: 8080
-# List of IP/CIDR allowed to access crowdsec_lapi_port
-crowdsec_lapi_src_ip: []
+cs_lapi_port: 8080
+# List of IP/CIDR allowed to access cs_lapi_port
+cs_lapi_src_ip: []

 # Address of the Local API server
 # The default config will make it standalone
-crowdsec_lapi_url: http://localhost:{{ crowdsec_lapi_port }}/
-crowdsec_lapi_user: "{{ inventory_hostname }}"
+cs_lapi_url: http://localhost:{{ cs_lapi_port }}/
+cs_lapi_user: "{{ inventory_hostname }}"
 # On installation, ansible will register this host on the Local API
 # And will then validate the registration on the following server.
 # So set it to your own Local API server so ansible will delegate the task
-crowdsec_lapi_server: "{{ inventory_hostname }}"
+cs_lapi_server: "{{ inventory_hostname }}"

 # Use the central API, to share your banned IP, and received list of IP to ban
-# Requires crowdsec_lapi_enabled to be true too
-crowdsec_capi_enabled: False
+# Requires cs_lapi_enabled to be true too
+cs_capi_enabled: False
 # You can either register manuelly and the the user/pass with those variable
 # Else, ansible will register and configure the credentials
-# crowdsec_capi_user: 123456789
-# crowdsec_capi_pass: azertyuiop
+# cs_capi_user: 123456789
+# cs_capi_pass: azertyuiop

 # Port on which the prometheus metric endpoint will bind to
-crowdsec_prometheus_port: 6060
+cs_prometheus_port: 6060
 # List of IP/CIDR allowed to access the prometheus port
-crowdsec_prometheus_src_ip: []
+cs_prometheus_src_ip: []

 # Default duration of a ban
-crowdsec_ban_duration: 15m
+cs_ban_duration: 15m

 # List of parsers to install from the hub
-crowdsec_parsers:
-  - crowdsecurity/syslog-logs
-  - crowdsecurity/geoip-enrich
-  - crowdsecurity/dateparse-enrich
-  - crowdsecurity/whitelists
+cs_parsers: []
+#  - crowdsecurity/syslog-logs
+#  - crowdsecurity/geoip-enrich
+#  - crowdsecurity/dateparse-enrich
+#  - crowdsecurity/whitelists
 #  - crowdsecurity/sshd-logs
 #  - crowdsecurity/iptables-logs
 # List of scenarios to install from the hub
-crowdsec_scenarios:
-  - crowdsecurity/ban-defcon-drop_range
+cs_scenarios: []
+#  - crowdsecurity/ban-defcon-drop_range
 #  - crowdsecurity/ssh-bf
 # List of postoverflows to install from the hub
-crowdsec_postoverflows:
-  - crowdsecurity/cdn-whitelist
-  - crowdsecurity/rdns
-  - crowdsecurity/seo-bots-whitelist
+cs_postoverflows: []
+#  - crowdsecurity/cdn-whitelist
+#  - crowdsecurity/rdns
+#  - crowdsecurity/seo-bots-whitelist

--- a/roles/crowdsec/meta/main.yml
+++ b/roles/crowdsec/meta/main.yml
@ -2,4 +2,4 @@

 dependencies:
  - role: mysql_server
-    when: crowdsec_db_server in ['localhost','127.0.0.1']
+    when: cs_db_server in ['localhost','127.0.0.1']
--- a/roles/crowdsec/tasks/cleanup.yml
+++ b/roles/crowdsec/tasks/cleanup.yml
@ -4,5 +4,5 @@
  file: path={{ item }} state=absent
  loop:
    - /tmp/crowdsec-release.tgz
-    - /tmp/crowdsec-v{{ crowdsec_version }}
-  tags: crowdsec
+    - /tmp/crowdsec-v{{ cs_version }}
+  tags: cs
--- a/roles/crowdsec/tasks/conf.yml
+++ b/roles/crowdsec/tasks/conf.yml
@ -9,45 +9,45 @@
    - profiles.yaml
    - parsers/s02-enrich/trusted_ip.yaml
  notify: reload crowdsec
-  tags: crowdsec
+  tags: cs

