Where to put the `.yaml.local` files?
According to the docs: https://docs.crowdsec.net/docs/configuration/crowdsec_configuration#configuration-files-that-support-yamllocal
you are able to create files which will overwrite the entries of the original config file but where do I have to put those
.yaml.local files?
Inside the config_dir directory which is set in config_paths?
I'm specifically asking for the bouncers/crowdsec-firewall-bouncer.yaml.CrowdSec Configuration | CrowdSec
CrowdSec has a main yaml configuration file, usually located in /etc/crowdsec/config.yaml.
24 Replies
Important Information
Thank you for getting in touch with your support request. To expedite a swift resolution, could you kindly provide the following information? Rest assured, we will respond promptly, and we greatly appreciate your patience. While you wait, please check the links below to see if this issue has been previously addressed. If you have managed to resolve it, please use run the command
/resolve or press the green resolve button below.Log Files
If you possess any log files that you believe could be beneficial, please include them at this time. By default, CrowdSec logs to /var/log/, where you will discover a corresponding log file for each component.
Guide Followed (CrowdSec Official)
If you have diligently followed one of our guides and hit a roadblock, please share the guide with us. This will help us assess if any adjustments are necessary to assist you further.
Screenshots
Please forward any screenshots depicting errors you encounter. Your visuals will provide us with a clear view of the issues you are facing.
© Created By WhyAydan for CrowdSec ❤️
Ok, per default it seems to be in
/etc/crowdsec: https://docs.crowdsec.net/u/bouncers/firewall/#configuration-for-manual-installation
but I don't have this directoryFirewall | CrowdSec
📚 Documentation
ok and on linux it seems to be in set to
/etc/crowdsec https://github.com/crowdsecurity/crowdsec/blob/master/config/config.yaml#L10 that's probably why the root is in /etc/crowdsecGitHub
crowdsec/config/config.yaml at master · crowdsecurity/crowdsec
CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI. - crowdsecurity/crowdsec
.yaml.local files need to exist next to their non local counter parts.so that means?
(where should the non-local-counter-parts be?)
Well it differs per OS and if you installing on a first party support platform, we don't package for nixos so check the package for their documentation
We documented the default locations in the FAQ https://docs.crowdsec.net/u/troubleshooting/security_engine#where-is-configuration-stored
Troubleshooting Security Engine | CrowdSec
Community support
according to the source of the nixos module/package, it sets
config_dir to /var/lib/crowdsec/config: https://codeberg.org/kampka/nix-flake-crowdsec/src/branch/main/modules/crowdsec/default.nix#L24
Is that the equivalent /etc/crowdsec directory?I guess so, but the base idea is if you want to provide overrides to
config.yaml that exists in the config directory so you place local variant in the same directory
And then the same logic is for the bouncer files, if they exist in the bouncers directory you provide the local variant in the same folderhm... ok, so it should be indeed the correct path.
So basicall, if I'd like to override
bouncers/crowdsec-firewall-bouncer.yaml, then in my case, I'd have to create the file /var/lib/crowdsec/config/bouncers/crowdsec-firewall-bouncer.yaml.local and there I can add
right?Exactly
and the config should be applied if I restart the firewall-bouncer service?
because... it still doesn't work :peepoCrying:
Can you
systemctl cat crowdsec-firewall-bouncerto be fair, I removed my crowdsec bouncer-override setup for now
but I'm very sure that I tried that before and the firewall was complaining about a missing entry
Seems the config its current pointing at belong in /nix/store
oh wait, I can quickly try that again. I just need to create the
bounces/ directoryProbably a symlink
wait, so you mean to actually make that
.yaml.local working, I'd have to put the .yaml.local file in the same directory as the origial .yaml file for the firewall bouncer? :monkaW:Well nixos is doing some things we probably never accounted for when we wrote the local loader
The
-c flag is the current location of the confog filewell
that makes sense then why
/var/lib/crowdsec/config/bouncers/crowdsec-firewall-bouncer.yaml.local didn't do anything
:peepoCrying:
but thank you for the clarification
should I mark this as "resolved"? I mean.. we found the reason I guess: The config path is completely offHowever I guess if you check the file its probably a symlink to an actual file
let me check
