From 9e03c64d2a0e7b0c966a04de3ee556e76ff361e5 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Wed, 12 Feb 2025 21:56:13 -0500
Subject: [PATCH] Complete bash migration

---
 install/captcha.html                          | 338 ------------------
 install/{crowdsec/install.go => crowdsec.go}  | 271 ++++++--------
 install/{fs => }/crowdsec/acquis.yaml         |   0
 install/{fs => }/crowdsec/config.yaml         |   0
 install/crowdsec/dynamic_config.yml           | 108 ++++++
 .../crowdsec/local_api_credentials.yaml       |   0
 install/{fs => }/crowdsec/profiles.yaml       |   0
 install/crowdsec/traefik_config.yml           |  87 +++++
 install/main.go                               |   1 +
 9 files changed, 301 insertions(+), 504 deletions(-)
 delete mode 100644 install/captcha.html
 rename install/{crowdsec/install.go => crowdsec.go} (55%)
 rename install/{fs => }/crowdsec/acquis.yaml (100%)
 rename install/{fs => }/crowdsec/config.yaml (100%)
 create mode 100644 install/crowdsec/dynamic_config.yml
 rename install/{fs => }/crowdsec/local_api_credentials.yaml (100%)
 rename install/{fs => }/crowdsec/profiles.yaml (100%)
 create mode 100644 install/crowdsec/traefik_config.yml

