crowdsec-dashy/docker-compose.yml

# -----------------------------------------------------------------------
# CrowdSec Dashy — Docker Compose
#
# First-run setup:
#   1. mkdir -p config
#   2. docker compose up crowdsec-dashy
#      The container exits after creating ./config/app_config.conf
#
#   3. Edit ./config/app_config.conf
#      Set: crowdsec_api_login, crowdsec_api_password, ui_password
#
#   4. Register the UI as a CrowdSec machine:
#      docker exec crowdsec cscli machines add crowdsec-dashy \
#        --password <crowdsec_api_password from config> -a
#
#   5. docker compose up -d
#
# cscli (optional):
#   Required for bouncers, machines, hub, and metrics pages.
#   docker cp crowdsec:/usr/local/bin/cscli /usr/local/bin/cscli
#   Then uncomment the cscli volume below.
# -----------------------------------------------------------------------

services:
  crowdsec:
    image: crowdsecurity/crowdsec:latest
    container_name: crowdsec
    restart: unless-stopped
    environment:
      GID: "1000"
      COLLECTIONS: "crowdsecurity/linux crowdsecurity/nginx"
    volumes:
      - crowdsec-db:/var/lib/crowdsec/data
      - crowdsec-config:/etc/crowdsec
      - /var/log:/var/log:ro
    networks:
      - cs-internal

  crowdsec-dashy:
    build: .
    container_name: crowdsec-dashy
    restart: unless-stopped
    ports:
      - "8080:8080"
    environment:
      # CONFIG_FILE points to the mounted config directory.
      # All secrets live in the file — not in environment variables.
      CONFIG_FILE: /app/config/app_config.conf
    volumes:
      # Config directory — app_config.conf is auto-generated here on first run.
      - ./config:/app/config
      # cscli binary — optional; enables bouncers/machines/hub/metrics.
      # Uncomment after copying from the crowdsec container (see above).
      # - /usr/local/bin/cscli:/usr/local/bin/cscli:ro
    networks:
      - cs-internal
    depends_on:
      - crowdsec

networks:
  cs-internal:
    driver: bridge

volumes:
  crowdsec-db:
  crowdsec-config: