Modernize crowdsec-config.py job

bunkerity · Mar 25, 2024 · 856cd7f · 856cd7f
1 parent eb24476
commit 856cd7f
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 57 deletions.
diff --git a/crowdsec/jobs/crowdsec-conf.py b/crowdsec/jobs/crowdsec-conf.py
@@ -6,18 +6,17 @@
 from sys import exit as sys_exit, path as sys_path
 from traceback import format_exc
 
-for deps_path in [
-    join(sep, "usr", "share", "bunkerweb", *paths)
-    for paths in (("deps", "python"), ("utils",), ("db",))
-]:
+
+for deps_path in [join(sep, "usr", "share", "bunkerweb", *paths) for paths in (("deps", "python"), ("utils",), ("db",))]:
     if deps_path not in sys_path:
         sys_path.append(deps_path)
 
-from Database import Database  # type: ignore
+from jinja2 import Environment, FileSystemLoader
 from logger import setup_logger  # type: ignore
-from jobs import set_file_in_db
+from jobs import Job  # type: ignore
 
-logger = setup_logger("CROWDSEC", getenv("LOG_LEVEL", "INFO"))
+LOGGER = setup_logger("CROWDSEC", getenv("LOG_LEVEL", "INFO"))
+PLUGIN_PATH = Path(sep, "etc", "bunkerweb", "plugins", "crowdsec")
 status = 0
 
 try:
@@ -26,70 +25,45 @@
     # Multisite case
     if getenv("MULTISITE", "no") == "yes":
         for first_server in getenv("SERVER_NAME", "").strip().split(" "):
-            if (
-                getenv(f"{first_server}_USE_CROWDSEC", getenv("USE_CROWDSEC", "no"))
-                == "yes"
-            ):
+            if getenv(f"{first_server}_USE_CROWDSEC", getenv("USE_CROWDSEC", "no")) == "yes":
                 cs_activated = True
                 break
     # Singlesite case
     elif getenv("USE_CROWDSEC", "no") == "yes":
         cs_activated = True
 
     if not cs_activated:
-        logger.info("CrowdSec is not activated, skipping job...")
+        LOGGER.info("CrowdSec is not activated, skipping job...")
         sys_exit(status)
 
-    # Create directory
-    cs_path = Path(sep, "var", "cache", "bunkerweb", "crowdsec")
-    cs_path.mkdir(parents=True, exist_ok=True)
-
-    db = Database(
-        logger,
-        sqlalchemy_string=getenv("DATABASE_URI", None),
-    )
+    JOB = Job(LOGGER)
 
-    # Copy template
+    # Generate content
+    jinja_env = Environment(loader=FileSystemLoader(PLUGIN_PATH.joinpath("misc")))
     content = (
-        Path(sep, "etc", "bunkerweb", "plugins", "crowdsec", "misc", "crowdsec.conf")
-        .read_bytes()
-        .replace(b"%CROWDSEC_API%", getenv("CROWDSEC_API", "").encode())
-        .replace(b"%CROWDSEC_API_KEY%", getenv("CROWDSEC_API_KEY", "").encode())
-        .replace(b"%CROWDSEC_MODE%", getenv("CROWDSEC_MODE", "live").encode())
-        .replace(
-            b"%CROWDSEC_REQUEST_TIMEOUT%",
-            getenv("CROWDSEC_REQUEST_TIMEOUT", "500").encode(),
-        )
-        .replace(
-            b"%CROWDSEC_UPDATE_FREQUENCY%",
-            getenv("CROWDSEC_UPDATE_FREQUENCY", "10").encode(),
-        )
-        .replace(b"%UPDATE_FREQUENCY%", getenv("UPDATE_FREQUENCY", "10").encode())
-        .replace(
-            b"%CROWDSEC_STREAM_REQUEST_TIMEOUT%",
-            getenv("CROWDSEC_STREAM_REQUEST_TIMEOUT", "15000").encode(),
+        jinja_env.get_template("crowdsec.conf")
+        .render(
+            CROWDSEC_API=getenv("CROWDSEC_API", ""),
+            CROWDSEC_API_KEY=getenv("CROWDSEC_API_KEY", ""),
+            CROWDSEC_REQUEST_TIMEOUT=getenv("CROWDSEC_REQUEST_TIMEOUT", "500"),
+            CROWDSEC_STREAM_REQUEST_TIMEOUT=getenv("CROWDSEC_STREAM_REQUEST_TIMEOUT", "15000"),
+            CROWDSEC_UPDATE_FREQUENCY=getenv("CROWDSEC_UPDATE_FREQUENCY", "10"),
+            CROWDSEC_MODE=getenv("CROWDSEC_MODE", "live"),
         )
+        .encode()
     )
 
-    # Write configuration in cache
-    cs_path.joinpath("crowdsec.conf").write_bytes(content)
-
     # Update db
-    cached, err = set_file_in_db(
-        "crowdsec.conf",
-        content,
-        db,
-    )
+    cached, err = JOB.cache_file("crowdsec.conf", content)
     if not cached:
-        logger.error(f"Error while caching crowdsec.conf file : {err}")
+        LOGGER.error(f"Error while caching crowdsec.conf file : {err}")
 
     # Done
-    logger.info("CrowdSec configuration successfully generated")
-
+    LOGGER.info("CrowdSec configuration successfully generated")
 except SystemExit as e:
-    raise e
+    status = e.code
 except:
     status = 2
-    logger.error(f"Exception while running crowdsec-init.py :\n{format_exc()}")
+    LOGGER.error(f"Exception while running crowdsec-init.py :\n{format_exc()}")
 
 sys_exit(status)
diff --git a/crowdsec/misc/crowdsec.conf b/crowdsec/misc/crowdsec.conf
@@ -1,15 +1,15 @@
 ENABLED=true
-API_URL=%CROWDSEC_API%
-API_KEY=%CROWDSEC_API_KEY%
+API_URL={{ CROWDSEC_API }}
+API_KEY={{ CROWDSEC_API_KEY }}
 CACHE_EXPIRATION=1
 # bounce for all type of remediation that the bouncer can receive from the local API
 BOUNCING_ON_TYPE=all
 FALLBACK_REMEDIATION=ban
-REQUEST_TIMEOUT=%CROWDSEC_REQUEST_TIMEOUT%
-STREAM_REQUEST_TIMEOUT=%CROWDSEC_STREAM_REQUEST_TIMEOUT%
-UPDATE_FREQUENCY=%CROWDSEC_UPDATE_FREQUENCY%
+REQUEST_TIMEOUT={{ CROWDSEC_REQUEST_TIMEOUT }}
+STREAM_REQUEST_TIMEOUT={{ CROWDSEC_STREAM_REQUEST_TIMEOUT }}
+UPDATE_FREQUENCY={{ CROWDSEC_UPDATE_FREQUENCY }}
 # live or stream
-MODE=%CROWDSEC_MODE%
+MODE={{ CROWDSEC_MODE }}
 # exclude the bouncing on those location
 EXCLUDE_LOCATION=
 #those apply for "ban" action