fix: use proper docker volumes, updated docs

README.md

@@ -115,6 +115,26 @@ Project and service configuration is explained below with the following scenario
 1. Add a project without `entrypoint:` and one service, which only need `name` and `domain`.
 2. Run `bin/apply.py` to roll out the changes.
 
+**Additional docker properties:**
+
+One can add additional docker properties to a service by adding them to the `additional_properties` dictionary:
+
+```yaml
+additional_properties:
+  cpu_count: 2
+```
+
+The following docker service properties exist at the service root level and MUST NOT be added via `additional_properties`:
+
+- command
+- env
+- image
+- port
+- name
+- volumes
+
+(Also see `lib/models.py`)
+
 ### Configure plugins
 
 You can enable and configure plugins in `db.yml`. Right now we support the following:
@@ -137,7 +157,7 @@ Now we can execute the command to get the key:
 docker compose exec crowdsec cscli bouncers add crowdsecBouncer
 ```
 
-Put the resulting api key in the plugin configuration in `db.yml` and apply with `bin/apply.py`.
+Put the resulting api key in the `plugins.crowdsec.apikey` configuration in `db.yml` and apply with `bin/apply.py`.
 Crowdsec is now running and wired up, but does not use any blocklists yet. Those can be managed manually, but preferable is to become part of the community by creating an account with CrowdSec to get access and contribute to the community blocklists, as well as view results in your account's dashboards.
 
 **Step 2: connect your instance with the CrowdSec console**
@@ -150,6 +170,13 @@ docker compose exec crowdsec cscli console enroll ${enrollment key}
 
 **Step 3: subscribe to 3rd party blocklists**
 
+In the [security-engines](https://app.crowdsec.net/security-engines) section select the "Blocklists" of your engine and choose some blocklists of interest.
+Example:
+
+- Free proxies list
+- Firehol SSL proxies list
+- Firehol cruzit.com list
+
 ### Using the Api & OpenApi spec
 
 The API allows openapi compatible clients to do management on this stack (ChatGPT works wonders).

db.yml.sample

@@ -2,7 +2,7 @@ plugins:
   crowdsec:
     enabled: false
     version: v1.2.0
-#    apikey:
+    apikey: ''
     options:
       logLevel: INFO
       updateIntervalSeconds: 60
@@ -27,7 +27,7 @@ projects:
     domain: itsup.example.com
     name: itsUP
     services:
-      - name: 172.17.0.1
+      - name: host.docker.internal
         port: 8888
   - description: test project to demonstrate inter service connectivity
     domain: hello.example.com
@@ -46,6 +46,8 @@ projects:
         name: informant
         env:
           TARGET: boss
+        additional_properties:
+          cpu_count: 2
   - description: whoami service
     domain: whoami.example.com
     entrypoint: web

lib/data_test.py

@@ -143,6 +143,7 @@ def test_upsert_env(self, mock_upsert_service: Mock, mock_get_service: Mock, moc
                 env=extra_env,
                 image="otomi/nodejs-helloworld:v1.2.13",
                 name="informant",
+                additional_properties={"cpu_count": 2},
             ),
         )
 

lib/proxy_test.py

@@ -48,7 +48,7 @@ def test_get_terminate_map(self, _: Mock) -> None:
 
         # Assert the result
         expected_map = {
-            "itsup.example.com": "172.17.0.1:8888",
+            "itsup.example.com": "host.docker.internal:8888",
             "hello.example.com": "test-master:8080",
             "whoami.example.com": "whoami-web:8080",
         }

lib/test_stubs.py

@@ -41,7 +41,7 @@
         description="itsUP API running on the host",
         domain="itsup.example.com",
         services=[
-            Service(name="172.17.0.1", port=8888),
+            Service(name="host.docker.internal", port=8888),
         ],
     ),
     Project(
@@ -60,6 +60,7 @@
                 env={"TARGET": "boss"},
                 image="otomi/nodejs-helloworld:v1.2.13",
                 name="informant",
+                additional_properties={"cpu_count": 2},
             ),
         ],
     ),

lib/upstream.py

@@ -14,10 +14,20 @@
 def write_upstream(project: Project) -> None:
     with open("tpl/docker-compose.yml.j2", encoding="utf-8") as f:
         tpl = f.read()
+    volumes = {}
+    for s in project.services:
+        vols = {}
+        for i, v in enumerate(s.volumes):
+            k = f"data_{s.name.replace('-', '_')}_{i}"
+            vols[k] = v
+        volumes[s.name] = vols
+
     if os.environ.get("PYTHON_ENV") != "production":
-        content = Template(tpl).render(project=project, domain=os.environ.get("TRAEFIK_DOMAIN"), env="development")
+        content = Template(tpl).render(
+            project=project, volumes=volumes, domain=os.environ.get("TRAEFIK_DOMAIN"), env="development"
+        )
     else:
-        content = Template(tpl).render(project=project, domain=project.domain)
+        content = Template(tpl).render(project=project, volumes=volumes, domain=project.domain)
     with open(f"upstream/{project.name}/docker-compose.yml", "w", encoding="utf-8") as f:
         f.write(content)
 

tpl/docker-compose.yml.j2

@@ -49,12 +49,21 @@ services:
     restart: unless-stopped
   {%- if s.volumes %}
     volumes:
-    {%- for v in s.volumes %}
-      - .{{ v }}:{{ v }}
+    {%- for k, v in volumes[s.name].items() %}
+      - {{ k }}:{{ v }}
     {%- endfor %}
   {%- endif %}
   {%- for k, v in s.additional_properties.items() %}
     {{ k }}: {{ v }}
   {%- endfor %}
 {%- endfor %}
-
+
+{% if volumes|length > 0 %}
+volumes:
+  {%- for s in project.services %}
+    {%- for k, v in volumes[s.name].items() %}
+  {{ k }}:
+    {%- endfor %}
+  {%- endfor %}
+{%- endif %}
+