ansible-roles/roles/crowdsec/defaults/main.yml

---

# Version to install
crowdsec_version: 1.0.7
# URL of the archive
crowdsec_archive_url: https://github.com/crowdsecurity/crowdsec/releases/download/v{{ crowdsec_version }}/crowdsec-release.tgz
# Expected sha1 of the archive
crowdsec_archive_sha1: 7c9dc58c6648c8fd43b297427d6a53fe940cbf13

crowdsec_db_server: "{{ mysql_server | default('localhost') }}"
crowdsec_db_port: 3306
crowdsec_db_name: crowdsec
crowdsec_db_user: crowdsec
# If not defined, a random one will be generated and store in /etc/crowdsec/meta/ansible_dbpass
# crowdsec_db_pass: S3cr3t.

# You can disable the Local API, if using a remote one for example
crowdsec_lapi_enabled: True
# Set to true if Local API is enabled, and you intend to use it through a trusted reverse proxy
crowdsec_use_forwarded_headers: False
# Port on which the Local API will listen
crowdsec_lapi_port: 8080
# List of IP/CIDR allowed to access crowdsec_lapi_port
crowdsec_lapi_src_ip: []

# Address of the Local API server
# The default config will make it standalone
crowdsec_lapi_url: http://localhost:{{ crowdsec_lapi_port }}/
crowdsec_lapi_user: "{{ inventory_hostname }}"
# On installation, ansible will register this host on the Local API
# And will then validate the registration on the following server.
# So set it to your own Local API server so ansible will delegate the task
crowdsec_lapi_server: "{{ inventory_hostname }}"

# Use the central API, to share your banned IP, and received list of IP to ban
# Requires crowdsec_lapi_enabled to be true too
crowdsec_capi_enabled: False

# Port on which the prometheus metric endpoint will bind to
crowdsec_prometheus_port: 6060
# List of IP/CIDR allowed to access the prometheus port
crowdsec_prometheus_src_ip: []

# Default duration of a ban
crowdsec_ban_duration: 15m