hosts: enable crowdsec-firewall-bouncer for hel-01 and nbg-01
This commit is contained in:
@@ -30,16 +30,23 @@
|
||||
spice.enable = true;
|
||||
|
||||
sops.secrets = {
|
||||
#"crowdsec/lapiKey" = {
|
||||
# owner = "traefik";
|
||||
# mode = "0400";
|
||||
#};
|
||||
"crowdsec/fwBouncerLapiKey" = { };
|
||||
"crowdsec/wafLapiKey" = {
|
||||
owner = "traefik";
|
||||
mode = "0400";
|
||||
};
|
||||
"borgmatic_pass/local" = { };
|
||||
"borgmatic_pass/remote" = { };
|
||||
};
|
||||
|
||||
crowdsec-firewall-bouncer = {
|
||||
enable = true;
|
||||
apiKeyFile = config.sops.secrets."crowdsec/fwBouncerLapiKey".path;
|
||||
};
|
||||
|
||||
crowdsec-traefik-bouncer = {
|
||||
enable = true;
|
||||
lapiKeyFile = config.sops.secrets."crowdsec/wafLapiKey".path;
|
||||
};
|
||||
|
||||
#borg-config = {
|
||||
|
||||
@@ -30,7 +30,8 @@
|
||||
spice.enable = true;
|
||||
|
||||
sops.secrets = {
|
||||
"crowdsec/lapiKey" = {
|
||||
"crowdsec/fwBouncerLapiKey" = { };
|
||||
"crowdsec/wafLapiKey" = {
|
||||
owner = "traefik";
|
||||
mode = "0400";
|
||||
};
|
||||
@@ -40,11 +41,12 @@
|
||||
|
||||
crowdsec-firewall-bouncer = {
|
||||
enable = true;
|
||||
apiKeyFile = config.sops.secrets."crowdsec/fwBouncerLapiKey".path;
|
||||
};
|
||||
|
||||
crowdsec-traefik-bouncer = {
|
||||
enable = true;
|
||||
lapiKeyFile = config.sops.secrets."crowdsec/lapiKey".path;
|
||||
lapiKeyFile = config.sops.secrets."crowdsec/wafLapiKey".path;
|
||||
};
|
||||
|
||||
traefik = {
|
||||
|
||||
@@ -2,7 +2,8 @@ borgmatic_pass:
|
||||
local: ENC[AES256_GCM,data:o7nCLKlA5auaLuJ3NnOABM6VXps=,iv:q/mluFtXtQcaGGzRK02HLIne5WyuKEUxOufVQ+bENs8=,tag:oeZfqMlGRaKbXujDhymsxA==,type:str]
|
||||
remote: ENC[AES256_GCM,data:pCegNxQk4L1fGO9dWoZgQFR3Lu8=,iv:gklAf5QmNLKA6wZvzBmoqhpcUUA8UQPRgoDNfJ3wAE4=,tag:zgoCbyQ/Ogzh1KI+hWxf1A==,type:str]
|
||||
crowdsec:
|
||||
lapiKey: ENC[AES256_GCM,data:YO7AX28ZSidNPmnRjxdHmnLtTgzTEbrw42cyHAk+1hjX0KswKOwdTlaRHQ==,iv:FUeie4P/ddsMeblSIPJm6dlZDui5bdu7+gHrc+80vRA=,tag:SzFOhlTDASg5zTtvCTVEVw==,type:str]
|
||||
fwBouncerLapiKey: ENC[AES256_GCM,data:xGryk4D2FA3RHeiGeD1mFfcy8Nl5lm9sdL2ClA27Znv/Wim0VB/HaVnmqA==,iv:wpa4mID2lwZUTikji6OayqTJx8/v7zM/NEkmLkkhk3M=,tag:tCHWsLNC9DZk21j9NmHxYQ==,type:str]
|
||||
wafLapiKey: ENC[AES256_GCM,data:TxzzvbyvOqix0g2uN7PpgbbPM4VaRmXV4I5DtaJWuDGlccU0oxAspQkGAA==,iv:EXiK/rSiyaCeV0gka1qlvcjfmUNJFzhKHl6L6X9Mnq4=,tag:EEjcKdFos7GMGUWY785k0g==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1jmsrfddctahhznfv7jv77tgw5crmhjhe0e0kzc967hvax4sulv3s6hp2su
|
||||
@@ -32,7 +33,7 @@ sops:
|
||||
Yit0WlZjODBSd0ZTMU01N1FDNnZ5ZEEKa6gtn0XlGSzPaliO5ndYSturZcudgTY4
|
||||
1Gg6Tg67V/A7YsNva4tT5HLH2HZpREI7K8RsvZxCkP6369nKlk0cuQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-10-19T18:36:33Z"
|
||||
mac: ENC[AES256_GCM,data:K2ZG4+nMG3EoQ9GVgjn3q8i5St7DC/nBqK1dHiRMZys71sc03OstC+NssGIhtUlR+NWGiJ1/jcL/lAzCMdGkWpCIw5cs+WLJcfrcF8ATc7/siZeSzvy2Eep1LzmY5jA4Ywebt5cFFVhz7mpQN5oGtp/2w/VBxWxgdQfF4HzGqSA=,iv:htwgLG7rgyxycPVZUvisclYBCgT/bVnthdJFZEQoTZ8=,tag:zwynws26QE0PvI8OoNRlPQ==,type:str]
|
||||
lastmodified: "2025-11-10T02:52:44Z"
|
||||
mac: ENC[AES256_GCM,data:kiXlMfI/60bp7GXvXNUXT5o1s10IA0dBOAdoMjZRrQVaJHW1Sr+In2iQSfEPAGKY91M4SEmdF1LAIcxoEVF5w8A7VAPRDmXFN/v12meQoXh1hW3kJCS37qHhXQGlrEa80L/36HUzsyRCP0et87nLXOb5EMhB6sagdkSdkKWu7YQ=,iv:1LCL/t88Gz7WFUjPvu2/OMuAFS4OPQW28EJCU0a7R34=,tag:DCwxqIQp0RAng8G3Qj/WIw==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.11.0
|
||||
|
||||
@@ -2,7 +2,8 @@ borgmatic_pass:
|
||||
local: ENC[AES256_GCM,data:le4xxqwqGtG6v+5oGSYIwlLtKPs=,iv:WnZJFYsrEDKlidBu0BQJEL7B0zANbViANQFFZVsiugE=,tag:LQzVP3nf3voOl4uNCFEN7g==,type:str]
|
||||
remote: ENC[AES256_GCM,data:q1bIUbGanlWOCE/eKwfEMe1Erfo=,iv:DkHhHVA+C/0SgslkVJ55UMUyZGp5XK7B0FuYb0/nPYY=,tag:ffF2IkELD7hE6OklvBCZDQ==,type:str]
|
||||
crowdsec:
|
||||
lapiKey: ENC[AES256_GCM,data:QqlZoBCZV8XxboAotAox0pPcmEOe5/XqvhlrWpjxOUXm+VK2Zc6hciYgPQ==,iv:bZHqQ1carLwbB0hddXKIFpV83aUeRtXFm9uzIHLAuO0=,tag:ZSraTdCVxGfY81OmCp9s6A==,type:str]
|
||||
fwBouncerLapiKey: ENC[AES256_GCM,data:qF072YBbg8g7bYFjgWHCD/dJj83WoZFN5ipROkH+eCm2672k6XSfr1o0CA==,iv:r+8XSlIzEQDYovnThelVH6HOP4ap7fYcjRtg6i62+TM=,tag:fWEDUsaWvbyjdUMFElOgVA==,type:str]
|
||||
wafLapiKey: ENC[AES256_GCM,data:pSxuMtv3dEjIAiuUdx8AQTvXTRUaXcE6zZ7CGb3H3eXw4KEPXrE+KY94KQ==,iv:OxG0wquqdOM7G4OeQ0+v1O2zvCfhJglUKm8spfgw7W8=,tag:NcfMusuFPmpySx+4MhApTA==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1jmsrfddctahhznfv7jv77tgw5crmhjhe0e0kzc967hvax4sulv3s6hp2su
|
||||
@@ -32,7 +33,7 @@ sops:
|
||||
S2tncC9CWThabmRNeWRJMEh4WnFLUzgKS98avLf0Pc35T65HblffVIkByMq+VpCm
|
||||
usWHmflXCahRZWeZQMPmiiHlVruDYQcOdXrl79RQeLqpaPX32wdtjQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-10-19T18:25:00Z"
|
||||
mac: ENC[AES256_GCM,data:rUWT8o/p5FBxFAcoHKvOnUfQMeFxSHUuaqneobl7vPezGzqJgASqYuPzivqGOJftJXva9kKMg2YbD7ehbFvPD/VLegN87U1+yiB1I68mpJ3XL7SIMh2BpHhqKR1BhxaEP/wo+6lT9+fB3or8c6ka3gr7yfxpf9o28VMRX3YJDD4=,iv:Po+nB4bndRbHv/nHbjU9z/cA8nW8o1kyVXwyABdVjJU=,tag:4CiqD4BeFHj0WtwToA+1vA==,type:str]
|
||||
lastmodified: "2025-11-10T02:50:27Z"
|
||||
mac: ENC[AES256_GCM,data:TCq0ZZXHGmk2r6D2rKRd/Q6SAX8fGrZMm0AIZbEMwQdPx/nd/9UkUhQLALG66weTc+tP/Gf9EhStrzne314GNkpSChL+GGxlD/fR2ebuUD0sTCTgwBpnXLkJ0PhiIp3H/yLMWp1aFfWkbhWH8wD4bHjcIvnI6y4AjFITOTs+RF8=,iv:7RwcUDy8JIXnM+8JbJle/4wZcv3Bp1QxyQH8D6CAqXM=,tag:ZSaSDyZ63ead6u5xE2eNAw==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.11.0
|
||||
|
||||
Reference in New Issue
Block a user