update restic image
This commit is contained in:
Philip Henning
parent
f6ae23c51a
commit
9cf4d822c3
2 changed files with 81 additions and 8 deletions
73
README.md
73
README.md
|
|
@ -9,6 +9,10 @@
|
|||
- [Prerequisites](#prerequisites)
|
||||
- [Server Setup](#server-setup)
|
||||
- [Base23 Docker registry login](#base23-docker-registry-login)
|
||||
- [CrowdSec](#crowdsec)
|
||||
- [Setup CrowdSec Repo](#setup-crowdsec-repo)
|
||||
- [Install CrowdSec](#install-crowdsec)
|
||||
- [Configure CrowdSec](#configure-crowdsec)
|
||||
- [Installation](#installation)
|
||||
- [Clone \& configure initially](#clone--configure-initially)
|
||||
- [Fist run](#fist-run)
|
||||
|
|
@ -50,6 +54,75 @@ apt update \
|
|||
docker login -u gitlab+deploy-token-5 registry.git.base23.de
|
||||
```
|
||||
|
||||
### CrowdSec
|
||||
|
||||
#### Setup CrowdSec Repo
|
||||
|
||||
```shell
|
||||
apt update \
|
||||
&& apt upgrade -y \
|
||||
&& apt install -y debian-archive-keyring \
|
||||
&& apt install -y curl gnupg apt-transport-https \
|
||||
&& mkdir -p /etc/apt/keyrings/ \
|
||||
&& curl -fsSL https://packagecloud.io/crowdsec/crowdsec/gpgkey | gpg --dearmor > /etc/apt/keyrings/crowdsec_crowdsec-archive-keyring.gpg \
|
||||
&& cat << EOF > /etc/apt/sources.list.d/crowdsec_crowdsec.list \
|
||||
&& apt update
|
||||
deb [signed-by=/etc/apt/keyrings/crowdsec_crowdsec-archive-keyring.gpg] https://packagecloud.io/crowdsec/crowdsec/any any main
|
||||
deb-src [signed-by=/etc/apt/keyrings/crowdsec_crowdsec-archive-keyring.gpg] https://packagecloud.io/crowdsec/crowdsec/any any main
|
||||
EOF
|
||||
```
|
||||
|
||||
#### Install CrowdSec
|
||||
|
||||
```shell
|
||||
apt install -y crowdsec crowdsec-firewall-bouncer-iptables \
|
||||
&& cscli completion bash | tee /etc/bash_completion.d/cscli \
|
||||
&& source ~/.bashrc
|
||||
```
|
||||
|
||||
#### Configure CrowdSec
|
||||
|
||||
Whitelist Tailscale IPs:
|
||||
|
||||
```shell
|
||||
cat << EOF > /etc/crowdsec/parsers/s02-enrich/01-base23-tailscale.yaml \
|
||||
&& systemctl restart crowdsec; journalctl -xef -u crowdsec.service
|
||||
name: base23/tailscale ## Must be unqiue
|
||||
description: "Whitelist Tailscale"
|
||||
whitelist:
|
||||
reason: "Tailscale clients"
|
||||
cidr:
|
||||
- "100.64.0.0/10"
|
||||
EOF
|
||||
```
|
||||
|
||||
Add Authentik integration:
|
||||
|
||||
```shell
|
||||
cscli collections install firix/authentik \
|
||||
&& cat << EOF > /etc/crowdsec/acquis.d/authentik.yaml \
|
||||
&& crowdsec -t && systemctl restart crowdsec
|
||||
---
|
||||
source: docker
|
||||
container_name_regexp:
|
||||
- sso-base23-de-server-*
|
||||
- sso-base23-de-worker-*
|
||||
labels:
|
||||
type: authentik
|
||||
EOF
|
||||
```
|
||||
|
||||
Enable increasing ban time:
|
||||
|
||||
```shell
|
||||
sed -i -e 's/^#duration_expr/duration_expr/g' /etc/crowdsec/profiles.yaml \
|
||||
&& crowdsec -t && systemctl restart crowdsec
|
||||
```
|
||||
|
||||
Setup notifications:
|
||||
|
||||
|
||||
|
||||
## Installation
|
||||
|
||||
### Clone & configure initially
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue