feat: add default hosts directory at /etc/crowdsec/bouncers/spoa-host.d#148
Open
LaurenceJJones wants to merge 1 commit into
Open
feat: add default hosts directory at /etc/crowdsec/bouncers/spoa-host.d#148LaurenceJJones wants to merge 1 commit into
LaurenceJJones wants to merge 1 commit into
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds support for a default hosts configuration directory at /var/lib/crowdsec-haproxy-spoa-bouncer/hosts where per-host YAML configuration files can be placed. The directory is created during package installation with appropriate read-only permissions for the crowdsec-spoa service user.
Changes:
- Added
hosts_dirconfiguration parameter with a default path to the main and Docker configuration files - Created directory structure in RPM, Debian, and Docker packaging
- Set appropriate permissions (root:crowdsec-spoa, mode 750) in package post-installation scripts
- Added systemd ReadOnlyPaths directive to grant the service read access to the hosts directory
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| rpm/SPECS/crowdsec-haproxy-spoa-bouncer.spec | Creates hosts directory during package build and sets permissions in post-install script |
| debian/rules | Creates hosts directory structure during Debian package build |
| debian/postinst | Sets hosts directory ownership and permissions during package installation |
| config/crowdsec-spoa-bouncer.yaml | Adds hosts_dir configuration with documentation |
| config/crowdsec-spoa-bouncer.service | Adds ReadOnlyPaths directive for systemd to allow service access to hosts directory |
| config/crowdsec-spoa-bouncer.docker.yaml | Adds hosts_dir configuration using environment variable |
| Dockerfile | Creates hosts directory in Docker image and declares it as a volume |
Comments suppressed due to low confidence (1)
rpm/SPECS/crowdsec-haproxy-spoa-bouncer.spec:142
- The changelog date 'Fri Jun 13 2025' is in the future. The current date is January 16, 2026. This date should be updated to reflect the actual release date or changed to a past date.
* Fri Jun 13 2025 Manuel Sabban <manuel@crowdsec.net>
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
LaurenceJJones
changed the title
Configure hosts_dir as default location for per-host YAML configs. Package installations create the directory with read-only permissions for the crowdsec-spoa user (root:crowdsec-spoa, mode 750). Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
LaurenceJJones
force-pushed
the
feat/default-hosts-directory
branch
from
0b644c2 to
03b22f4
Compare
blotus
approved these changes
Feb 5, 2026
pachecocordovamoiseseduardo-byte
approved these changes
Apr 22, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Configure hosts_dir as default location for per-host YAML configs. Package installations create the directory with read-only permissions for the crowdsec-spoa user (root:crowdsec-spoa, mode 750).