feat: Adds crowdsec to caddy.

compose.yaml

@@ -2,6 +2,7 @@ services:
   caddy:
     build:
       context: .
+      target: caddy
     container_name: caddy
     restart: unless-stopped
     env_file:
@@ -10,6 +11,7 @@ services:
       - CLOUDFLARE_EMAIL=${CF_EMAIL}
       - CLOUDFLARE_API_TOKEN=${CF_AUTH_TOKEN}
       - ACME_AGREE=true
+      - CROWDSEC_API_KEY=${CROWDSEC_API_KEY}
     ports:
       - 80:80
       - 443:443
@@ -20,6 +22,24 @@ services:
       - ./config:/etc/caddy
       - caddy_data:/data
       - caddy_config:/config
+      - caddy_logs:/var/log/caddy
+    networks:
+      - proxy
+    security_opt:
+      - no-new-privileges:true
+
+  crowdsec:
+    image: docker.io/crowdsecurity/crowdsec:latest
+    container_name: crowdsec
+    restart: unless-stopped
+    environment:
+      - GID=1000
+      - COLLECTIONS="crowdsecurity/linux crowdsecurity/caddy crowdsecurity/http-cve crowdsecurity/whitelisth-good-actors"
+      - BOUNCER_KEY_CADDY=${CROWDSEC_API_KEY}
+    volumes:
+      - crowdsec_db:/var/lib/crowdsec/data/
+      - ./crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml
+      - caddy_logs:/var/log/caddy:ro
     networks:
       - proxy
     security_opt:
@@ -28,6 +48,8 @@ services:
 volumes:
   caddy_data: {}
   caddy_config: {}
+  caddy_logs: {}
+  crowdsec_db: {}
 
 networks:
   proxy: