Merge branch 'services.crowdsec' into services

2025-10-18 22:46:00 -07:00
parent 3d0a91417b bfd5dfbd2d
commit 3199b45957
3 changed files with 32 additions and 3 deletions
--- a/services/crowdsec-firewall-bouncer.nix
+++ b/services/crowdsec-firewall-bouncer.nix
@@ -0,0 +1,30 @@
+# Module: services/crowdsec-firewall-bouncer
+# Enrolls a traefik bouncer with the crowdsec console
+{
+  config,
+  lib,
+  pkgs,
+  pkgsUnstable,
+  inputs,
+  ...
+}:
+
+with lib;
+
+let
+  cfg = config.crowdsec-firewall-bouncer;
+  lapiHost = "log-01.tail755c5.ts.net:8080";
+in
+{
+  #imports = [ "${pkgsUnstable.path}/nixos/modules/services/security/crowdsec.nix" ];
+
+  options.crowdsec-firewall-bouncer = {
+    enable = mkEnableOption "Enables traefik bouncer for a specified crowdsec instance";
+  };
+
+  config = mkIf cfg.enable {
+    environment.systemPackages = with pkgsUnstable; [
+      crowdsec-firewall-bouncer
+    ];
+  };
+}
--- a/services/crowdsec-traefik-bouncer.nix
+++ b/services/crowdsec-traefik-bouncer.nix
@@ -13,9 +13,6 @@ with lib;

 let
  cfg = config.crowdsec-traefik-bouncer;
-  crowdsecListenAddress = "0.0.0.0";
-  crowdsecPort = "8080";
-  crowdsecPrometheusPort = "6060";
  pluginVersion = "v1.4.5";
  lapiHost = "log-01.tail755c5.ts.net:8080";
  wafHost = "log-01.tail755c5.ts.net:7422";
--- a/services/services.nix
+++ b/services/services.nix
@@ -11,6 +11,7 @@
 {
  imports = [
    ./crowdsec.nix
+    ./crowdsec-firewall-bouncer.nix
    ./crowdsec-traefik-bouncer.nix
    ./docker.nix
    ./healthchecks.nix
@@ -22,6 +23,7 @@
  ];

  crowdsec.enable = lib.mkDefault false;
+  crowdsec-firewall-bouncer.enable = lib.mkDefault false;
  crowdsec-traefik-bouncer.enable = lib.mkDefault false;
  docker.enable = lib.mkDefault false;
  healthchecks.enable = lib.mkDefault false;