46 lines
984 B
Nix
46 lines
984 B
Nix
# Module: services/crowdsec-firewall-bouncer
|
|
# Enrolls a traefik bouncer with the crowdsec console
|
|
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
pkgsUnstable,
|
|
inputs,
|
|
...
|
|
}:
|
|
|
|
with lib;
|
|
|
|
let
|
|
cfg = config.crowdsec-firewall-bouncer;
|
|
lapiHost = "http://log-01.tail755c5.ts.net:8080";
|
|
in
|
|
{
|
|
options.crowdsec-firewall-bouncer = {
|
|
enable = mkEnableOption "Enables crowdsec-firewall-bouncer for a host";
|
|
|
|
apiKeyFile = mkOption {
|
|
type = types.path;
|
|
default = null;
|
|
description = "Path of file containing key for LAPI";
|
|
example = "../secrets/crowdsec-fw-bouncer";
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
services.crowdsec-firewall-bouncer = {
|
|
enable = true;
|
|
package = pkgsUnstable.crowdsec-firewall-bouncer;
|
|
registerBouncer.enable = false;
|
|
createRulesets = true;
|
|
secrets.apiKeyPath = cfg.apiKeyFile;
|
|
|
|
settings = {
|
|
api_url = lapiHost;
|
|
# No need for this for now
|
|
#mode = "nftables";
|
|
};
|
|
};
|
|
};
|
|
}
|