From dbd2284a917778a10133813660fbaee8d9ddf9d0 Mon Sep 17 00:00:00 2001
From: saltydk <salty@saltbox.dev>
Date: Sun, 6 Oct 2024 09:16:24 +0200
Subject: [PATCH] crowdsec: append @docker to router whitelist

---
 roles/crowdsec/defaults/main.yml        |  1 +
 roles/crowdsec/templates/saltbox.yml.j2 | 16 ++++++++--------
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/roles/crowdsec/defaults/main.yml b/roles/crowdsec/defaults/main.yml
index 9ee36378c8..996c06ed46 100644
--- a/roles/crowdsec/defaults/main.yml
+++ b/roles/crowdsec/defaults/main.yml
@@ -43,6 +43,7 @@ crowdsec_prometheus_listen_addr: "127.0.0.1"
 crowdsec_prometheus_listen_port: "6060"
 
 # Takes a list of exact router names to ignore when parsing Traefik access logs.
+# Include @file or @docker depending on the source of said router.
 crowdsec_whitelisted_routers: []
 # Takes list of specific IPs
 crowdsec_whitelisted_ips: []
diff --git a/roles/crowdsec/templates/saltbox.yml.j2 b/roles/crowdsec/templates/saltbox.yml.j2
index b4a0f98b41..73518b70e9 100644
--- a/roles/crowdsec/templates/saltbox.yml.j2
+++ b/roles/crowdsec/templates/saltbox.yml.j2
@@ -5,18 +5,18 @@ whitelist:
   reason: "Traefik Router Allowlist"
   expression:
 {% for item in plex_instances %}
-   - evt.Meta.traefik_router_name == '{{ item }}'
-   - evt.Meta.traefik_router_name == '{{ item }}-http'
+   - evt.Meta.traefik_router_name == '{{ item }}@docker'
+   - evt.Meta.traefik_router_name == '{{ item }}-http@docker'
 {% endfor %}
 {% for item in jellyfin_instances %}
-   - evt.Meta.traefik_router_name == '{{ item }}'
-   - evt.Meta.traefik_router_name == '{{ item }}-http'
+   - evt.Meta.traefik_router_name == '{{ item }}@docker'
+   - evt.Meta.traefik_router_name == '{{ item }}-http@docker'
 {% endfor %}
 {% for item in emby_instances %}
-   - evt.Meta.traefik_router_name == '{{ item }}'
-   - evt.Meta.traefik_router_name == '{{ item }}-http'
+   - evt.Meta.traefik_router_name == '{{ item }}@docker'
+   - evt.Meta.traefik_router_name == '{{ item }}-http@docker'
 {% endfor %}
 {% for item in crowdsec_whitelisted_routers %}
-   - evt.Meta.traefik_router_name == '{{ item }}'
-   - evt.Meta.traefik_router_name == '{{ item }}-http'
+   - evt.Meta.traefik_router_name == '{{ item }}@docker'
+   - evt.Meta.traefik_router_name == '{{ item }}-http@docker'
 {% endfor %}