From 461406fe710534f115eeea0b377ac4924d3ea293 Mon Sep 17 00:00:00 2001
From: saltydk <salty@saltbox.dev>
Date: Sat, 5 Oct 2024 17:25:34 +0200
Subject: [PATCH] crowdsec: add IP whitelist parser configuration

---
 roles/crowdsec/defaults/main.yml                 |  4 ++++
 roles/crowdsec/tasks/main.yml                    |  9 +++++++++
 .../templates/saltbox-ip-whitelist.yml.j2        | 16 ++++++++++++++++
 3 files changed, 29 insertions(+)
 create mode 100644 roles/crowdsec/templates/saltbox-ip-whitelist.yml.j2

diff --git a/roles/crowdsec/defaults/main.yml b/roles/crowdsec/defaults/main.yml
index 0082abf89e..9ee36378c8 100644
--- a/roles/crowdsec/defaults/main.yml
+++ b/roles/crowdsec/defaults/main.yml
@@ -44,6 +44,10 @@ crowdsec_prometheus_listen_port: "6060"
 
 # Takes a list of exact router names to ignore when parsing Traefik access logs.
 crowdsec_whitelisted_routers: []
+# Takes list of specific IPs
+crowdsec_whitelisted_ips: []
+# Takes list of CIDR notation IP ranges
+crowdsec_whitelisted_cidrs: []
 
 ################################
 # Lookups
diff --git a/roles/crowdsec/tasks/main.yml b/roles/crowdsec/tasks/main.yml
index f3611896bf..58e3489e54 100644
--- a/roles/crowdsec/tasks/main.yml
+++ b/roles/crowdsec/tasks/main.yml
@@ -158,6 +158,15 @@
     group: "root"
     mode: "0600"
 
+- name: Import 'saltbox-ip-whitelist.yml'
+  ansible.builtin.template:
+    src: saltbox-ip-whitelist.yml.j2
+    dest: "/etc/crowdsec/parsers/s02-enrich/saltbox-ip-whitelist.yml"
+    owner: "root"
+    group: "root"
+    mode: "0600"
+  when: (crowdsec_whitelisted_ips | length > 0) or (crowdsec_whitelisted_cidrs | length > 0)
+
 - name: Enable and restart 'crowdsec' service
   ansible.builtin.systemd_service:
     name: crowdsec
diff --git a/roles/crowdsec/templates/saltbox-ip-whitelist.yml.j2 b/roles/crowdsec/templates/saltbox-ip-whitelist.yml.j2
new file mode 100644
index 0000000000..b6efae2a06
--- /dev/null
+++ b/roles/crowdsec/templates/saltbox-ip-whitelist.yml.j2
@@ -0,0 +1,16 @@
+name: saltbox/ip-whitelist
+description: "Whitelist events from my ip addresses"
+whitelist:
+  reason: "my ip ranges"
+{% if crowdsec_whitelisted_ips | length > 0 %}
+  ip:
+{% for item in crowdsec_whitelisted_ips %}
+   - "{{ item }}"
+{% endfor %}
+{% endif %}
+{% if crowdsec_whitelisted_cidrs | length > 0 %}
+  cidr:
+{% for item in crowdsec_whitelisted_cidrs %}
+   - "{{ item }}"
+{% endfor %}
+{% endif %}