Persist user changes to crowdsec conf

2026-03-23 00:05:28 +08:00 · 2022-08-21 20:25:49 +01:00 · 2022-08-21 20:25:49 +01:00 · dc03c94f88
commit dc03c94f88
parent d559049f45
2 changed files with 22 additions and 12 deletions
--- a/root/etc/cont-init.d/98-crowdsec
+++ b/root/etc/cont-init.d/98-crowdsec
@ -35,9 +35,18 @@ tar xf \
    /tmp/crowdsec.tar.gz -C \
    /tmp/crowdsec --strip-components=1

-# Inject API keys into config file
 mkdir -p "${CONFIG_PATH}"
-API_KEY=${CROWDSEC_API_KEY} CROWDSEC_LAPI_URL=${CROWDSEC_LAPI_URL} envsubst < /tmp/crowdsec/lua-mod/config_example.conf > "${CONFIG_PATH}crowdsec-nginx-bouncer.conf"
+if [ ! -f "${CONFIG_PATH}crowdsec-nginx-bouncer.conf" ]; then \
+    cp /tmp/crowdsec/lua-mod/config_example.conf "${CONFIG_PATH}crowdsec-nginx-bouncer.conf"
+fi
+
+# Inject API keys into config file
+sed -i -r "s|API_KEY=.*$|API_KEY=${CROWDSEC_API_KEY}|" "${CONFIG_PATH}crowdsec-nginx-bouncer.conf"
+sed -i -r "s|API_URL=.*$|API_URL=${CROWDSEC_LAPI_URL}|" "${CONFIG_PATH}crowdsec-nginx-bouncer.conf"
+
+# Sed in ReCaptcha keys
+sed -i -r "s|SECRET_KEY=.*$|SECRET_KEY=${CROWDSEC_SECRET_KEY}|" "${CONFIG_PATH}crowdsec-nginx-bouncer.conf"
+sed -i -r "s|SITE_KEY=.*$|SITE_KEY=${CROWDSEC_SITE_KEY}|" "${CONFIG_PATH}crowdsec-nginx-bouncer.conf"

 # Change config path
 sed -i "s|/etc/crowdsec/bouncers/|${CONFIG_PATH}|" /tmp/crowdsec/nginx/crowdsec_nginx.conf
@ -51,10 +60,6 @@ cp -r /tmp/crowdsec/lua-mod/lib/* ${LIB_PATH}

 cp /tmp/crowdsec/nginx/crowdsec_nginx.conf /etc/nginx/http.d

-# Sed in ReCaptcha keys
-sed -i -r "s|SECRET_KEY=.*$|SECRET_KEY=${CROWDSEC_SECRET_KEY}|" "${CONFIG_PATH}crowdsec-nginx-bouncer.conf"
-sed -i -r "s|SITE_KEY=.*$|SITE_KEY=${CROWDSEC_SITE_KEY}|" "${CONFIG_PATH}crowdsec-nginx-bouncer.conf"
-
 # Sed in crowdsec include
 if ! grep -q '[^#]include /etc/nginx/http.d/\*.conf;' '/config/nginx/nginx.conf' && ! grep -q '[^#]include /etc/nginx/conf.d/\*.conf;' '/config/nginx/nginx.conf'; then
    if grep -q '#include /etc/nginx/http.d/\*.conf;' '/config/nginx/nginx.conf'; then
--- a/root/etc/s6-overlay/s6-rc.d/init-mod-swag-crowdsec/run
+++ b/root/etc/s6-overlay/s6-rc.d/init-mod-swag-crowdsec/run
@ -35,9 +35,18 @@ tar xf \
    /tmp/crowdsec.tar.gz -C \
    /tmp/crowdsec --strip-components=1

-# Inject API keys into config file
 mkdir -p "${CONFIG_PATH}"
-API_KEY=${CROWDSEC_API_KEY} CROWDSEC_LAPI_URL=${CROWDSEC_LAPI_URL} envsubst < /tmp/crowdsec/lua-mod/config_example.conf > "${CONFIG_PATH}crowdsec-nginx-bouncer.conf"
+if [ ! -f "${CONFIG_PATH}crowdsec-nginx-bouncer.conf" ]; then \
+    cp /tmp/crowdsec/lua-mod/config_example.conf "${CONFIG_PATH}crowdsec-nginx-bouncer.conf"
+fi
+
+# Inject API keys into config file
+sed -i -r "s|API_KEY=.*$|API_KEY=${CROWDSEC_API_KEY}|" "${CONFIG_PATH}crowdsec-nginx-bouncer.conf"
+sed -i -r "s|API_URL=.*$|API_URL=${CROWDSEC_LAPI_URL}|" "${CONFIG_PATH}crowdsec-nginx-bouncer.conf"
+
+# Sed in ReCaptcha keys
+sed -i -r "s|SECRET_KEY=.*$|SECRET_KEY=${CROWDSEC_SECRET_KEY}|" "${CONFIG_PATH}crowdsec-nginx-bouncer.conf"
+sed -i -r "s|SITE_KEY=.*$|SITE_KEY=${CROWDSEC_SITE_KEY}|" "${CONFIG_PATH}crowdsec-nginx-bouncer.conf"

 # Change config path
 sed -i "s|/etc/crowdsec/bouncers/|${CONFIG_PATH}|" /tmp/crowdsec/nginx/crowdsec_nginx.conf
@ -51,10 +60,6 @@ cp -r /tmp/crowdsec/lua-mod/lib/* ${LIB_PATH}

 cp /tmp/crowdsec/nginx/crowdsec_nginx.conf /etc/nginx/http.d

-# Sed in ReCaptcha keys
-sed -i -r "s|SECRET_KEY=.*$|SECRET_KEY=${CROWDSEC_SECRET_KEY}|" "${CONFIG_PATH}crowdsec-nginx-bouncer.conf"
-sed -i -r "s|SITE_KEY=.*$|SITE_KEY=${CROWDSEC_SITE_KEY}|" "${CONFIG_PATH}crowdsec-nginx-bouncer.conf"
-
 # Sed in crowdsec include
 if ! grep -q '[^#]include /etc/nginx/http.d/\*.conf;' '/config/nginx/nginx.conf' && ! grep -q '[^#]include /etc/nginx/conf.d/\*.conf;' '/config/nginx/nginx.conf'; then
    if grep -q '#include /etc/nginx/http.d/\*.conf;' '/config/nginx/nginx.conf'; then