diff --git a/install/captcha.html b/install/captcha.html
deleted file mode 100644
index a40d37a3..00000000
--- a/install/captcha.html
+++ /dev/null
@@ -1,338 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-
-<head>
-  <title>CrowdSec Captcha</title>
-  <meta content="text/html; charset=utf-8" />
-  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-  <style>
-    /*! tailwindcss v3.2.7 | MIT License | https://tailwindcss.com*/
-    *,
-    :after,
-    :before {
-      border: 0 solid #e5e7eb;
-      box-sizing: border-box
-    }
-
-    :after,
-    :before {
-      --tw-content: ""
-    }
-
-    html {
-      -webkit-text-size-adjust: 100%;
-      font-feature-settings: normal;
-      font-family: ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Helvetica Neue, Arial, Noto Sans, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol, Noto Color Emoji;
-      line-height: 1.5;
-      -moz-tab-size: 4;
-      -o-tab-size: 4;
-      tab-size: 4
-    }
-
-    body {
-      line-height: inherit;
-      margin: 0
-    }
-
-    h1,
-    h2,
-    h3,
-    h4,
-    h5,
-    h6 {
-      font-size: inherit;
-      font-weight: inherit
-    }
-
-    a {
-      color: inherit;
-      text-decoration: inherit
-    }
-
-    h1,
-    h2,
-    h3,
-    h4,
-    h5,
-    h6,
-    hr,
-    p,
-    pre {
-      margin: 0
-    }
-
-    *,
-    ::backdrop,
-    :after,
-    :before {
-      --tw-border-spacing-x: 0;
-      --tw-border-spacing-y: 0;
-      --tw-translate-x: 0;
-      --tw-translate-y: 0;
-      --tw-rotate: 0;
-      --tw-skew-x: 0;
-      --tw-skew-y: 0;
-      --tw-scale-x: 1;
-      --tw-scale-y: 1;
-      --tw-pan-x: ;
-      --tw-pan-y: ;
-      --tw-pinch-zoom: ;
-      --tw-scroll-snap-strictness: proximity;
-      --tw-ordinal: ;
-      --tw-slashed-zero: ;
-      --tw-numeric-figure: ;
-      --tw-numeric-spacing: ;
-      --tw-numeric-fraction: ;
-      --tw-ring-inset: ;
-      --tw-ring-offset-width: 0px;
-      --tw-ring-offset-color: #fff;
-      --tw-ring-color: #3b82f680;
-      --tw-ring-offset-shadow: 0 0 #0000;
-      --tw-ring-shadow: 0 0 #0000;
-      --tw-shadow: 0 0 #0000;
-      --tw-shadow-colored: 0 0 #0000;
-      --tw-blur: ;
-      --tw-brightness: ;
-      --tw-contrast: ;
-      --tw-grayscale: ;
-      --tw-hue-rotate: ;
-      --tw-invert: ;
-      --tw-saturate: ;
-      --tw-sepia: ;
-      --tw-drop-shadow: ;
-      --tw-backdrop-blur: ;
-      --tw-backdrop-brightness: ;
-      --tw-backdrop-contrast: ;
-      --tw-backdrop-grayscale: ;
-      --tw-backdrop-hue-rotate: ;
-      --tw-backdrop-invert: ;
-      --tw-backdrop-opacity: ;
-      --tw-backdrop-saturate: ;
-      --tw-backdrop-sepia:
-    }
-
-    .flex {
-      display: flex
-    }
-    .flex-wrap {
-      flex-wrap: wrap
-    }
-
-    .inline-flex {
-      display: inline-flex
-    }
-
-    .h-24 {
-      height: 6rem
-    }
-
-    .h-6 {
-      height: 1.5rem
-    }
-
-    .h-full {
-      height: 100%
-    }
-
-    .h-screen {
-      height: 100vh
-    }
-
-    .text-center {
-      text-align: center
-    }
-
-    .w-24 {
-      width: 6rem
-    }
-
-    .w-6 {
-      width: 1.5rem
-    }
-
-    .w-full {
-      width: 100%
-    }
-
-    .w-screen {
-      width: 100vw
-    }
-
-    .my-3 {
-      margin-top: 0.75rem;
-      margin-bottom: 0.75rem
-    }
-
-    .flex-col {
-      flex-direction: column
-    }
-
-    .items-center {
-      align-items: center
-    }
-
-    .justify-center {
-      justify-content: center
-    }
-
-    .justify-between {
-      justify-content: space-between
-    }
-
-    .space-y-1>:not([hidden])~:not([hidden]) {
-      --tw-space-y-reverse: 0;
-      margin-bottom: calc(.25rem*var(--tw-space-y-reverse));
-      margin-top: calc(.25rem*(1 - var(--tw-space-y-reverse)))
-    }
-
-    .space-y-4>:not([hidden])~:not([hidden]) {
-      --tw-space-y-reverse: 0;
-      margin-bottom: calc(1rem*var(--tw-space-y-reverse));
-      margin-top: calc(1rem*(1 - var(--tw-space-y-reverse)))
-    }
-
-    .rounded-xl {
-      border-radius: .75rem
-    }
-
-    .border-2 {
-      border-width: 2px
