Working Jellyfin transcoding setup + crowdsec

2025-04-14 13:46:23 +02:00 · 2025-04-14 13:46:23 +02:00 · 1d126cae12
commit 1d126cae12
parent 0d3bf29866
3 changed files with 26 additions and 3 deletions
--- a/systems/minimalLXCConfig.nix
+++ b/systems/minimalLXCConfig.nix
@ -98,6 +98,7 @@
      netcat-openbsd
    ];
  };
+
  age.secrets = {
    cs-lapi-key = {
      file = ../secrets/cs-lapi-key.age;
--- a/systems/minimalVMConfig.nix
+++ b/systems/minimalVMConfig.nix
@ -35,7 +35,7 @@
  users = {
    users.tbarnouin = {
      isNormalUser = true;
-      extraGroups = ["wheel"];
+      extraGroups = ["wheel" "video" "render"];
      shell = pkgs.zsh;
      openssh.authorizedKeys.keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxccGxdfOFXeEClqz3ULl94ubzaJnk4pUus+ek18G0B tbarnouin@nixos"
@ -86,6 +86,13 @@
    ];
  };

+  age.secrets = {
+    cs-lapi-key = {
+      file = ../secrets/cs-lapi-key.age;
+      owner = "crowdsec";
+    };
+  };
+
  services = {
    cloud-init.network.enable = true;
    openssh = {
@ -103,6 +110,21 @@
    fail2ban = {
      enable = true;
    };
+    crowdsec = {
+      enable = true;
+      package = pkgs.crowdsec;
+      autoUpdateService = false;
+      openFirewall = true;
+      settings = {
+        general = {
+          prometheus.listen_addr = "0.0.0.0";
+        };
+        lapi.credentialsFile = "${config.age.secrets.cs-lapi-key.path}";
+      };
+      hub.collections = [
+        "crowdsecurity/linux"
+      ];
+    };
    rsyslogd = {
      enable = true;
      extraConfig = "*.*@192.168.1.27:514;RSYSLOG_SyslogProtocol23Format";