48 lines
1.1 KiB
Nix
48 lines
1.1 KiB
Nix
# Module: services/crowdsec-firewall-bouncer
|
|
# Enrolls a traefik bouncer with the crowdsec console
|
|
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
pkgsUnstable,
|
|
inputs,
|
|
...
|
|
}:
|
|
|
|
with lib;
|
|
|
|
let
|
|
cfg = config.crowdsec-firewall-bouncer;
|
|
lapiHost = "log-01.tail755c5.ts.net:8080";
|
|
in
|
|
{
|
|
imports = [ "${pkgsUnstable.path}/nixos/modules/services/security/crowdsec-firewall-bouncer.nix" ];
|
|
|
|
options.crowdsec-firewall-bouncer = {
|
|
enable = mkEnableOption "Enables crowdsec-firewall-bouncer for a host";
|
|
|
|
apiKeyFile = mkOption {
|
|
type = types.path;
|
|
default = null;
|
|
description = "Path of file containing key for LAPI";
|
|
example = "../secrets/crowdsec-fw-bouncer";
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
services.crowdsec.firewall-bouncer = {
|
|
enable = true;
|
|
package = pkgsUnstable.crowdsec-firewall-bouncer;
|
|
registerBouncer.enable = false;
|
|
createRulesets = true;
|
|
secrets.apiKeyPath = cfg.apiKeyFile;
|
|
|
|
settings = {
|
|
api_url = lapiHost;
|
|
# No need for this for now
|
|
#mode = "nftables";
|
|
};
|
|
};
|
|
};
|
|
}
|