 # Create the database
 - import_tasks: ../includes/webapps_create_mysql_db.yml
  vars:
-    - db_name: "{{ crowdsec_db_name }}"
-    - db_user: "{{ crowdsec_db_user }}"
-    - db_server: "{{ crowdsec_db_server }}"
-    - db_pass: "{{ crowdsec_db_pass }}"
+    - db_name: "{{ cs_db_name }}"
+    - db_user: "{{ cs_db_user }}"
+    - db_server: "{{ cs_db_server }}"
+    - db_pass: "{{ cs_db_pass }}"
  when:
-    - crowdsec_db_engine == 'mysql'
-    - crowdsec_lapi_enabled
-  tags: crowdsec
+    - cs_db_engine == 'mysql'
+    - cs_lapi_enabled
+  tags: cs

- when: crowdsec_lapi_pass is not defined
+- when: cs_lapi_pass is not defined
  block:
    - name: Declare on the local API
-      command: cscli machines add {{ crowdsec_lapi_user }} --auto --force --file /dev/stdout --output raw
-      register: crowdsec_lapi_credentials
-      delegate_to: "{{ crowdsec_lapi_server }}"
-    - set_fact: crowdsec_lapi_credentials_yaml={{ crowdsec_lapi_credentials.stdout | from_yaml }}
-    - copy: content={{ crowdsec_lapi_credentials_yaml.password }} dest=/etc/crowdsec/meta/lapi_pass mode=600
-    - set_fact: crowdsec_lapi_pass={{ crowdsec_lapi_credentials_yaml.password }}
-  tags: crowdsec
+      command: cscli machines add {{ cs_lapi_user }} --auto --force --file /dev/stdout --output raw
+      register: cs_lapi_credentials
+      delegate_to: "{{ cs_lapi_server }}"
+    - set_fact: cs_lapi_credentials_yaml={{ cs_lapi_credentials.stdout | from_yaml }}
+    - copy: content={{ cs_lapi_credentials_yaml.password }} dest=/etc/crowdsec/meta/lapi_pass mode=600
+    - set_fact: cs_lapi_pass={{ cs_lapi_credentials_yaml.password }}
+  tags: cs

 - when:
-    - crowdsec_lapi_enabled
-    - crowdsec_capi_enabled
-    - crowdsec_capi_user is not defined or crowdsec_capi_pass is not defined
+    - cs_lapi_enabled
+    - cs_capi_enabled
+    - cs_capi_user is not defined or cs_capi_pass is not defined
  block:
    - name: Register on the central API
      command: cscli capi register -o raw -f /dev/stdout
-      register: crowdsec_capi_credentials
-    - set_fact: crowdsec_capi_credentials_yaml={{ crowdsec_capi_credentials.stdout | from_yaml }}
-    - copy: content={{ crowdsec_capi_credentials_yaml.login }} dest=/etc/crowdsec/meta/capi_user mode=600
-    - copy: content={{ crowdsec_capi_credentials_yaml.password }} dest=/etc/crowdsec/meta/capi_pass mode=600
-    - set_fact: crowdsec_capi_user={{ crowdsec_capi_credentials_yaml.login }}
-    - set_fact: crowdsec_capi_pass={{ crowdsec_capi_credentials_yaml.password }}
-  tags: crowdsec
+      register: cs_capi_credentials
+    - set_fact: cs_capi_credentials_yaml={{ cs_capi_credentials.stdout | from_yaml }}
+    - copy: content={{ cs_capi_credentials_yaml.login }} dest=/etc/crowdsec/meta/capi_user mode=600
+    - copy: content={{ cs_capi_credentials_yaml.password }} dest=/etc/crowdsec/meta/capi_pass mode=600
+    - set_fact: cs_capi_user={{ cs_capi_credentials_yaml.login }}
+    - set_fact: cs_capi_pass={{ cs_capi_credentials_yaml.password }}
+  tags: cs

 - name: Deploy credentials config
  template: src={{ item }}_api_credentials.yaml.j2 dest=/etc/crowdsec/{{ item }}_api_credentials.yaml mode=600
@ -55,64 +55,64 @@
    - online
    - local
  notify: restart crowdsec
-  tags: crowdsec
+  tags: cs

 - name: List installed parsers
  shell: cscli parsers list -o json
-  register: crowdsec_installed_parsers
+  register: cs_installed_parsers
  changed_when: False
-  tags: crowdsec
+  tags: cs

