etorres/nixos
0
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases Wiki Activity

hosts/lax-01: configure crowdsec-firewall-bouncer

Browse Source
This commit is contained in:
Eric Torres
2025-11-09 18:18:49 -08:00
parent 649eb8d1d9
commit 7d131891f2
2 changed files with 8 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
hosts/lax-01/default.nix
View File

@@ -44,7 +44,8 @@
"borgmatic_pass/remote" = { };
"postgres_databases/authentik" = { };
"postgres_databases/healthchecks" = { };
"crowdsec/lapiKey" = {
"crowdsec/fwLapiKey" = { };
"crowdsec/wafLapiKey" = {
owner = "traefik";
mode = "0400";
};
@@ -60,11 +61,12 @@
crowdsec-firewall-bouncer = {
enable = true;
apiKeyFile = config.sops.secrets."crowdsec/fwLapiKey".path;
};
crowdsec-traefik-bouncer = {
enable = true;
lapiKeyFile = config.sops.secrets."crowdsec/lapiKey".path;
lapiKeyFile = config.sops.secrets."crowdsec/wafLapiKey".path;
};
traefik.redirectHttps = true;

7
secrets/lax-01.yml
View File

@@ -5,7 +5,8 @@ postgres_databases:
authentik: ENC[AES256_GCM,data:Gk1tVHrqrm6HEjukd0v6iw==,iv:KsxrdSeRT+ZX82K0UoKe54QDV0ttJhPWQpwWglkJP38=,tag:EDICo3kxo5nqD3xEdZ88nw==,type:str]
healthchecks: ENC[AES256_GCM,data:w8nX0C7n19smMkkzIWdwsSWsPfs=,iv:5+IOTEp2/SSzgp9F6T+N7i6x4d98lCBcmlJbYhEQXYE=,tag:61UGJzBZB4pl75pDRE1YPg==,type:str]
crowdsec:
lapiKey: ENC[AES256_GCM,data:NkakII0kieaCy7F9eWgftQwKYCtwqF57adS0CkCirz8g0NmlBdqcU0yM0w==,iv:H90Jox9xnhoF/1WmH29yNrvyPX+ef6YCOeA8Xq3xQNI=,tag:S5JnMRsp1KkyLz8hUPWyJw==,type:str]
fwBouncerLapiKey: ENC[AES256_GCM,data:iri28UCClf+D7Rec3q4BKHLQdEUI/RIw/CelE3KwDlbo+q9DT97RGWZzbg==,iv:Q7mylXedoer/OwPgjfGUM9cM20kz8cwcG9EluRnlmWs=,tag:fQRpMXfUsA3ejphezRmPyw==,type:str]
wafLapiKey: ENC[AES256_GCM,data:Ua98YWQVKC3qnPyt39kKKY3dei/1T0Aq48TBuwQ067Mw3acwDLq6WZ7O87M=,iv:5v0jFnGWZaiGVXRHdrl61Pd0jGvqOlyLIq1CXKvt7Xs=,tag:9PpSQxxtBIuErdqDvA/SAQ==,type:str]
sops:
age:
- recipient: age1jmsrfddctahhznfv7jv77tgw5crmhjhe0e0kzc967hvax4sulv3s6hp2su
@@ -35,7 +36,7 @@ sops:
WVRHWW9CSmZWWnVoREN4RGxFQ3NJcWcKRakRbpJWGzsuLVpLafeZh4MuMKLNcCPH
j4xfuBAF24/BB/oI1hRdxsVtOQHgpx77jxDcAx22XZqSqP7t1YvVpg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-10-19T14:41:58Z"
mac: ENC[AES256_GCM,data:+kpe5tExdH/VOgUNAGRpOGWo/xm5Grl3oMcmTza3I2IKQqpVpU4KZ2Wg6JCcAitcF1I2BKXG2D4tjWMe+9NqDYuwDNA/8LSile+DdlyexrvZc91/ESp83CPWA2DfwzmEbOigwssoOLIQHsvFoiYnKD3Ya/6W6MNWmrLpvGdUI+w=,iv:MgBPa6+gE2+zAFEctRzFMSUupkpegWxpe4co+Epwbbs=,tag:GBAAF2q82Uzzf1O6YJ/buw==,type:str]
lastmodified: "2025-11-10T02:17:03Z"
mac: ENC[AES256_GCM,data:Ufzv2pUu4vqmb7nVSXFCm9o05Z0wZo4qJHxvQS7j0x6xjSS05WnQkou1tJZ/XLqm3MIxzgJbwk2Y2YjGOE9HiGMclxaP6+BHbI4RH3ojZHKmO/5a0BLFg8yqixvCND/504Qh+51fDCNG1D06s6TfzEwTwkFkhfHDGZZRToK4aW8=,iv:jDfHTMziecOUI6WUu187+edg14eCqiI0MVD8OV4i9Nc=,tag:AUK7xGJJ5cAoA5hbgf4AMw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0