diff --git a/crowdsec/QUICK-REFERENCE.md b/crowdsec/QUICK-REFERENCE.md deleted file mode 100644 index 59892b5..0000000 --- a/crowdsec/QUICK-REFERENCE.md +++ /dev/null @@ -1,131 +0,0 @@ -# CrowdSec Quick Reference Card - -## Setup Alias (Recommended) - -Add to your `~/.bashrc`: -```bash -alias cscli='ssh 10.0.4.14 "docker exec \$(docker ps -qf name=crowdsec_crowdsec) cscli"' -``` - -Then use: `cscli decisions list` instead of the full command. - ---- - -## Most Common Commands - -### View Active Bans -```bash -ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli decisions list' -``` - -### Ban an IP for 4 Hours -```bash -ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli decisions add --ip 1.2.3.4 --duration 4h' -``` - -### Unban an IP -```bash -ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli decisions delete --ip 1.2.3.4' -``` - -### View Recent Alerts (What Triggered Bans) -```bash -ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli alerts list' -``` - -### Check Status & Metrics -```bash -ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli metrics' -``` - -### Verify Bouncer Connected -```bash -ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli bouncers list' -``` - -### View Installed Collections -```bash -ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli collections list' -``` - -### View Traefik Access Logs -```bash -tail -f /home/doc/projects/swarm-data/traefik/logs/access.log -``` - -### View CrowdSec Logs -```bash -docker service logs crowdsec_crowdsec --tail 50 --follow -``` - ---- - -## Add Protection to a Service - -### Docker Swarm Service (via labels) -```yaml -deploy: - labels: - - "traefik.http.routers.myapp.middlewares=crowdsec@file" -``` - -### External Service (in dynamic.yml) -```yaml -http: - routers: - myservice: - middlewares: - - crowdsec -``` - ---- - -## Troubleshooting - -### Restart CrowdSec -```bash -docker service update --force crowdsec_crowdsec -``` - -### Restart Traefik -```bash -docker service update --force traefik_traefik -``` - -### Check if Logs Are Being Read -```bash -ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli metrics show acquisition' -``` - -### View Service Status -```bash -docker service ls | grep -E "crowdsec|traefik" -``` - ---- - -## File Locations - -| Purpose | Path | -|---------|------| -| CrowdSec Stack | `/home/doc/projects/homelab/frostlabs/crowdsec/stack.yml` | -| Log Config | `/home/doc/projects/homelab/frostlabs/crowdsec/acquis.yaml` | -| Traefik Config | `/home/doc/projects/homelab/frostlabs/traefik/dynamic.yml` | -| Access Logs | `/home/doc/projects/swarm-data/traefik/logs/access.log` | -| CrowdSec Data | `/home/doc/projects/swarm-data/crowdsec/` | - ---- - -## Emergency: I Locked Myself Out - -```bash -# Delete all bans -ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli decisions delete --all' - -# Or unban specific IP -ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli decisions delete --ip YOUR.IP.HERE' -``` - ---- - -For detailed information, see: `/home/doc/projects/homelab/frostlabs/crowdsec/GUIDE.md` diff --git a/crowdsec/stack.yml b/crowdsec/stack.yml deleted file mode 100644 index 4a40b7a..0000000 --- a/crowdsec/stack.yml +++ /dev/null @@ -1,40 +0,0 @@ -services: - crowdsec: - image: crowdsecurity/crowdsec:latest - environment: - # Disable online API enrollment (use for local setup) - - DISABLE_ONLINE_API=false - # Set collections to install - - COLLECTIONS=crowdsecurity/traefik crowdsecurity/http-cve - # Enable Prometheus metrics - - METRICS_PORT=6060 - volumes: - # Persistent CrowdSec configuration and data - - /home/doc/projects/swarm-data/crowdsec/config:/etc/crowdsec - - /home/doc/projects/swarm-data/crowdsec/data:/var/lib/crowdsec/data - # Traefik access logs (read-only) - - /home/doc/projects/swarm-data/traefik/logs:/var/log/traefik:ro - # Acquis configuration - - ./acquis.yaml:/etc/crowdsec/acquis.yaml:ro - networks: - - frostlabs - deploy: - mode: replicated - replicas: 1 - placement: - constraints: - - node.labels.task == control - restart_policy: - condition: on-failure - delay: 5s - max_attempts: 3 - healthcheck: - test: ["CMD", "cscli", "version"] - interval: 30s - timeout: 10s - retries: 3 - start_period: 60s - -networks: - frostlabs: - external: true diff --git a/portainer/stack.yml b/portainer/stack.yml deleted file mode 100644 index 41f095d..0000000 --- a/portainer/stack.yml +++ /dev/null @@ -1,38 +0,0 @@ -services: - portainer: - image: portainer/portainer-ce:latest - command: -H tcp://tasks.agent:9001 --tlsskipverify - volumes: - - /home/doc/projects/swarm-data/portainer:/data - networks: - - frostlabs - ports: - - 9000:9000 - deploy: - mode: replicated - replicas: 1 - placement: - constraints: - - node.labels.task == control - labels: - - "traefik.enable=true" - - "traefik.swarm.network=frostlabs" - - "traefik.http.routers.portainer.rule=Host(`portainer.frostlabs.me`)" - - "traefik.http.routers.portainer.entrypoints=websecure" - - "traefik.http.routers.portainer.tls=true" - - "traefik.http.routers.portainer.tls.certresolver=cloudflare" - - "traefik.http.services.portainer.loadbalancer.server.port=9000" - - agent: - image: portainer/agent:latest - volumes: - - /var/run/docker.sock:/var/run/docker.sock - - /var/lib/docker/volumes:/var/lib/docker/volumes - networks: - - frostlabs - deploy: - mode: global - -networks: - frostlabs: - external: true