services:
  crowdsec:
    image: crowdsecurity/crowdsec:latest
    container_name: crowdsec
    security_opt:
      - no-new-privileges:true
    environment:
      GID: "${GID-1000}"
      COLLECTIONS: "crowdsecurity/linux crowdsecurity/traefik crowdsecurity/http-cve"
    volumes:
      - ./acquis.yaml:/etc/crowdsec/acquis.yaml:ro
      - ./postoverflows/s01-whitelist/geoip-allow.yaml:/etc/crowdsec/postoverflows/s01-whitelist/:ro
      - /srv/docker/crowdsec/crowdsec-db:/var/lib/crowdsec/data/
      - /srv/docker/crowdsec/crowdsec-config:/etc/crowdsec/:ro
      - /srv/docker/crowdsec/crowdsec-config/config.yaml:/etc/crowdsec/config.yaml:rw
      - /srv/docker/crowdsec/crowdsec-config/online_api_credentials.yaml:/etc/crowdsec/online_api_credentials.yaml:rw
      - /srv/docker/crowdsec/crowdsec-config/local_api_credentials.yaml:/etc/crowdsec/local_api_credentials.yaml:rw
      - traefik_traefik-logs:/var/log/traefik/:ro
    labels:
      - "traefik.enable=false"
    networks:
      - traefik_network
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "cscli", "version"]
      interval: 10s
      timeout: 5s
      retries: 3

networks:
  traefik_network:
    external: true

volumes:
  traefik_traefik-logs:
    external: true