crowdsec: append @docker to router whitelist

saltyorg · Oct 6, 2024 · dbd2284 · dbd2284
1 parent 461406f
commit dbd2284
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 8 deletions.
diff --git a/roles/crowdsec/defaults/main.yml b/roles/crowdsec/defaults/main.yml
@@ -43,6 +43,7 @@ crowdsec_prometheus_listen_addr: "127.0.0.1"
 crowdsec_prometheus_listen_port: "6060"
 
 # Takes a list of exact router names to ignore when parsing Traefik access logs.
+# Include @file or @docker depending on the source of said router.
 crowdsec_whitelisted_routers: []
 # Takes list of specific IPs
 crowdsec_whitelisted_ips: []

diff --git a/roles/crowdsec/templates/saltbox.yml.j2 b/roles/crowdsec/templates/saltbox.yml.j2
@@ -5,18 +5,18 @@ whitelist:
   reason: "Traefik Router Allowlist"
   expression:
 {% for item in plex_instances %}
-   - evt.Meta.traefik_router_name == '{{ item }}'
-   - evt.Meta.traefik_router_name == '{{ item }}-http'
+   - evt.Meta.traefik_router_name == '{{ item }}@docker'
+   - evt.Meta.traefik_router_name == '{{ item }}-http@docker'
 {% endfor %}
 {% for item in jellyfin_instances %}
-   - evt.Meta.traefik_router_name == '{{ item }}'
-   - evt.Meta.traefik_router_name == '{{ item }}-http'
+   - evt.Meta.traefik_router_name == '{{ item }}@docker'
+   - evt.Meta.traefik_router_name == '{{ item }}-http@docker'
 {% endfor %}
 {% for item in emby_instances %}
-   - evt.Meta.traefik_router_name == '{{ item }}'
-   - evt.Meta.traefik_router_name == '{{ item }}-http'
+   - evt.Meta.traefik_router_name == '{{ item }}@docker'
+   - evt.Meta.traefik_router_name == '{{ item }}-http@docker'
 {% endfor %}
 {% for item in crowdsec_whitelisted_routers %}
-   - evt.Meta.traefik_router_name == '{{ item }}'
-   - evt.Meta.traefik_router_name == '{{ item }}-http'
+   - evt.Meta.traefik_router_name == '{{ item }}@docker'
+   - evt.Meta.traefik_router_name == '{{ item }}-http@docker'
 {% endfor %}