etorres/nixos
0
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases Wiki Activity

services/crowdsec: add rules to create credentials files

Browse Source
This commit is contained in:
Eric Torres
2025-10-18 14:39:48 -07:00
parent e52a73d1a5
commit 111506f08c
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
services/crowdsec.nix
View File

@@ -16,7 +16,6 @@ let
crowdsecListenAddress = "0.0.0.0";
crowdsecPort = "8080";
crowdsecPrometheusPort = "6060";
# This particular file must exist and owned by crowdsec:crowdsec upon first install
capiCredentialsFilePath = "/etc/crowdsec/capi_credentials.yaml";
lapiCredentialsFilePath = "/etc/crowdsec/lapi_credentials.yaml";
wafListenAddress = "0.0.0.0:7422";
@@ -45,6 +44,12 @@ in
config = mkIf cfg.enable {
environment.systemPackages = with pkgsUnstable; [ crowdsec ];
# These files must exist for crowdsec to not error out on first run
systemd.tmpfiles.rules = [
"C ${capiCredentialsFilePath} 0640 crowdsec crowdsec -"
"C ${lapiCredentialsFilePath} 0640 crowdsec crowdsec -"
];
services.crowdsec = {
enable = true;
package = pkgsUnstable.crowdsec;