Add CrowdSec bouncer for Bunny CDN Shield

Syncs locally-detected CrowdSec ban decisions to Bunny CDN Shield Access Lists. Excludes community blocklists (CAPI/lists) since Bunny Shield has its own managed threat feeds. - Polls CrowdSec LAPI for origin=crowdsec/cscli bans - Updates Bunny Shield custom Access List via PATCH API - Change detection via set comparison to skip unnecessary API calls - Exponential backoff retry on API failures - Graceful SIGTERM/SIGINT shutdown - Docker healthcheck support Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-12 19:08:56 +09:00
commit d1b870227e
6 changed files with 295 additions and 0 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -0,0 +1,13 @@
+services:
+  bunny-bouncer:
+    build: .
+    container_name: crowdsec-bunny-bouncer
+    restart: unless-stopped
+    env_file: .env
+    network_mode: host
+    healthcheck:
+      test: ["CMD", "python", "-c", "import os, sys; sys.exit(0 if os.path.exists('/tmp/bouncer-healthy') else 1)"]
+      interval: 30s
+      timeout: 5s
+      retries: 3
+      start_period: 15s