-    }
-
-    .border-black {
-      --tw-border-opacity: 1;
-      border-color: rgb(0 0 0/var(--tw-border-opacity))
-    }
-
-    .p-4 {
-      padding: 1rem
-    }
-
-    .px-4 {
-      padding-left: 1rem;
-      padding-right: 1rem
-    }
-
-    .py-2 {
-      padding-bottom: .5rem;
-      padding-top: .5rem
-    }
-
-    .text-2xl {
-      font-size: 1.5rem;
-      line-height: 2rem
-    }
-
-    .text-sm {
-      font-size: .875rem;
-      line-height: 1.25rem
-    }
-
-    .text-xl {
-      font-size: 1.25rem;
-      line-height: 1.75rem
-    }
-
-    .font-bold {
-      font-weight: 700
-    }
-
-    .text-white {
-      --tw-text-opacity: 1;
-      color: rgb(255 255 255/var(--tw-text-opacity))
-    }
-
-    @media (min-width:640px) {
-      .sm\:w-2\/3 {
-        width: 66.666667%
-      }
-    }
-
-    @media (min-width:768px) {
-      .md\:flex-row {
-        flex-direction: row
-      }
-    }
-
-    @media (min-width:1024px) {
-      .lg\:w-1\/2 {
-        width: 50%
-      }
-
-      .lg\:text-3xl {
-        font-size: 1.875rem;
-        line-height: 2.25rem
-      }
-
-      .lg\:text-xl {
-        font-size: 1.25rem;
-        line-height: 1.75rem
-      }
-    }
-
-    @media (min-width:1280px) {
-      .xl\:text-4xl {
-        font-size: 2.25rem;
-        line-height: 2.5rem
-      }
-    }
-  </style>
-  <script src="{{ .FrontendJS }}" async defer></script>
-</head>
-
-<body class="h-screen w-screen p-4">
-  <div class="h-full w-full flex flex-col justify-center items-center">
-    <div class="border-2 border-black rounded-xl p-4 text-center w-full sm:w-2/3 lg:w-1/2">
-      <div class="flex flex-col items-center space-y-4">
-        <svg fill="black" class="h-24 w-24" aria-hidden="true" focusable="false" data-prefix="fas"
-          data-icon="exclamation-triangle" role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 576 512"
-          class="warning">
-          <path
-            d="M569.517 440.013C587.975 472.007 564.806 512 527.94 512H48.054c-36.937 0-59.999-40.055-41.577-71.987L246.423 23.985c18.467-32.009 64.72-31.951 83.154 0l239.94 416.028zM288 354c-25.405 0-46 20.595-46 46s20.595 46 46 46 46-20.595 46-46-20.595-46-46-46zm-43.673-165.346l7.418 136c.347 6.364 5.609 11.346 11.982 11.346h48.546c6.373 0 11.635-4.982 11.982-11.346l7.418-136c.375-6.874-5.098-12.654-11.982-12.654h-63.383c-6.884 0-12.356 5.78-11.981 12.654z">
-          </path>
-        </svg>
-        <h1 class="text-2xl lg:text-3xl xl:text-4xl">CrowdSec Captcha</h1>
-      </div>
-      <form action="" method="POST" class="flex flex-col space-y-1" id="captcha-form">
-        <div id="captcha" class="{{ .FrontendKey }}" data-sitekey="{{ .SiteKey }}" data-callback="captchaCallback">
-        </div>
-      </form>
-      <div class="flex justify-center flex-wrap">
-        <p class="my-3">This security check has been powered by</p>
-        <a href="https://crowdsec.net/" target="_blank" rel="noopener" class="inline-flex flex-col items-center">
-          <svg fill="black" width="33.92" height="33.76" viewBox="0 0 254.4 253.2">
-            <defs>
-              <clipPath id="a">
-                <path d="M0 52h84v201.2H0zm0 0" />
-              </clipPath>
-              <clipPath id="b">
-                <path d="M170 52h84.4v201.2H170zm0 0" />
-              </clipPath>
-            </defs>
-            <path
-              d="M59.3 128.4c1.4 2.3 2.5 4.6 3.4 7-1-4.1-2.3-8.1-4.3-12-3.1-6-7.8-5.8-10.7 0-2 4-3.2 8-4.3 12.1 1-2.4 2-4.8 3.4-7.1 3.4-5.8 8.8-6 12.5 0M207.8 128.4a42.9 42.9 0 013.4 7c-1-4.1-2.3-8.1-4.3-12-3.2-6-7.8-5.8-10.7 0-2 4-3.3 8-4.3 12.1.9-2.4 2-4.8 3.4-7.1 3.4-5.8 8.8-6 12.5 0M134.6 92.9c2 3.5 3.6 7 4.8 10.7-1.3-5.4-3-10.6-5.6-15.7-4-7.5-9.7-7.2-13.3 0a75.4 75.4 0 00-5.6 16c1.2-3.8 2.7-7.4 4.7-11 4.1-7.2 10.6-7.5 15 0M43.8 136.8c.9 4.6 3.7 8.3 7.3 9.2 0 2.7 0 5.5.2 8.2.3 3.3.4 6.6 1 9.6.3 2.3 1 2.2 1.3 0 .5-3 .6-6.3 1-9.6l.2-8.2c3.5-1 6.4-4.6 7.2-9.2a17.8 17.8 0 01-9 2.4c-3.5 0-6.6-1-9.2-2.4M192.4 136.8c.8 4.6 3.7 8.3 7.2 9.2 0 2.7 0 5.5.3 8.2.3 3.3.4 6.6 1 9.6.3 2.3.9 2.2 1.2 0 .6-3 .7-6.3 1-9.6.2-2.7.3-5.5.2-8.2 3.6-1 6.4-4.6 7.3-9.2a17.8 17.8 0 01-9.1 2.4c-3.4 0-6.6-1-9.1-2.4M138.3 104.6c-3.1 1.9-7 3-11.3 3-4.3 0-8.2-1.1-11.3-3 1 5.8 4.5 10.3 9 11.5 0 3.4 0 6.8.3 10.2.4 4.1.5 8.2 1.2 12 .4 2.9 1.2 2.7 1.6 0 .7-3.8.8-7.9 1.2-12 .3-3.4.3-6.8.3-10.2 4.5-1.2 8-5.7 9-11.5" />
