tbarnouin/nixos-hypervisor
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Add redis crowdsec config

Browse source
This commit is contained in:
Théo Barnouin 2025-05-13 14:44:53 +02:00
parent 3fd9c73fc1
commit 0012bcd36b
4 changed files with 47 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

3
secrets.nix
View file

@ -3,6 +3,7 @@ let
users = [tbarnouin]; users = [tbarnouin];
grafana = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDQxvO9vdd2f9aV4F3LEQrrTJaLwLvSLbLtjB9qNxc4z root@grafana"; grafana = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDQxvO9vdd2f9aV4F3LEQrrTJaLwLvSLbLtjB9qNxc4z root@grafana";
redis = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDAbU7uRlNmFIazfJVnibUnwq5OvtV8wb3PYFFYJfZc4 root@redis";
onlyoffice = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAEHTFFQoi8PtzkdTEeA5lGELFS01J51GLLjrnySJM7R root@onlyoffice"; onlyoffice = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAEHTFFQoi8PtzkdTEeA5lGELFS01J51GLLjrnySJM7R root@onlyoffice";
postgresql = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJW7qA7j1sICuu1RAfs9ifR9dmOlHq45tKu1ga7CKaob root@pgsql"; postgresql = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJW7qA7j1sICuu1RAfs9ifR9dmOlHq45tKu1ga7CKaob root@pgsql";
forgejo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILMf3Cc/S0p/LFcW+RLMEqpxOOv8q/HrKO4I9joHmRxl root@forgejo"; forgejo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILMf3Cc/S0p/LFcW+RLMEqpxOOv8q/HrKO4I9joHmRxl root@forgejo";
@ -36,4 +37,6 @@ in {
"secrets/cs-lapi-key.age".publicKeys = users ++ systems; "secrets/cs-lapi-key.age".publicKeys = users ++ systems;
"secrets/jellyfin-lapi-key.age".publicKeys = [tbarnouin jellyfin]; "secrets/jellyfin-lapi-key.age".publicKeys = [tbarnouin jellyfin];
"secrets/redis-lapi-key.age".publicKeys = [tbarnouin redis];
} }

15
secrets/redis-lapi-key.age Normal file
View file

@ -0,0 +1,15 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyA0cTRx
eU1JYXUrMWNrZEprU3JVeVpaeXBBQy9yV1N1TTBSL1M5cUF0MFNFCmVvb09oTlZJ
V1Z6MXZrbDNkNHlGMnBRNzlDSjl5RjZGbFJ3MGoxUC9oSG8KLT4gc3NoLWVkMjU1
MTkgd25FVXB3IEVUUVMycHFpRXJCalRmRXMvMVdWc3E3WWViNWNmSUMrRURzU3ds
V2dPajgKSGdNKzBaektIUVI3azBvMS9JKzVualdMSnRXSU1hWFphT3JZRCtrN3hh
VQotPiBULGYtZ3JlYXNlICxkQi0iIGZJMEA3PWBrICkKNFQvcVZkdk5POHVhbWta
Y0JJZk16dTdvb2dUR2kxY1l1NlM3dVRzRlk2dzJGT01pWFpUTkR6djgyNEpTZVp6
WAowOWIxQ2M0NGl3cXljblJObDdwNkU2WUtxeWxKcWFtdHcrTE5jUFA0Zm1MNVhz
dkRYU3NNK0ZrQmRBCi0tLSAzQXBESGl2eTh3MTNoK0l2T2JtVGhHVXNhaTJvWURB
RXUyaDlSa2hIRlFzCgPQYsOV9N597izBEFraiwGqiRt7A/Mcoq6puAEfBKlAw+Wh
4btrDkHPIGek/2q3mg2rUKGbsmeF4AUOijxPzOExbAM7I5rsl9cxq94BcsjKl6Go
3O1Ep2S/WfGP/TFlLSeFzcpTJmv72MWGyFcoWKWq/mlWzG+vzg8l/hasOO5uPcqt
vs8ZPiMXaojmGglmdgZUNsoqmg==
-----END AGE ENCRYPTED FILE-----

36
services/redis/default.nix
View file

@ -10,14 +10,34 @@ in {
enable = lib.mkEnableOption "Enable minimal config"; enable = lib.mkEnableOption "Enable minimal config";
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.redis = { age.secrets.redis-lapi-key = {
vmOverCommit = true; file = ../../secrets/redis-lapi-key.age;
servers.redis = { owner = "crowdsec";
enable = true; };
port = 6379; services = {
bind = "0.0.0.0"; crowdsec = {
settings = { settings.lapi.credentialsFile = "${config.age.secrets.redis-lapi-key.path}";
protected-mode = "no"; localConfig = {
acquisitions = [
{
source = "journalctl";
journalctl_filter = [ "_SYSTEMD_UNIT=redis.service" ];
labels = {
type = "syslog";
};
}
];
};
};
redis = {
vmOverCommit = true;
servers.redis = {
enable = true;
port = 6379;
bind = "0.0.0.0";
settings = {
protected-mode = "no";
};
}; };
}; };
}; };

2
systems/minimalLXCConfig.nix
View file

@ -129,7 +129,7 @@
rsyslogd = { rsyslogd = {
enable = true; enable = true;
extraConfig = '' extraConfig = ''
*.* action(type="omfwd" target="192.168.1.27" port="1514" protocol="tcp") *.* action(type="omfwd" target="192.168.1.27" port="1514" protocol="tcp" Template="RSYSLOG_SyslogProtocol23Format")
''; '';
}; };
prometheus = { prometheus = {