ansible-roles/roles/crowdsec/tasks/conf.yml

---

- name: Deploy configuration
  template: src={{ item }}.j2 dest=/etc/crowdsec/{{ item }}
  loop:
    - config.yaml
    - acquis.yaml
    - simulation.yaml
    - profile.yaml
    - parsers/s02-enrich/trusted_ip.yaml
  notify: reload crowdsec
  tags: crowdsec

# Create the database
- import_tasks: ../includes/webapps_create_mysql_db.yml
  vars:
    - db_name: "{{ crowdsec_db_name }}"
    - db_user: "{{ crowdsec_db_user }}"
    - db_server: "{{ crowdsec_db_server }}"
    - db_pass: "{{ crowdsec_db_pass }}"
  when:
    - crowdsec_db_engine == 'mysql'
    - crowdsec_lapi_enabled
  tags: crowdsec

- when: crowdsec_lapi_pass is not defined
  block:
    - name: Declare on the local API
      command: cscli machines add {{ crowdsec_lapi_user }} --auto --force --file /dev/stdout --output raw
      register: crowdsec_lapi_credentials
      delegate_to: "{{ crowdsec_lapi_server }}"
    - set_fact: crowdsec_lapi_credentials_yaml={{ crowdsec_lapi_credentials.stdout | from_yaml }}
    - copy: content={{ crowdsec_lapi_credentials_yaml.password }} dest=/etc/crowdsec/meta/lapi_pass mode=600
    - set_fact: crowdsec_lapi_pass={{ crowdsec_lapi_credentials_yaml.password }}
  tags: crowdsec

- when:
    - crowdsec_lapi_enabled
    - crowdsec_capi_enabled
    - crowdsec_capi_user is not defined or crowdsec_capi_pass is not defined
  block:
    - name: Register on the central API
      command: cscli capi register -o raw -f /dev/stdout
      register: crowdsec_capi_credentials
    - set_fact: crowdsec_capi_credentials_yaml={{ crowdsec_capi_credentials.stdout | from_yaml }}
    - copy: content={{ crowdsec_capi_credentials_yaml.login }} dest=/etc/crowdsec/meta/capi_user mode=600
    - copy: content={{ crowdsec_capi_credentials_yaml.password }} dest=/etc/crowdsec/meta/capi_pass mode=600
    - set_fact: crowdsec_capi_user={{ crowdsec_capi_credentials_yaml.login }}
    - set_fact: crowdsec_capi_pass={{ crowdsec_capi_credentials_yaml.password }}
  tags: crowdsec

- name: Deploy credentials config
  template: src={{ item }}_api_credentials.yaml.j2 dest=/etc/crowdsec/{{ item }}_api_credentials.yaml mode=600
  loop:
    - online
    - local
  notify: restart crowdsec
  tags: crowdsec

- name: List installed parsers
  shell: cscli parsers list -o json
  register: crowdsec_installed_parsers
  changed_when: False
  tags: crowdsec

- name: Install parsers
  command: cscli parsers install {{ item }}
  when: item not in crowdsec_installed_parsers.stdout | from_json | map(attribute='name') | list
  loop: "{{ crowdsec_parsers }}"
  notify: reload crowdsec
  tags: crowdsec

- name: Upgrade parsers
  command: csscli parsers upgrade {{ item }}
  loop: "{{ crowdsec_parsers }}"
  when: crowdsec_install_mode == 'upgrade'
  notify: reload crowdsec
  tags: crowdsec

- name: List installed scenarios
  command: cscli scenarios list -o json
  register: crowdsec_installed_scenarios
  changed_when: False
  tags: crowdsec

- name: Install scenarios
  command: cscli scenarios install {{ item }}
  when: item not in crowdsec_installed_scenarios.stdout | from_json | map(attribute='name') | list
  loop: "{{ crowdsec_scenarios }}"
  notify: reload crowdsec
  tags: crowdsec

- name: Upgrade scenarios
  command: csscli scenarios upgrade {{ item }}
  loop: "{{ crowdsec_scenarios }}"
  when: crowdsec_install_mode == 'upgrade'
  notify: reload crowdsec
  tags: crowdsec

- name: List installed postoverflows
  command: cscli postoverflows list -o json
  register: crowdsec_installed_postoverflows
  changed_when: False
  tags: crowdsec

- name: Install postoverflows
  command: cscli postoverflows install {{ item }}
  when: item not in crowdsec_installed_postoverflows.stdout | from_json | map(attribute='name') | list
  loop: "{{ crowdsec_postoverflows }}"
  notify: reload crowdsec
  tags: crowdsec

- name: Upgrade postoverflows
  command: csscli postoverflows upgrade {{ item }}
  loop: "{{ crowdsec_postoverflows }}"
  when: crowdsec_install_mode == 'upgrade'
  notify: reload crowdsec
  tags: crowdsec