-            <path
-              d="M51 146c0 2.7.1 5.5.3 8.2.3 3.3.4 6.6 1 9.6.3 2.3 1 2.2 1.3 0 .5-3 .6-6.3 1-9.6l.2-8.2c3.5-1 6.4-4.6 7.2-9.2a17.8 17.8 0 01-9 2.4c-3.5 0-6.6-1-9.2-2.4.9 4.6 3.7 8.3 7.3 9.2M143.9 105c-1.9-.4-3.5-1.2-4.9-2.3 1.4 5.6 2.5 11.3 4 17 1.2 5 2 10 2.4 15 .6 7.8-4.5 14.5-10.9 14.5h-15c-6.4 0-11.5-6.7-11-14.5.5-5 1.3-10 2.6-15 1.3-5.3 2.3-10.5 3.6-15.7-2.2 1.2-4.8 1.9-7.7 2-4.7.1-9.4-.3-14-1-4-.4-6.7-3-8-6.7-1.3-3.4-2-7-3.3-10.4-.5-1.5-1.6-2.8-2.4-4.2-.4-.6-.8-1.2-.9-1.8v-7.8a77 77 0 0124.5-3c6.1 0 12 1 17.8 3.2 4.7 1.7 9.7 1.8 14.4 0 9-3.4 18.2-3.8 27.5-3 4.9.5 9.8 1.6 14.8 2.4v8.2c0 .6-.3 1.5-.7 1.7-2 .9-2.2 2.7-2.7 4.5-.9 3.2-1.8 6.4-2.9 9.5a11 11 0 01-8.8 7.7 40.6 40.6 0 01-18.4-.2m29.4 80.6c-3.2-26.8-6.4-50-8.9-60.7a14.3 14.3 0 0014.1-14h.4a9 9 0 005.6-16.5 14.3 14.3 0 00-3.7-27.2 9 9 0 00-6.9-14.6c2.4-1.1 4.5-3 5.8-5 3.4-5.3 4-29-8-44.4-5-6.3-9.8-2.5-10 1.8-1 13.2-1.1 23-4.5 34.3a9 9 0 00-16-4.1 14.3 14.3 0 00-28.4 0 9 9 0 00-16 4.1c-3.4-11.2-3.5-21.1-4.4-34.3-.3-4.3-5.2-8-10-1.8-12 15.3-11.5 39-8.1 44.4 1.3 2 3.4 3.9 5.8 5a9 9 0 00-7 14.6 14.3 14.3 0 00-3.6 27.2A9 9 0 0075 111h.5a14.5 14.5 0 0014.3 14c-4 17.2-10 66.3-15 111.3l-1.3 13.4a1656.4 1656.4 0 01106.6 0l-1.4-12.7-5.4-51.3" />
-            <g clip-path="url(#a)">
-              <path
-                d="M83.5 136.6l-2.3.7c-5 1-9.8 1-14.8-.2-1.4-.3-2.7-1-3.8-1.9l3.1 13.7c1 4 1.7 8 2 12 .5 6.3-3.6 11.6-8.7 11.6H46.9c-5.1 0-9.2-5.3-8.7-11.6.3-4 1-8 2-12 1-4.2 1.8-8.5 2.9-12.6-1.8 1-3.9 1.5-6.3 1.6a71 71 0 01-11.1-.7 7.7 7.7 0 01-6.5-5.5c-1-2.7-1.6-5.6-2.6-8.3-.4-1.2-1.3-2.3-2-3.4-.2-.4-.6-1-.6-1.4v-6.3c6.4-2 13-2.6 19.6-2.5 4.9.1 9.6 1 14.2 2.6 3.9 1.4 7.9 1.5 11.7 0 1.8-.7 3.6-1.2 5.5-1.6a13 13 0 01-1.6-15.5A18.3 18.3 0 0159 73.1a11.5 11.5 0 00-17.4 8.1 7.2 7.2 0 00-12.9 3.3c-2.7-9-2.8-17-3.6-27.5-.2-3.4-4-6.5-8-1.4C7.5 67.8 7.9 86.9 10.6 91c1.1 1.7 2.8 3.1 4.7 4a7.2 7.2 0 00-5.6 11.7 11.5 11.5 0 00-2.9 21.9 7.2 7.2 0 004.5 13.2h.3c0 .6 0 1.1.2 1.7.9 5.4 5.6 9.5 11.3 9.5A1177.2 1177.2 0 0010 253.2c18.1-1.5 38.1-2.6 59.5-3.4.4-4.6.8-9.3 1.4-14 1.2-11.6 3.3-30.5 5.7-49.7 2.2-18 4.7-36.3 7-49.5" />
-            </g>
-            <g clip-path="url(#b)">
-              <path
-                d="M254.4 118.2c0-5.8-4.2-10.5-9.7-11.4a7.2 7.2 0 00-5.6-11.7c2-.9 3.6-2.3 4.7-4 2.7-4.2 3.1-23.3-6.5-35.5-4-5.1-7.8-2-8 1.4-.8 10.5-.9 18.5-3.6 27.5a7.2 7.2 0 00-12.8-3.3 11.5 11.5 0 00-17.8-7.9 18.4 18.4 0 01-4.5 22 13 13 0 01-1.3 15.2c2.4.5 4.8 1 7.1 2 3.8 1.3 7.8 1.4 11.6 0 7.2-2.8 14.6-3 22-2.4 4 .4 7.9 1.2 12 1.9l-.1 6.6c0 .5-.2 1.2-.5 1.3-1.7.7-1.8 2.2-2.2 3.7l-2.3 7.6a8.8 8.8 0 01-7 6.1c-5 1-10 1-14.9-.2-1.5-.3-2.8-1-3.9-1.9 1.2 4.5 2 9.1 3.2 13.7 1 4 1.6 8 2 12 .4 6.3-3.6 11.6-8.8 11.6h-12c-5.2 0-9.3-5.3-8.8-11.6.4-4 1-8 2-12 1-4.2 1.9-8.5 3-12.6-1.8 1-4 1.5-6.3 1.6-3.7 0-7.5-.3-11.2-.7a7.7 7.7 0 01-3.7-1.5c3.1 18.4 7.1 51.2 12.5 100.9l.6 5.3.8 7.9c21.4.7 41.5 1.9 59.7 3.4L243 243l-4.4-41.2a606 606 0 00-7-48.7 11.5 11.5 0 0011.2-11.2h.4a7.2 7.2 0 004.4-13.2c4-1.8 6.8-5.8 6.8-10.5" />
-            </g>
-            <path
-              d="M180 249.6h.4a6946 6946 0 00-7.1-63.9l5.4 51.3 1.4 12.6M164.4 125c2.5 10.7 5.7 33.9 8.9 60.7a570.9 570.9 0 00-8.9-60.7M74.8 236.3l-1.4 13.4 1.4-13.4" />
-          </svg>
-          <span>CrowdSec</span>
-        </a>
-      </div>
-    </div>
-  </div>
-  <script>
-    function captchaCallback() {
-      setTimeout(() => document.querySelector('#captcha-form').submit(), 500);
-    }
-  </script>
-</body>
-</html>
\ No newline at end of file
diff --git a/install/crowdsec/install.go b/install/crowdsec.go
similarity index 55%
rename from install/crowdsec/install.go
rename to install/crowdsec.go
index 84f3089b..187fea88 100644
--- a/install/crowdsec/install.go
+++ b/install/crowdsec.go
@@ -1,31 +1,21 @@
-package crowdsec
+package main
 
