feat: Initial commit.

compose.yaml

@@ -0,0 +1,59 @@
+services:
+  caddy:
+    build:
+      context: .
+      target: caddy
+    container_name: caddy
+    restart: unless-stopped
+    env_file:
+      - .env
+    environment:
+      - CLOUDFLARE_EMAIL=${CF_EMAIL}
+      - CLOUDFLARE_API_TOKEN=${CF_AUTH_TOKEN}
+      - ACME_AGREE=true
+      - CROWDSEC_API_KEY=${CROWDSEC_API_KEY}
+    ports:
+      - 80:80
+      - 443:443
+      - "443:443/udp"
+    cap_add:
+      - NET_ADMIN
+    volumes:
+      - ./caddy:/etc/caddy
+      - caddy_data:/data
+      - caddy_config:/config
+      - caddy_logs:/var/log/caddy
+    networks:
+      - proxy
+    security_opt:
+      - no-new-privileges:true
+
+  crowdsec:
+    image: docker.io/crowdsecurity/crowdsec:latest
+    container_name: crowdsec
+    restart: unless-stopped
+    environment:
+      - GID=1000
+      - COLLECTIONS=crowdsecurity/linux crowdsecurity/caddy crowdsecurity/http-cve crowdsecurity/whitelist-good-actors
+      - BOUNCER_KEY_CADDY=${CROWDSEC_API_KEY}
+    volumes:
+      - crowdsec_db:/var/lib/crowdsec/data/
+      - ./crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml
+      - caddy_logs:/var/log/caddy:ro
+    networks:
+      - proxy
+    security_opt:
+      - no-new-privileges:true
+    depends_on:
+      - caddy
+
+volumes:
+  caddy_data: {}
+  caddy_config: {}
+  caddy_logs: {}
+  crowdsec_db: {}
+
+networks:
+  proxy:
+    external: true
+