crowdsec-admin

domverse/crowdsec-admin

Fork 0

Commit Graph

Author	SHA1	Message	Date
domverse	3f1d2341ce	ci: migrate to Portainer Git stack + registry-pushed image Some checks failed Deploy / deploy (push) Failing after 24s Details - Compose: build → image:latest from Gitea registry (ci namespace) - Workflow: build + push image + POST Portainer webhook (vs. host docker compose up) - Drop transient .env write — secrets now live in Portainer stack Env - Add crowdsec@file middleware (defense-in-depth project rule) Repo secrets required: REGISTRY_TOKEN, PORTAINER_WEBHOOK_URL. Rollback branch: pre-portainer-migration.	2026-06-20 12:16:56 +02:00
domverse	5d589915f7	fix: split LAPI auth — bouncer key for read, machine JWT for delete All checks were successful Deploy / deploy (push) Successful in 19s Details LAPI does not let machine JWTs hit GET /v1/decisions even after the machine is validated (returns 403 access forbidden). Conversely, bouncer X-Api-Key does not satisfy DELETE /v1/decisions (returns 401 "cookie token is empty"). The webapp now holds both credentials and routes each call to the right authority. Adds LAPI_BOUNCER_KEY env var + Gitea secret. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-16 23:58:20 +02:00
domverse	9c8b4ca0cc	feat: initial scaffold of CrowdSec admin webapp All checks were successful Deploy / deploy (push) Successful in 39s Details Flask + htmx mini-app to list and delete CrowdSec decisions from a browser, gated behind Authentik. Talks to host LAPI via host.docker.internal:8080 using machine JWT auth (bouncer X-Api-Key is read-only). Gitea Actions CI/CD on push to main: runner rebuilds image and brings the stack up via docker compose on the host (same pattern as flight-radar). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-16 23:39:20 +02:00

Author

SHA1

Message

Date

domverse

3f1d2341ce

ci: migrate to Portainer Git stack + registry-pushed image

Deploy / deploy (push) Failing after 24s

Details

- Compose: build → image:latest from Gitea registry (ci namespace)
- Workflow: build + push image + POST Portainer webhook (vs. host docker compose up)
- Drop transient .env write — secrets now live in Portainer stack Env
- Add crowdsec@file middleware (defense-in-depth project rule)

Repo secrets required: REGISTRY_TOKEN, PORTAINER_WEBHOOK_URL.
Rollback branch: pre-portainer-migration.

2026-06-20 12:16:56 +02:00

domverse

5d589915f7

fix: split LAPI auth — bouncer key for read, machine JWT for delete

Deploy / deploy (push) Successful in 19s

Details

LAPI does not let machine JWTs hit GET /v1/decisions even after the machine
is validated (returns 403 access forbidden). Conversely, bouncer X-Api-Key
does not satisfy DELETE /v1/decisions (returns 401 "cookie token is empty").

The webapp now holds both credentials and routes each call to the right
authority. Adds LAPI_BOUNCER_KEY env var + Gitea secret.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-06-16 23:58:20 +02:00

domverse

9c8b4ca0cc

feat: initial scaffold of CrowdSec admin webapp

Deploy / deploy (push) Successful in 39s

Details

Flask + htmx mini-app to list and delete CrowdSec decisions from a browser,
gated behind Authentik. Talks to host LAPI via host.docker.internal:8080
using machine JWT auth (bouncer X-Api-Key is read-only).

Gitea Actions CI/CD on push to main: runner rebuilds image and brings the
stack up via docker compose on the host (same pattern as flight-radar).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-06-16 23:39:20 +02:00

3 Commits