 import (
 	"bytes"
 	"embed"
-	"encoding/json"
 	"fmt"
+	"html/template"
 	"io"
+	"io/fs"
 	"os"
 	"os/exec"
+	"path/filepath"
 	"strings"
 	"time"
 )
 
-//go:embed fs/*
-var configFiles embed.FS
-
-// Config holds all configuration values
-type Config struct {
-	DomainName         string
-	EnrollmentKey      string
-	TurnstileSiteKey   string
-	TurnstileSecretKey string
-	GID                string
-	CrowdsecIP         string
-	TraefikBouncerKey  string
-	PangolinIP         string
-}
+//go:embed crowdsec/*
+var configCrowdsecFiles embed.FS
 
 // DockerContainer represents a Docker container
 type DockerContainer struct {
@@ -36,14 +26,7 @@ type DockerContainer struct {
 	} `json:"NetworkSettings"`
 }
 
-func main() {
-	if err := run(); err != nil {
-		fmt.Fprintf(os.Stderr, "Error: %v\n", err)
-		os.Exit(1)
-	}
-}
-
-func run() error {
+func installCrowdsec() error {
 	// Create configuration
 	config := &Config{}
 
@@ -52,30 +35,21 @@ func run() error {
 		return fmt.Errorf("backup failed: %v", err)
 	}
 
-	if err := createPangolinNetwork(); err != nil {
-		return fmt.Errorf("network creation failed: %v", err)
-	}
-
 	if err := modifyDockerCompose(); err != nil {
 		return fmt.Errorf("docker-compose modification failed: %v", err)
 	}
 
-	if err := createConfigFiles(*config); err != nil {
+	if err := createCrowdsecFiles(*config); err != nil {
 		return fmt.Errorf("config file creation failed: %v", err)
 	}
 
-	if err := retrieveIPs(config); err != nil {
-		return fmt.Errorf("IP retrieval failed: %v", err)
-	}
+	moveFile("config/crowdsec/traefik_config.yaml", "config/traefik/traefik_config.yaml")
+	moveFile("config/crowdsec/dynamic.yaml", "config/traefik/dynamic.yaml")
 
 	if err := retrieveBouncerKey(config); err != nil {
 		return fmt.Errorf("bouncer key retrieval failed: %v", err)
 	}
 
-	if err := replacePlaceholders(config); err != nil {
-		return fmt.Errorf("placeholder replacement failed: %v", err)
-	}
-
 	if err := deployStack(); err != nil {
 		return fmt.Errorf("deployment failed: %v", err)
 	}
@@ -84,7 +58,6 @@ func run() error {
 		return fmt.Errorf("verification failed: %v", err)
 	}
 
-	printInstructions()
 	return nil
 }
 
@@ -107,23 +80,6 @@ func backupConfig() error {
 	return nil
 }
 
-func createPangolinNetwork() error {
-	// Check if network exists
-	cmd := exec.Command("docker", "network", "inspect", "pangolin")
-	if err := cmd.Run(); err == nil {
-		fmt.Println("pangolin network already exists")
-		return nil
-	}
-
-	// Create network
-	cmd = exec.Command("docker", "network", "create", "pangolin")
-	if err := cmd.Run(); err != nil {
-		return fmt.Errorf("failed to create pangolin network: %v", err)
-	}
-
-	return nil
-}
-
 func modifyDockerCompose() error {
 	// Read existing docker-compose.yml
 	content, err := os.ReadFile("docker-compose.yml")
@@ -150,34 +106,6 @@ func modifyDockerCompose() error {
 	return nil
 }
 
-func retrieveIPs(config *Config) error {
-	// Start required containers
-	cmd := exec.Command("docker", "compose", "up", "-d", "pangolin", "crowdsec")
-	if err := cmd.Run(); err != nil {
-		return fmt.Errorf("failed to start containers: %v", err)
-	}
-	defer exec.Command("docker", "compose", "down").Run()
-
-	// Wait for containers to start
-	time.Sleep(10 * time.Second)
-
-	// Get Pangolin IP
-	pangolinIP, err := getContainerIP("pangolin")
-	if err != nil {
-		return fmt.Errorf("failed to get pangolin IP: %v", err)
-	}
-	config.PangolinIP = pangolinIP
-
-	// Get CrowdSec IP
-	crowdsecIP, err := getContainerIP("crowdsec")
-	if err != nil {
-		return fmt.Errorf("failed to get crowdsec IP: %v", err)
-	}
-	config.CrowdsecIP = crowdsecIP
-
-	return nil
-}
-
 func retrieveBouncerKey(config *Config) error {
 	// Start crowdsec container
 	cmd := exec.Command("docker", "compose", "up", "-d", "crowdsec")
@@ -207,32 +135,6 @@ func retrieveBouncerKey(config *Config) error {
 	return nil
 }
 
-func replacePlaceholders(config *Config) error {
-	// Get user input
-	fmt.Print("Enter your Domain Name (e.g., pangolin.example.com): ")
-	fmt.Scanln(&config.DomainName)
-
-	fmt.Print("Enter your CrowdSec Enrollment Key: ")
-	fmt.Scanln(&config.EnrollmentKey)
-
-	fmt.Print("Enter your Cloudflare Turnstile Site Key: ")
-	fmt.Scanln(&config.TurnstileSiteKey)
-
-	fmt.Print("Enter your Cloudflare Turnstile Secret Key: ")
-	fmt.Scanln(&config.TurnstileSecretKey)
-
-	fmt.Print("Enter your GID (or leave empty for default 1000): ")
-	gid := ""
-	fmt.Scanln(&gid)
-	if gid == "" {
-		config.GID = "1000"
-	} else {
-		config.GID = gid
-	}
-
-	return nil
-}
-
 func deployStack() error {
 	cmd := exec.Command("docker", "compose", "up", "-d")
 	if err := cmd.Run(); err != nil {
@@ -257,43 +159,6 @@ func verifyDeployment() error {
 	return nil
 }
 
