From 6c7bb2b2a9d6d8f3804a1d35f9e3d39f0100720b Mon Sep 17 00:00:00 2001
From: Eric Torres <eric.torres@its-et.me>
Date: Mon, 10 Nov 2025 15:37:09 -0800
Subject: [PATCH] hosts/gms-01: enable crowdsec-firewall-bouncer

---
 hosts/gms-01/default.nix | 6 ++++++
 secrets/gms-01.yml       | 8 +++++---
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/hosts/gms-01/default.nix b/hosts/gms-01/default.nix
index 1324700..5438af2 100644
--- a/hosts/gms-01/default.nix
+++ b/hosts/gms-01/default.nix
@@ -58,6 +58,7 @@ in
   sops.secrets = {
     "borgmatic_pass/local" = { };
     "borgmatic_pass/remote" = { };
+    "crowdsec/fwBouncerLapiKey" = { };
     "RCON_PASS" = {
       sopsFile = ../../secrets/gms-01_rcon.env;
       format = "binary";
@@ -66,6 +67,11 @@ in
     };
   };
 
+  crowdsec-firewall-bouncer = {
+    enable = true;
+    apiKeyFile = config.sops.secrets."crowdsec/fwBouncerLapiKey".path;
+  };
+
   services.minecraft-servers = {
     enable = true;
     eula = true;
diff --git a/secrets/gms-01.yml b/secrets/gms-01.yml
index 09d0309..0149cda 100644
--- a/secrets/gms-01.yml
+++ b/secrets/gms-01.yml
@@ -1,6 +1,8 @@
 borgmatic_pass:
     local: ENC[AES256_GCM,data:5LiWm58yflouxj78AGLfznlpLiI=,iv:XXnZehazpPQ4brD/c8/zpaWdsoyhJ+w8lsaomsUqEw0=,tag:S0GkYHYa1peDIcMcTEYijQ==,type:str]
     remote: ENC[AES256_GCM,data:X+vczjxB3RbDTZSQOtFMUa6o36E=,iv:x85uM6CQeIJSxDySy/msTWcf0UEVr73fICRdzgfYRRc=,tag:SdkTBCUawA+TV1DFiUrBXg==,type:str]
+crowdsec:
+    fwBouncerLapiKey: ENC[AES256_GCM,data:LEcwHD/LSImR0cawY5y1AkLggKGu/z0tzt1+/bVNIMLvnL/Wv+4I47WgWA==,iv:Chh1vVJp/RR78f92ikTXyalZJj2zKhH6FfaTJETmxB8=,tag:W/S+3jJba1Ek0D7d7K+3Dg==,type:str]
 minecraft:
     rcon_pass: ENC[AES256_GCM,data:Vtl4LU/Eqmxlga5+UgP7W2TJC3M=,iv:nzoYjAHjSxrySNgV2ChECKjBZZsrkorFj+2/PiZFekk=,tag:6p8MYfzJcQCV6F1YiQ7e/A==,type:str]
 sops:
@@ -32,7 +34,7 @@ sops:
             Vkd2OHViTTJGKy93VlNwd0dRRzczaU0Kj1JdzBe55rgS1sMIzoWZF+pIbKy+Io0z
             ejVdBnie4SOz0qtPwf/Jf7TeCzO4J4yIYfFR6e7wV/2fjz3PlrfNdA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-08-24T06:07:56Z"
-    mac: ENC[AES256_GCM,data:bh2xJBMCCr0FKgg3B9BKys7tN3F77B9G4dYHUqk05Jc1kfrlQuZevchFFgOW3hmjJwDSC+HC4dmOxkvkoJ9gKjG6Y66qVuM7pR2F9H/BXJepmAvY1BMo8ZUXTFOt+pRDx6v1cqZmrbyA/vxOpfnmRSeTCLPTHhA/qwHDWBOaIEA=,iv:9V4g2faA8++wUTNySsed0tcV4BA/7l3tWgQeo5gjdDs=,tag:F3Zeb71Xs5XLuOicoTqdlA==,type:str]
+    lastmodified: "2025-11-10T23:36:55Z"
+    mac: ENC[AES256_GCM,data:pVTtbtLt95TJ4fWQIjuqtf8lQnBznKH978X7V/u5DPK39zy2FaQOXrZ+TC6DP7IIwS547worj1KoS404zM9ygEJ31RWnngpcKMRLGzYCk0dAPtD763szS48gpFs1C/9R8f1a6o4M2Vz1fohx9FGMeQ1YzkctvXjiAV03z8qFDf0=,iv:Uktt3or+knsWi+pQaOl4eEieovGTmBUzCtBPLGDZ9R8=,tag:1ngkyvc99F/WUQfvxlkwNw==,type:str]
     unencrypted_suffix: _unencrypted
-    version: 3.10.2
+    version: 3.11.0