docker-compose.yml

version: "3.8"

services:
  crowdsec-blocklist-import:
    build: .
    # Or use pre-built:
    # image: ghcr.io/wolffcatskyy/crowdsec-blocklist-import:latest
    container_name: crowdsec-blocklist-import
    restart: "no"  # Run once and exit

    environment:
      # CrowdSec container name (must be accessible via Docker socket)
      - CROWDSEC_CONTAINER=crowdsec

      # How long decisions last (run script daily to refresh)
      - DECISION_DURATION=24h

      # Max total decisions — prevents bouncer overload on embedded devices (#21)
      # UDM SE/Pro: 50000 | UDR: 15000 | USG: 8000 | Linux server: 0 (unlimited)
      - MAX_DECISIONS=40000

      # Logging (DEBUG, INFO, WARN, ERROR)
      - LOG_LEVEL=INFO

      # Timezone
      - TZ=America/New_York

      # Anonymous telemetry (enabled by default, set to false to disable)
      - TELEMETRY_ENABLED=${TELEMETRY_ENABLED:-true}

      # Prometheus metrics (enabled by default, pushing to localhost:9091)
      - METRICS_ENABLED=${METRICS_ENABLED:-true}
      - METRICS_PUSHGATEWAY_URL=${METRICS_PUSHGATEWAY_URL:-localhost:9091}

    volumes:
      # Docker socket for accessing CrowdSec container
      - /var/run/docker.sock:/var/run/docker.sock:ro