-func printInstructions() {
-	fmt.Println(`
---- Testing Instructions ---
-1. Test Captcha Implementation:
-   docker exec crowdsec cscli decisions add --ip YOUR_IP --type captcha -d 1h
-   (Replace YOUR_IP with your actual IP address)
-
-2. Verify decisions:
-   docker exec -it crowdsec cscli decisions list
-
-3. Test security by accessing DOMAIN_NAME/.env (should return 403)
-   (Replace DOMAIN_NAME with the domain you entered)
-
---- Troubleshooting ---
-1. If encountering 403 errors:
-   - Check Traefik logs: docker compose logs traefik -f
-   - Verify CrowdSec logs: docker compose logs crowdsec
-
-2. For plugin errors:
-   - Verify http notifications are commented out in profiles.yaml
-   - Restart services: docker compose restart traefik crowdsec
-
-3. For Captcha issues:
-   - Ensure Turnstile is configured in non-interactive mode
-   - Verify captcha.html configuration
-   - Check container network connectivity
-
-Useful Commands:
-- View Traefik logs: docker compose logs traefik -f
-- View CrowdSec logs: docker compose logs crowdsec
-- List decisions: docker exec -it crowdsec cscli decisions list
-- Check metrics: curl http://localhost:6060/metrics | grep appsec
-`)
-}
-
-// Helper functions
-
 func copyFile(src, dst string) error {
 	source, err := os.Open(src)
 	if err != nil {
@@ -311,26 +176,12 @@ func copyFile(src, dst string) error {
 	return err
 }
 
-func getContainerIP(containerName string) (string, error) {
-	output, err := exec.Command("docker", "inspect", containerName).Output()
-	if err != nil {
-		return "", err
+func moveFile(src, dst string) error {
+	if err := copyFile(src, dst); err != nil {
+		return err
 	}
 
-	var containers []DockerContainer
-	if err := json.Unmarshal(output, &containers); err != nil {
-		return "", err
-	}
-
-	if len(containers) == 0 {
-		return "", fmt.Errorf("no container found")
-	}
-
-	for _, network := range containers[0].NetworkSettings.Networks {
-		return network.IPAddress, nil
-	}
-
-	return "", fmt.Errorf("no IP address found")
+	return os.Remove(src)
 }
 
