Commit initial : infrastructure Ansible pour homeserver

- Playbooks Ansible avec rôles (common, cockpit, docker, services) - 30+ stacks Docker Compose avec reverse proxy Traefik - Ansible Vault pour gestion secrets - Intégration CrowdSec pour détection intrusions - Versions images Docker fixées pour reproductibilité
2025-11-23 19:40:17 +01:00 · 2025-11-23 19:40:17 +01:00 · fd01ea59ee
commit fd01ea59ee
125 changed files with 4768 additions and 0 deletions
--- a/stacks/crowdsec/config/notifications/email.yaml
+++ b/stacks/crowdsec/config/notifications/email.yaml
@ -0,0 +1,55 @@
+type: email           # Don't change
+name: email_default   # Must match the registered plugin in the profile
+
+# One of "trace", "debug", "info", "warn", "error", "off"
+log_level: info
+
+# group_wait:         # Time to wait collecting alerts before relaying a message to this plugin, eg "30s"
+# group_threshold:    # Amount of alerts that triggers a message before <group_wait> has expired, eg "10"
+# max_retry:          # Number of attempts to relay messages to plugins in case of error
+timeout: 20s          # Time to wait for response from the plugin before considering the attempt a failure, eg "10s"
+
+#-------------------------
+# plugin-specific options
+
+# The following template receives a list of models.Alert objects
+# The output goes in the email message body
+format: |
+  <html><body>
+  {{range . -}}
+    {{$alert := . -}}
+    {{range .Decisions -}}
+      <p><a href="https://www.whois.com/whois/{{.Value}}">{{.Value}}</a> will get <b>{{.Type}}</b> for next <b>{{.Duration}}</b> for triggering <b>{{.Scenario}}</b> on machine <b>{{$alert.MachineID}}</b>.</p> <p><a href="https://app.crowdsec.net/cti/{{.Value}}">CrowdSec CTI</a></p>
+    {{end -}}
+  {{end -}}
+  </body></html>
+
+smtp_host:            # example: smtp.gmail.com
+smtp_username:        # Replace with your actual username
+smtp_password:        # Replace with your actual password
+smtp_port:            # Common values are any of [25, 465, 587, 2525]
+auth_type:            # Valid choices are "none", "crammd5", "login", "plain"
+sender_name: "CrowdSec"
+sender_email:         # example: foo@gmail.com
+email_subject: "CrowdSec Notification"
+receiver_emails:
+# - email1@gmail.com
+# - email2@gmail.com
+
+# One of "ssltls", "starttls", "none"
+encryption_type: "ssltls"
+
+# If you need to set the HELO hostname:
+# helo_host: "localhost"
+
+# If the email server is hitting the default timeouts (10 seconds), you can increase them here
+#
+# connect_timeout: 10s
+# send_timeout: 10s
+
+---
+
+# type: email
+# name: email_second_notification
+# ...
+
--- a/stacks/crowdsec/config/notifications/http.yaml
+++ b/stacks/crowdsec/config/notifications/http.yaml
@ -0,0 +1,43 @@
+type: http          # Don't change
+name: http_default # Must match the registered plugin in the profile
+
+# One of "trace", "debug", "info", "warn", "error", "off"
+log_level: info
+
+# group_wait:         # Time to wait collecting alerts before relaying a message to this plugin, eg "30s"
+# group_threshold:    # Amount of alerts that triggers a message before <group_wait> has expired, eg "10"
+# max_retry:          # Number of attempts to relay messages to plugins in case of error
+# timeout:            # Time to wait for response from the plugin before considering the attempt a failure, eg "10s"
+
+#-------------------------
+# plugin-specific options
+
+# The following template receives a list of models.Alert objects
+# The output goes in the http request body
+format: |
+  {{ range . -}}
+  {{ $alert := . -}}
+  {
+    "extras": {
+      "client::display": {
+      "contentType": "text/markdown"
+    }
+  },
+  "priority": 3,
+  {{range .Decisions -}}
+  "title": "{{.Type }} {{ .Value }} for {{.Duration}}",
+  "message": "{{.Scenario}}  \n\n[crowdsec cti](https://app.crowdsec.net/cti/{{.Value -}})  \n\n[shodan](https://shodan.io/host/{{.Value -}})"
+  {{end -}}
+  }
+  {{ end -}}
+
+# The plugin will make requests to this url, eg:  https://www.example.com/
+url: https://gotify.local.tellserv.fr/message
+
+# Any of the http verbs: "POST", "GET", "PUT"...
+method: POST
+
+headers:
+  X-Gotify-Key: AeZtF1pTuEaMbF0
+  Content-Type: application/json
+# skip_tls_verification:  # true or false. Default is false
--- a/stacks/crowdsec/config/notifications/sentinel.yaml
+++ b/stacks/crowdsec/config/notifications/sentinel.yaml
@ -0,0 +1,21 @@
+type: sentinel          # Don't change
+name: sentinel_default  # Must match the registered plugin in the profile
+
+# One of "trace", "debug", "info", "warn", "error", "off"
+log_level: info
+# group_wait:         # Time to wait collecting alerts before relaying a message to this plugin, eg "30s"
+# group_threshold:    # Amount of alerts that triggers a message before <group_wait> has expired, eg "10"
+# max_retry:          # Number of attempts to relay messages to plugins in case of error
+# timeout:            # Time to wait for response from the plugin before considering the attempt a failure, eg "10s"
+
+#-------------------------
+# plugin-specific options
+
+# The following template receives a list of models.Alert objects
+# The output goes in the http request body
+format: |
+  {{.|toJson}}
+
+customer_id: XXX-XXX
+shared_key: XXXXXXX
+log_type: crowdsec
--- a/stacks/crowdsec/config/notifications/slack.yaml
+++ b/stacks/crowdsec/config/notifications/slack.yaml
@ -0,0 +1,42 @@
+type: slack           # Don't change
+name: slack_default   # Must match the registered plugin in the profile
+
+# One of "trace", "debug", "info", "warn", "error", "off"
+log_level: info
+
+# group_wait:         # Time to wait collecting alerts before relaying a message to this plugin, eg "30s"
+# group_threshold:    # Amount of alerts that triggers a message before <group_wait> has expired, eg "10"
+# max_retry:          # Number of attempts to relay messages to plugins in case of error
+# timeout:            # Time to wait for response from the plugin before considering the attempt a failure, eg "10s"
+
+#-------------------------
+# plugin-specific options
+
+# The following template receives a list of models.Alert objects
+# The output goes in the slack message
+format: |
+  {{range . -}}
+  {{$alert := . -}}
+  {{range .Decisions -}}
+  {{if $alert.Source.Cn -}}
+  :flag-{{$alert.Source.Cn}}: <https://www.whois.com/whois/{{.Value}}|{{.Value}}> will get {{.Type}} for next {{.Duration}} for triggering {{.Scenario}} on machine '{{$alert.MachineID}}'. <https://app.crowdsec.net/cti/{{.Value}}|CrowdSec CTI>{{end}}
+  {{if not $alert.Source.Cn -}}
+  :pirate_flag: <https://www.whois.com/whois/{{.Value}}|{{.Value}}> will get {{.Type}} for next {{.Duration}} for triggering {{.Scenario}} on machine '{{$alert.MachineID}}'.  <https://app.crowdsec.net/cti/{{.Value}}|CrowdSec CTI>{{end}}
+  {{end -}}
+  {{end -}}
+
+
+webhook: <WEBHOOK_URL>
+
+# API request data as defined by the Slack webhook API.
+#channel: <CHANNEL_NAME>
+#username: <USERNAME>
+#icon_emoji: <ICON_EMOJI>
+#icon_url: <ICON_URL>
+
+---
+
+# type: slack
+# name: slack_second_notification
+# ...
+
--- a/stacks/crowdsec/config/notifications/splunk.yaml
+++ b/stacks/crowdsec/config/notifications/splunk.yaml
@ -0,0 +1,28 @@
+type: splunk          # Don't change
+name: splunk_default  # Must match the registered plugin in the profile
+
+# One of "trace", "debug", "info", "warn", "error", "off"
+log_level: info
+
+# group_wait:         # Time to wait collecting alerts before relaying a message to this plugin, eg "30s"
+# group_threshold:    # Amount of alerts that triggers a message before <group_wait> has expired, eg "10"
+# max_retry:          # Number of attempts to relay messages to plugins in case of error
+# timeout:            # Time to wait for response from the plugin before considering the attempt a failure, eg "10s"
+
+#-------------------------
+# plugin-specific options
+
+# The following template receives a list of models.Alert objects
+# The output goes in the splunk notification
+format: |
+  {{.|toJson}}
+
+url: <SPLUNK_HTTP_URL>
+token: <SPLUNK_TOKEN>
+
+---
+
+# type: splunk
+# name: splunk_second_notification
+# ...
+