 - name: Install parsers
  command: cscli parsers install {{ item }}
-  when: item not in crowdsec_installed_parsers.stdout | from_json | map(attribute='name') | list
-  loop: "{{ crowdsec_parsers }}"
+  when: item not in cs_installed_parsers.stdout | from_json | map(attribute='name') | list
+  loop: "{{ cs_parsers }}"
  notify: reload crowdsec
-  tags: crowdsec
+  tags: cs

 - name: Upgrade parsers
  command: csscli parsers upgrade {{ item }}
-  loop: "{{ crowdsec_parsers }}"
-  when: crowdsec_install_mode == 'upgrade'
+  loop: "{{ cs_parsers }}"
+  when: cs_install_mode == 'upgrade'
  notify: reload crowdsec
-  tags: crowdsec
+  tags: cs

 - name: List installed scenarios
  command: cscli scenarios list -o json
-  register: crowdsec_installed_scenarios
+  register: cs_installed_scenarios
  changed_when: False
-  tags: crowdsec
+  tags: cs

 - name: Install scenarios
  command: cscli scenarios install {{ item }}
-  when: item not in crowdsec_installed_scenarios.stdout | from_json | map(attribute='name') | list
-  loop: "{{ crowdsec_scenarios }}"
+  when: item not in cs_installed_scenarios.stdout | from_json | map(attribute='name') | list
+  loop: "{{ cs_scenarios }}"
  notify: reload crowdsec
-  tags: crowdsec
+  tags: cs

 - name: Upgrade scenarios
  command: csscli scenarios upgrade {{ item }}
-  loop: "{{ crowdsec_scenarios }}"
-  when: crowdsec_install_mode == 'upgrade'
+  loop: "{{ cs_scenarios }}"
+  when: cs_install_mode == 'upgrade'
  notify: reload crowdsec
-  tags: crowdsec
+  tags: cs

 - name: List installed postoverflows
  command: cscli postoverflows list -o json
-  register: crowdsec_installed_postoverflows
+  register: cs_installed_postoverflows
  changed_when: False
-  tags: crowdsec
+  tags: cs

 - name: Install postoverflows
  command: cscli postoverflows install {{ item }}
-  when: item not in crowdsec_installed_postoverflows.stdout | from_json | map(attribute='name') | list
-  loop: "{{ crowdsec_postoverflows }}"
+  when: item not in cs_installed_postoverflows.stdout | from_json | map(attribute='name') | list
+  loop: "{{ cs_postoverflows }}"
  notify: reload crowdsec
-  tags: crowdsec
+  tags: cs

 - name: Upgrade postoverflows
  command: csscli postoverflows upgrade {{ item }}
-  loop: "{{ crowdsec_postoverflows }}"
-  when: crowdsec_install_mode == 'upgrade'
+  loop: "{{ cs_postoverflows }}"
+  when: cs_install_mode == 'upgrade'
  notify: reload crowdsec
-  tags: crowdsec
+  tags: cs
--- a/roles/crowdsec/tasks/directories.yml
+++ b/roles/crowdsec/tasks/directories.yml
@ -14,4 +14,4 @@
    - dir: /etc/crowdsec/scenarios
    - dir: /etc/crowdsec/postoverflows/s00-enrich
    - dir: /etc/crowdsec/postoverflows/s01-whitelist
-  tags: crowdsec
+  tags: cs
--- a/roles/crowdsec/tasks/facts.yml
+++ b/roles/crowdsec/tasks/facts.yml
@ -2,34 +2,34 @@

 - name: Set initial facts
  block:
-    - set_fact: crowdsec_install_mode='none'
-    - set_fact: crowdsec_current_version=''
-  tags: crowdsec
+    - set_fact: cs_install_mode='none'
+    - set_fact: cs_current_version=''
+  tags: cs

 - name: Check if crowdsec is installed
  stat: path=/usr/local/bin/crowdsec
-  register: crowdsec_bin
-  tags: crowdsec
+  register: cs_bin
+  tags: cs

 - name: Check installed version
  shell: |
    crowdsec -version 2>&1 | perl -ne 'm/version: v(\d+(\.\d+)*)/ && print $1'
-  register: crowdsec_current_version
+  register: cs_current_version
  changed_when: False
-  when: crowdsec_bin.stat.exists
-  tags: crowdsec
+  when: cs_bin.stat.exists
+  tags: cs

 - name: Set install mode
-  set_fact: crowdsec_install_mode='install'
-  when: not crowdsec_bin.stat.exists
-  tags: crowdsec
+  set_fact: cs_install_mode='install'
+  when: not cs_bin.stat.exists
+  tags: cs

 - name: Set upgrade mode
-  set_fact: crowdsec_install_mode='upgrade'
+  set_fact: cs_install_mode='upgrade'
  when:
-    - crowdsec_bin.stat.exists
-    - crowdsec_current_version.stdout != crowdsec_version
-  tags: crowdsec
+    - cs_bin.stat.exists
+    - cs_current_version.stdout != cs_version
+  tags: cs

 # Create a random db password if needed
 - block:
@ -37,48 +37,48 @@
      vars:
        - pass_file: "/etc/crowdsec/meta/ansible_db_pass"
        - complex: False
-    - set_fact: crowdsec_db_pass={{ rand_pass }}
+    - set_fact: cs_db_pass={{ rand_pass }}
  when:
-    - crowdsec_db_pass is not defined
-    - crowdsec_lapi_enabled
-  tags: crowdsec
+    - cs_db_pass is not defined
+    - cs_lapi_enabled
+  tags: cs

 # Check if local API credentials are available in the meta dir
 - name: Check local API credential files
  stat: path=/etc/crowdsec/meta/lapi_pass
-  register: crowdsec_lapi_pass_file
-  tags: crowdsec
+  register: cs_lapi_pass_file
+  tags: cs

 - name: Read the local API pass
  block:
    - slurp: src=/etc/crowdsec/meta/lapi_pass
-      register: crowdsec_lapi_pass_meta
-    - set_fact: crowdsec_lapi_pass={{ crowdsec_lapi_pass_meta.content | b64decode | trim }}
-  when: crowdsec_lapi_pass is not defined and crowdsec_lapi_pass_file.stat.exists
-  tags: crowdsec
+      register: cs_lapi_pass_meta
+    - set_fact: cs_lapi_pass={{ cs_lapi_pass_meta.content | b64decode | trim }}
+  when: cs_lapi_pass is not defined and cs_lapi_pass_file.stat.exists
+  tags: cs

 # Check if central API credentials are available in the meta dir
 - name: Check central API credential files
  block: 
    - stat: path=/etc/crowdsec/meta/capi_user
-      register: crowdsec_capi_user_file
+      register: cs_capi_user_file
    - stat: path=/etc/crowdsec/meta/capi_pass
-      register: crowdsec_capi_pass_file
-  tags: crowdsec
+      register: cs_capi_pass_file
+  tags: cs

 - name: Read the central API user
  block:
    - slurp: src=/etc/crowdsec/meta/capi_user
-      register: crowdsec_capi_user_meta
-    - set_fact: crowdsec_capi_user={{ crowdsec_capi_user_meta.content | b64decode | trim }}
-  when: crowdsec_capi_user is not defined and crowdsec_capi_user_file.stat.exists
-  tags: crowdsec
+      register: cs_capi_user_meta
+    - set_fact: cs_capi_user={{ cs_capi_user_meta.content | b64decode | trim }}
+  when: cs_capi_user is not defined and cs_capi_user_file.stat.exists
+  tags: cs

 - name: Read the central API pass
  block:
    - slurp: src=/etc/crowdsec/meta/capi_pass
-      register: crowdsec_capi_pass_meta
-    - set_fact: crowdsec_capi_pass={{ crowdsec_capi_pass_meta.content | b64decode | trim }}
-  when: crowdsec_capi_pass is not defined and crowdsec_capi_pass_file.stat.exists
-  tags: crowdsec
+      register: cs_capi_pass_meta
+    - set_fact: cs_capi_pass={{ cs_capi_pass_meta.content | b64decode | trim }}
+  when: cs_capi_pass is not defined and cs_capi_pass_file.stat.exists
+  tags: cs

--- a/roles/crowdsec/tasks/install.yml
+++ b/roles/crowdsec/tasks/install.yml
@ -1,12 +1,12 @@
 ---

- when: crowdsec_install_mode != 'none'
+- when: cs_install_mode != 'none'
  block:
    - name: Download crowdsec
      get_url:
-        url: "{{ crowdsec_archive_url }}"
+        url: "{{ cs_archive_url }}"
        dest: /tmp/
-        checksum: sha1:{{ crowdsec_archive_sha1 }}
+        checksum: sha1:{{ cs_archive_sha1 }}

    - name: Extract crowdsec
      unarchive:
@ -15,19 +15,19 @@
        remote_src: True

    - name: Install or upgrade crowdsec
-      command: ./wizard.sh --bin{{ crowdsec_install_mode }}
+      command: ./wizard.sh --bin{{ cs_install_mode }}
      args:
-        chdir: /tmp/crowdsec-v{{ crowdsec_version }}/
+        chdir: /tmp/crowdsec-v{{ cs_version }}/
      notify: restart crowdsec

    - name: Update crowdsec hub
      command: cscli hub update

-  tags: crowdsec
+  tags: cs

 - name: Create the systemd unit snippet dir
  file: path=/etc/systemd/system/crowdsec.service.d state=directory
-  tags: crowdsec
+  tags: cs

 - name: Make the service restart on failure
  copy:
@ -39,16 +39,16 @@
    dest: /etc/systemd/system/crowdsec.service.d/restart.conf
  register: crodwsec_unit
  notify: restart crowdsec
-  tags: crowdsec
+  tags: cs

 - name: Reload systemd
  systemd: daemon_reload=True
  when: crodwsec_unit.changed
-  tags: crowdsec
+  tags: cs

 - name: Install pre and post backup hooks
  template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/crowdsec mode=700
  loop:
    - pre
    - post
-  tags: crowdsec
+  tags: cs
--- a/roles/crowdsec/tasks/iptables.yml
+++ b/roles/crowdsec/tasks/iptables.yml
@ -6,10 +6,10 @@
    state: "{{ (item.src_ip | length > 0) | ternary('present','absent') }}"
    rules: "-A INPUT -m state --state NEW -p tcp --dport {{ item.port }} -s {{ item.src_ip | join(',') }} -j ACCEPT"
  loop:
-    - name: crowdsec_lapi_port
-      port: "{{ crowdsec_lapi_port }}"
-      src_ip: "{{ crowdsec_lapi_src_ip }}"
-    - name: crowdsec_prometheus_port
-      port: "{{ crowdsec_prometheus_port }}"
-      src_ip: "{{ crowdsec_prometheus_src_ip }}"
-  tags: firewall,crowdsec
+    - name: cs_lapi_port
+      port: "{{ cs_lapi_port }}"
+      src_ip: "{{ cs_lapi_src_ip }}"
+    - name: cs_prometheus_port
+      port: "{{ cs_prometheus_port }}"
+      src_ip: "{{ cs_prometheus_src_ip }}"
+  tags: firewall,cs
--- a/roles/crowdsec/tasks/services.yml
+++ b/roles/crowdsec/tasks/services.yml
@ -2,4 +2,4 @@

 - name: Start and enable the service
  service: name=crowdsec state=started enabled=True
-  tags: crowdsec
+  tags: cs
--- a/roles/crowdsec/templates/config.yaml.j2
+++ b/roles/crowdsec/templates/config.yaml.j2
@ -22,13 +22,13 @@ cscli:

 db_config:
  log_level: info
-{% if crowdsec_db_engine == 'mysql' %}
+{% if cs_db_engine == 'mysql' %}
  type: mysql
-  user: {{ crowdsec_db_user }}
-  password: {{ crowdsec_db_pass | quote }}
-  db_name: {{ crowdsec_db_name }}
-  host: {{ crowdsec_db_server }}
-  port: {{ crowdsec_db_port }}
+  user: {{ cs_db_user }}
+  password: {{ cs_db_pass | quote }}
+  db_name: {{ cs_db_name }}
+  host: {{ cs_db_server }}
+  port: {{ cs_db_port }}
 {% else %}
  db_path: /var/lib/crowdsec/data/crowdsec.db
 {% endif %}
@ -41,12 +41,12 @@ api:
    insecure_skip_verify: false
    credentials_path: /etc/crowdsec/local_api_credentials.yaml