 func addCrowdsecService(content string) string {
@@ -346,11 +197,8 @@ func addCrowdsecService(content string) string {
       COLLECTIONS: crowdsecurity/traefik crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-generic-rules
       ENROLL_INSTANCE_NAME: "pangolin-crowdsec"
       PARSERS: crowdsecurity/whitelists
-      ENROLL_KEY: ${ENROLLMENT_KEY}
       ACQUIRE_FILES: "/var/log/traefik/*.log"
       ENROLL_TAGS: docker
-    networks:
-      - pangolin
     healthcheck:
       test: ["CMD", "cscli", "capi", "status"]
     depends_on:
@@ -374,3 +222,94 @@ func addCrowdsecService(content string) string {
     restart: unless-stopped
     command: -t`
 }
+
+func createCrowdsecFiles(config Config) error {
+	// Walk through all embedded files
+	err := fs.WalkDir(configCrowdsecFiles, "crowdsec", func(path string, d fs.DirEntry, err error) error {
+		if err != nil {
+			return err
+		}
+
+		// Skip the root fs directory itself
+		if path == "fs" {
+			return nil
+		}
+
+		// Get the relative path by removing the "fs/" prefix
+		relPath := strings.TrimPrefix(path, "fs/")
+
+		// skip .DS_Store
+		if strings.Contains(relPath, ".DS_Store") {
+			return nil
+		}
+
+		// Create the full output path under "config/"
+		outPath := filepath.Join("config", relPath)
+
+		if d.IsDir() {
+			// Create directory
+			if err := os.MkdirAll(outPath, 0755); err != nil {
+				return fmt.Errorf("failed to create directory %s: %v", outPath, err)
+			}
+			return nil
+		}
+
+		// Read the template file
+		content, err := configFiles.ReadFile(path)
+		if err != nil {
+			return fmt.Errorf("failed to read %s: %v", path, err)
+		}
+
+		// Parse template
+		tmpl, err := template.New(d.Name()).Parse(string(content))
+		if err != nil {
+			return fmt.Errorf("failed to parse template %s: %v", path, err)
+		}
+
+		// Ensure parent directory exists
+		if err := os.MkdirAll(filepath.Dir(outPath), 0755); err != nil {
+			return fmt.Errorf("failed to create parent directory for %s: %v", outPath, err)
+		}
+
+		// Create output file
+		outFile, err := os.Create(outPath)
+		if err != nil {
+			return fmt.Errorf("failed to create %s: %v", outPath, err)
+		}
+		defer outFile.Close()
+
+		// Execute template
+		if err := tmpl.Execute(outFile, config); err != nil {
+			return fmt.Errorf("failed to execute template %s: %v", path, err)
+		}
+
+		return nil
+	})
+
+	if err != nil {
+		return fmt.Errorf("error walking config files: %v", err)
+	}
+
+	// get the current directory
+	dir, err := os.Getwd()
+	if err != nil {
+		return fmt.Errorf("failed to get current directory: %v", err)
+	}
+
+	sourcePath := filepath.Join(dir, "config/docker-compose.yml")
+	destPath := filepath.Join(dir, "docker-compose.yml")
+
+	// Check if source file exists
+	if _, err := os.Stat(sourcePath); err != nil {
+		return fmt.Errorf("source docker-compose.yml not found: %v", err)
+	}
+
+	// Try to move the file
+	err = os.Rename(sourcePath, destPath)
+	if err != nil {
+		return fmt.Errorf("failed to move docker-compose.yml from %s to %s: %v",
+			sourcePath, destPath, err)
+	}
+
+	return nil
+}
diff --git a/install/fs/crowdsec/acquis.yaml b/install/crowdsec/acquis.yaml
similarity index 100%
rename from install/fs/crowdsec/acquis.yaml
rename to install/crowdsec/acquis.yaml
diff --git a/install/fs/crowdsec/config.yaml b/install/crowdsec/config.yaml
similarity index 100%
rename from install/fs/crowdsec/config.yaml
rename to install/crowdsec/config.yaml
diff --git a/install/crowdsec/dynamic_config.yml b/install/crowdsec/dynamic_config.yml
new file mode 100644
index 00000000..9175b143
--- /dev/null
+++ b/install/crowdsec/dynamic_config.yml
@@ -0,0 +1,108 @@
+http:
+  middlewares:
+    redirect-to-https:
+      redirectScheme:
+        scheme: https
+    default-whitelist: # Whitelist middleware for internal IPs
+      ipWhiteList:  # Internal IP addresses
+        sourceRange:  # Internal IP addresses
+        - "10.0.0.0/8"  # Internal IP addresses
+        - "192.168.0.0/16" # Internal IP addresses
+        - "172.16.0.0/12" # Internal IP addresses
+    # Basic security headers
+    security-headers:
+      headers:
+        customResponseHeaders:  # Custom response headers
+          Server: "" # Remove server header
+          X-Powered-By: "" # Remove powered by header
+          X-Forwarded-Proto: "https"  # Set forwarded proto to https
+        sslProxyHeaders: # SSL proxy headers
+          X-Forwarded-Proto: "https" # Set forwarded proto to https
+        hostsProxyHeaders: # Hosts proxy headers
+          - "X-Forwarded-Host" # Set forwarded host
+        contentTypeNosniff: true # Prevent MIME sniffing
+        customFrameOptionsValue: "SAMEORIGIN" # Set frame options
+        referrerPolicy: "strict-origin-when-cross-origin" # Set referrer policy
+        forceSTSHeader: true # Force STS header
+        stsIncludeSubdomains: true # Include subdomains
+        stsSeconds: 63072000 # STS seconds
+        stsPreload: true # Preload STS
+    # CrowdSec configuration with proper IP forwarding
+    crowdsec:
+      plugin:
+        crowdsec:
+          enabled: true # Enable CrowdSec plugin
+          logLevel: INFO # Log level
+          updateIntervalSeconds: 15 # Update interval
+          updateMaxFailure: 0 # Update max failure
+          defaultDecisionSeconds: 15 # Default decision seconds
+          httpTimeoutSeconds: 10 # HTTP timeout
+          crowdsecMode: live # CrowdSec mode
+          crowdsecAppsecEnabled: true # Enable AppSec
+          crowdsecAppsecHost: crowdsec:7422 # CrowdSec IP address which you noted down later
+          crowdsecAppsecFailureBlock: true # Block on failure
+          crowdsecAppsecUnreachableBlock: true # Block on unreachable
+          crowdsecLapiKey: "{{.TraefikBouncerKey}}" # CrowdSec API key which you noted down later
+          crowdsecLapiHost: crowdsec:9090 # CrowdSec  
+          crowdsecLapiScheme: http # CrowdSec API scheme
