homelab/compose/core/crowdsec/compose.yaml

# CrowdSec - Collaborative IPS/IDS
# Docs: https://docs.crowdsec.net/

services:
  crowdsec:
    container_name: crowdsec
    image: crowdsecurity/crowdsec:latest
    restart: unless-stopped

    env_file:
      - .env

    environment:
      # Timezone
      TZ: America/Los_Angeles

      # Collections to install on first run
      COLLECTIONS: >-
        crowdsecurity/traefik
        crowdsecurity/base-http-scenarios
        crowdsecurity/whitelist-good-actors        

      # Disable online API for local-only mode (optional)
      # DISABLE_ONLINE_API: "true"

    volumes:
      # Configuration persistence
      - ./config/acquis.yaml:/etc/crowdsec/acquis.yaml:ro
      - ./config/local_whitelist.yaml:/etc/crowdsec/parsers/s02-enrich/local_whitelist.yaml:ro

      # Database persistence (SQLite)
      - ./db:/var/lib/crowdsec/data

      # Traefik logs (read-only, shared with Traefik)
      - ../traefik/logs:/var/log/traefik:ro

      # Configuration directory (for runtime config)
      - crowdsec-config:/etc/crowdsec

    networks:
      - homelab

    # Expose 8080 only for metrics/dashboard (optional)
    # Not exposed to host by default for security
    # ports:
    #   - "8080:8080"

    labels:
      # Traefik - Optional: Expose CrowdSec dashboard
      traefik.enable: true
      traefik.docker.network: homelab

      # CrowdSec Dashboard
      traefik.http.routers.crowdsec.rule: Host(`crowdsec.fig.systems`)
      traefik.http.routers.crowdsec.entrypoints: websecure
      traefik.http.routers.crowdsec.tls.certresolver: letsencrypt
      traefik.http.services.crowdsec.loadbalancer.server.port: 8080

      # Protect with Authelia
      traefik.http.routers.crowdsec.middlewares: authelia

      # Homarr Discovery
      homarr.name: CrowdSec
      homarr.group: Security
      homarr.icon: mdi:shield-check

networks:
  homelab:
    external: true

volumes:
  crowdsec-config:
    driver: local