-{% if crowdsec_lapi_enabled %}
+{% if cs_lapi_enabled %}
  server:
    log_level: info
-    listen_uri: 0.0.0.0:{{ crowdsec_lapi_port }}
+    listen_uri: 0.0.0.0:{{ cs_lapi_port }}
    profiles_path: /etc/crowdsec/profiles.yaml
-{% if crowdsec_capi_enabled %}
+{% if cs_capi_enabled %}
    online_client: 
      credentials_path: /etc/crowdsec/online_api_credentials.yaml
 {% endif %}
@ -55,6 +55,6 @@ api:
 prometheus:
  enabled: true
  level: full
-  listen_addr: {{ (crowdsec_prometheus_src_ip | length > 0) | ternary(ansible_all_ipv4_addresses[0],'127.0.0.1') }}
-  listen_port: {{ crowdsec_prometheus_port }}
+  listen_addr: {{ (cs_prometheus_src_ip | length > 0) | ternary(ansible_all_ipv4_addresses[0],'127.0.0.1') }}
+  listen_port: {{ cs_prometheus_port }}

--- a/roles/crowdsec/templates/local_api_credentials.yaml.j2
+++ b/roles/crowdsec/templates/local_api_credentials.yaml.j2
@ -1,3 +1,3 @@
-url: {{ crowdsec_lapi_enabled | ternary('http://127.0.0.1:' ~ crowdsec_lapi_port,(crowdsec_lapi_url is search('/$')) | ternary(crowdsec_lapi_url, crowdsec_lapi_url ~ '/')) }}
-login: {{ crowdsec_lapi_user }}
-password: {{ crowdsec_lapi_pass }}
+url: {{ cs_lapi_enabled | ternary('http://127.0.0.1:' ~ cs_lapi_port,(cs_lapi_url is search('/$')) | ternary(cs_lapi_url, cs_lapi_url ~ '/')) }}
+login: {{ cs_lapi_user }}
+password: {{ cs_lapi_pass }}
--- a/roles/crowdsec/templates/online_api_credentials.yaml.j2
+++ b/roles/crowdsec/templates/online_api_credentials.yaml.j2
@ -1,7 +1,7 @@
 url: https://api.crowdsec.net/
-{% if crowdsec_capi_user is defined %}
-login: {{ crowdsec_capi_user }}
+{% if cs_capi_user is defined %}
+login: {{ cs_capi_user }}
 {% endif %}
-{% if crowdsec_capi_pass is defined %}
-password: {{ crowdsec_capi_pass }}
+{% if cs_capi_pass is defined %}
+password: {{ cs_capi_pass }}
 {% endif %}
--- a/roles/crowdsec/templates/pre-backup.j2
+++ b/roles/crowdsec/templates/pre-backup.j2
@ -1,17 +1,17 @@
 #!/bin/bash -e

 mkdir -p /home/lbkp/crowdsec/
-{% if crowdsec_lapi_enabled %}
-{% if crowdsec_db_engine == 'mysql' %}
+{% if cs_lapi_enabled %}
+{% if cs_db_engine == 'mysql' %}
 /usr/bin/mysqldump \
-{% if crowdsec_db_server not in ['localhost','127.0.0.1'] %}
-  --user={{ crowdsec_db_user | quote }} \
-  --password={{ crowdsec_db_pass | quote }} \
-  --host={{ crowdsec_db_server | quote }} \
-  --port={{ crowdsec_db_port | quote }} \
+{% if cs_db_server not in ['localhost','127.0.0.1'] %}
+  --user={{ cs_db_user | quote }} \
+  --password={{ cs_db_pass | quote }} \
+  --host={{ cs_db_server | quote }} \
+  --port={{ cs_db_port | quote }} \
 {% endif %}
  --quick --single-transaction \
-  --add-drop-table {{ crowdsec_db_name | quote }} | zstd -c > /home/lbkp/crowdsec/{{ crowdsec_db_name }}.sql.zst
+  --add-drop-table {{ cs_db_name | quote }} | zstd -c > /home/lbkp/crowdsec/{{ cs_db_name }}.sql.zst
 {% else %}
 sqlite3 /var/lib/crowdsec/data/crowdsec.db .dump | zstd -c > /home/lbkp/crowdsec/crowdsec.sql.zst
 {% endif %}
--- a/roles/crowdsec/templates/profiles.yaml.j2
+++ b/roles/crowdsec/templates/profiles.yaml.j2
@ -3,5 +3,5 @@ filters:
 - Alert.Remediation == true && Alert.GetScope() == "Ip"
 decisions:
 - type: ban
-   duration: {{ crowdsec_ban_duration }}
+   duration: {{ cs_ban_duration }}
 on_success: break