+          forwardedHeadersTrustedIPs: # Forwarded headers trusted IPs
+            - "0.0.0.0/0" # All IP addresses are trusted for forwarded headers (CHANGE MADE HERE)
+          clientTrustedIPs: # Client trusted IPs (CHANGE MADE HERE)
+            - "10.0.0.0/8" # Internal LAN IP addresses
+            - "172.16.0.0/12" # Internal LAN IP addresses
+            - "192.168.0.0/16" # Internal LAN IP addresses
+            - "100.89.137.0/20" # Internal LAN IP addresses
+
+  routers:
+    # HTTP to HTTPS redirect router
+    main-app-router-redirect:
+      rule: "Host(`{{.DomainName}}`)" # Dynamic Domain Name
+      service: next-service
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+
+    # Next.js router (handles everything except API and WebSocket paths)
+    next-router:
+      rule: "Host(`{{.DomainName}}`) && !PathPrefix(`/api/v1`)" # Dynamic Domain Name
+      service: next-service
+      entryPoints:
+        - websecure
+      middlewares:
+        - security-headers # Add security headers middleware
+      tls:
+        certResolver: letsencrypt
+
+    # API router (handles /api/v1 paths)
+    api-router:
+      rule: "Host(`{{.DomainName}}`) && PathPrefix(`/api/v1`)" # Dynamic Domain Name
+      service: api-service
+      entryPoints:
+        - websecure
+      middlewares:
+        - security-headers # Add security headers middleware
+      tls:
+        certResolver: letsencrypt
+
+    # WebSocket router
+    ws-router:
+      rule: "Host(`{{.DomainName}}`)" # Dynamic Domain Name
+      service: api-service
+      entryPoints:
+        - websecure
+      middlewares:
+        - security-headers # Add security headers middleware
+      tls:
+        certResolver: letsencrypt
+
+  services:
+    next-service:
+      loadBalancer:
+        servers:
+          - url: "http://pangolin:3002"  # Next.js server
+
+    api-service:
+      loadBalancer:
+        servers:
+          - url: "http://pangolin:3000"  # API/WebSocket server
\ No newline at end of file
diff --git a/install/fs/crowdsec/local_api_credentials.yaml b/install/crowdsec/local_api_credentials.yaml
similarity index 100%
rename from install/fs/crowdsec/local_api_credentials.yaml
rename to install/crowdsec/local_api_credentials.yaml
diff --git a/install/fs/crowdsec/profiles.yaml b/install/crowdsec/profiles.yaml
similarity index 100%
rename from install/fs/crowdsec/profiles.yaml
rename to install/crowdsec/profiles.yaml
diff --git a/install/crowdsec/traefik_config.yml b/install/crowdsec/traefik_config.yml
new file mode 100644
index 00000000..2ac9125c
--- /dev/null
+++ b/install/crowdsec/traefik_config.yml
@@ -0,0 +1,87 @@
+api:
+  insecure: true
+  dashboard: true
+
+providers:
+  http:
+    endpoint: "http://pangolin:3001/api/v1/traefik-config"
+    pollInterval: "5s"
+  file:
+    filename: "/etc/traefik/dynamic_config.yml"
+
+experimental:
+  plugins:
+    badger:
+      moduleName: "github.com/fosrl/badger"
+      version: "{{.BadgerVersion}}"
+    crowdsec: # CrowdSec plugin configuration added
+      moduleName: "github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
+      version: "v1.3.5"
+
+log:
+  level: "INFO"
+  format: "json" # Log format changed to json for better parsing
+
+accessLog: # We enable access logs as json
+  filePath: "/var/log/traefik/access.log"
+  format: json
+  filters:
+    statusCodes:
+      - "200-299"  # Success codes
+      - "400-499"  # Client errors
+      - "500-599"  # Server errors
+    retryAttempts: true
+    minDuration: "100ms"  # Increased to focus on slower requests
+  bufferingSize: 100      # Add buffering for better performance
+  fields:
+    defaultMode: drop     # Start with dropping all fields
+    names:
+      ClientAddr: keep # Keep client address for IP tracking
+      ClientHost: keep  # Keep client host for IP tracking
+      RequestMethod: keep # Keep request method for tracking
+      RequestPath: keep # Keep request path for tracking
+      RequestProtocol: keep # Keep request protocol for tracking
+      DownstreamStatus: keep # Keep downstream status for tracking
+      DownstreamContentSize: keep # Keep downstream content size for tracking
+      Duration: keep # Keep request duration for tracking
+      ServiceName: keep # Keep service name for tracking
+      StartUTC: keep # Keep start time for tracking
+      TLSVersion: keep # Keep TLS version for tracking
+      TLSCipher: keep # Keep TLS cipher for tracking
+      RetryAttempts: keep # Keep retry attempts for tracking
+    headers:
+      defaultMode: drop # Start with dropping all headers
+      names:
+        User-Agent: keep # Keep user agent for tracking
+        X-Real-Ip: keep # Keep real IP for tracking
+        X-Forwarded-For: keep # Keep forwarded IP for tracking
+        X-Forwarded-Proto: keep # Keep forwarded protocol for tracking
+        Content-Type: keep # Keep content type for tracking
+        Authorization: redact  # Redact sensitive information
+        Cookie: redact        # Redact sensitive information
+
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      httpChallenge:
+        entryPoint: web
+      email: "{{.LetsEncryptEmail}}"
+      storage: "/letsencrypt/acme.json"
+      caServer: "https://acme-v02.api.letsencrypt.org/directory"
+
+entryPoints:
+  web:
+    address: ":80"
+  websecure:
+    address: ":443"
+    transport:
+      respondingTimeouts:
+        readTimeout: "30m"
+    http:
+      tls:
+        certResolver: "letsencrypt"
+      middlewares: # CHANGE MADE HERE (BOUNCER ENABLED) !!!
+        - crowdsec@file
+
+serversTransport:
+  insecureSkipVerify: true
\ No newline at end of file
diff --git a/install/main.go b/install/main.go
index 4f2deb3a..d5bf5e1e 100644
--- a/install/main.go
+++ b/install/main.go
@@ -45,6 +45,7 @@ type Config struct {
 	EmailSMTPPass              string
 	EmailNoReply               string
 	InstallGerbil              bool
+	TraefikBouncerKey		  string
 }
 
 func main() {