common:
  daemonize: false
  pid_dir: /var/run/
  log_media: stdout
  log_level: info
  log_dir: /logs/
  working_dir: .
config_paths:
  config_dir: /etc/crowdsec/
  data_dir: /var/lib/crowdsec/data/
  simulation_path: /etc/crowdsec/simulation.yaml
  hub_dir: /etc/crowdsec/hub/
  index_path: /etc/crowdsec/hub/.index.json
  notification_dir: /etc/crowdsec/notifications/
  plugin_dir: /usr/local/lib/crowdsec/plugins/
crowdsec_service:
  acquisition_path: /etc/crowdsec/acquis.yaml
  parser_routines: 1
plugin_config:
  user: nobody
  group: nobody
cscli:
  output: human
db_config:
  log_level: info
{% if database is defined %}
  type: mysql
  user: "{{ database.username }}"
  password: "{{ database.password }}"
  db_name: "{{ database.database }}"
  host: "{{ database.host }}"
  port: {{ database.port }}
{% else %}
  type: sqlite
  db_path: /var/lib/crowdsec/data/crowdsec.db
{% endif %}
  flush:
    max_items: 5000
    max_age: 7d
api:
  client:
    insecure_skip_verify: false
    credentials_path: /etc/crowdsec/local_api_credentials.yaml
  server:
    log_level: info
    listen_uri: 0.0.0.0:8080
    profiles_path: /etc/crowdsec/profiles.yaml
    use_forwarded_for_headers: true
    trusted_ips: {{ cs_trusted_ips | to_json() }}# IP ranges, or IPs which can have admin API access
    online_client: # Central API credentials (to push signals and receive bad IPs)
      credentials_path: /etc/crowdsec/online_api_credentials.yaml
    #credentials_path: /etc/crowdsec/online_api_credentials.yaml
#    tls:
#      cert_file: /etc/crowdsec/ssl/cert.pem
#      key_file: /etc/crowdsec/ssl/key.pem
prometheus:
  enabled: {{ cs_prometheus_enabled }}
  level: full
  listen_addr: 0.0.0.0
  listen_port: 6060