tbarnouin/nixos-hypervisor
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Try pre-commit and formatting with alejandra
Some checks are pending
/ Build Nix targets (push) Waiting to run
Details

Browse source
This commit is contained in:
Théo Barnouin 2025-06-05 10:41:53 +02:00
parent 0eb6154c32
commit 32b60f1ff9
16 changed files with 325 additions and 248 deletions
Download patch file Download diff file Expand all files Collapse all files

76
flake.lock generated
View file

@ -105,6 +105,22 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems_2" "systems": "systems_2"
@ -140,6 +156,27 @@
"type": "indirect" "type": "indirect"
} }
}, },
"gitignore": {
"inputs": {
"nixpkgs": [
"pre-commit-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -215,12 +252,49 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_3": {
"locked": {
"lastModified": 1730768919,
"narHash": "sha256-8AKquNnnSaJRXZxc5YmF/WfmxiHX6MMZZasRP6RRQkE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a04d33c0c3f1a59a2c1cb0c6e34cd24500e5a1dc",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat",
"gitignore": "gitignore",
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1747372754,
"narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
"crowdsec": "crowdsec", "crowdsec": "crowdsec",
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2",
"pre-commit-hooks": "pre-commit-hooks"
} }
}, },
"rust-overlay": { "rust-overlay": {

11
flake.nix
View file

@ -3,6 +3,7 @@
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
pre-commit-hooks.url = "github:cachix/git-hooks.nix";
home-manager = { home-manager = {
url = "github:nix-community/home-manager/release-25.05"; url = "github:nix-community/home-manager/release-25.05";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -27,7 +28,17 @@
proxy_host = "192.168.1.40"; proxy_host = "192.168.1.40";
pgsql_host = "192.168.1.13"; pgsql_host = "192.168.1.13";
pkgs = import nixpkgs {inherit system;}; pkgs = import nixpkgs {inherit system;};
supportedSystems = ["x86_64-linux"];
forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
in { in {
checks = forAllSystems (system: {
pre-commit-check = inputs.pre-commit-hooks.lib.${system}.run {
src = ./.;
hooks = {
alejandra.enable = true;
};
};
});
nixosConfigurations = { nixosConfigurations = {
nginx = nixpkgs.lib.nixosSystem { nginx = nixpkgs.lib.nixosSystem {
inherit system; inherit system;

41
modules/crowdsec.nix
View file

@ -3,9 +3,7 @@
pkgs, pkgs,
lib, lib,
... ...
}: }: let
let
format = pkgs.formats.yaml {}; format = pkgs.formats.yaml {};
rootDir = "/var/lib/crowdsec"; rootDir = "/var/lib/crowdsec";
@ -22,10 +20,7 @@ let
localParsersS01ParseDir = "${parsersDir}/s01-parse/"; localParsersS01ParseDir = "${parsersDir}/s01-parse/";
localParsersS02EnrichDir = "${parsersDir}/s02-enrich/"; localParsersS02EnrichDir = "${parsersDir}/s02-enrich/";
localContextsDir = "${confDir}/contexts/"; localContextsDir = "${confDir}/contexts/";
in {
in
{
options.services.crowdsec = with lib; { options.services.crowdsec = with lib; {
enable = mkEnableOption "CrowdSec Security Engine"; enable = mkEnableOption "CrowdSec Security Engine";
@ -443,8 +438,7 @@ in
}; };
}; };
}; };
config = config = let
let
cfg = config.services.crowdsec; cfg = config.services.crowdsec;
configFile = format.generate "crowdsec.yaml" cfg.settings.general; configFile = format.generate "crowdsec.yaml" cfg.settings.general;
simulationFile = format.generate "simulation.yaml" cfg.settings.simulation; simulationFile = format.generate "simulation.yaml" cfg.settings.simulation;
@ -468,7 +462,7 @@ in
$sudo ${lib.getExe' cfg.package "cscli"} -c=${configFile} "$@" $sudo ${lib.getExe' cfg.package "cscli"} -c=${configFile} "$@"
''; '';
localScenariosMap = (map (format.generate "scenario.yaml") cfg.localConfig.scenarios); localScenariosMap = map (format.generate "scenario.yaml") cfg.localConfig.scenarios;
localParsersS00RawMap = ( localParsersS00RawMap = (
map (format.generate "parsers-s00-raw.yaml") cfg.localConfig.parsers.s00Raw map (format.generate "parsers-s00-raw.yaml") cfg.localConfig.parsers.s00Raw
); );
@ -481,8 +475,8 @@ in
localPostOverflowsS01WhitelistMap = ( localPostOverflowsS01WhitelistMap = (
map (format.generate "postoverflows-s01-whitelist.yaml") cfg.localConfig.postOverflows.s01Whitelist map (format.generate "postoverflows-s01-whitelist.yaml") cfg.localConfig.postOverflows.s01Whitelist
); );
localContextsMap = (map (format.generate "context.yaml") cfg.localConfig.contexts); localContextsMap = map (format.generate "context.yaml") cfg.localConfig.contexts;
localNotificationsMap = (map (format.generate "notification.yaml") cfg.localConfig.notifications); localNotificationsMap = map (format.generate "notification.yaml") cfg.localConfig.notifications;
localProfilesFile = pkgs.writeText "local_profiles.yaml" '' localProfilesFile = pkgs.writeText "local_profiles.yaml" ''
--- ---
${lib.strings.concatMapStringsSep "\n---\n" builtins.toJSON cfg.localConfig.profiles} ${lib.strings.concatMapStringsSep "\n---\n" builtins.toJSON cfg.localConfig.profiles}
@ -554,10 +548,8 @@ in
setupScript = pkgs.writeShellScriptBin "crowdsec-setup" ( setupScript = pkgs.writeShellScriptBin "crowdsec-setup" (
lib.strings.concatStringsSep "\n" scriptArray lib.strings.concatStringsSep "\n" scriptArray
); );
in in
lib.mkIf (cfg.enable) { lib.mkIf (cfg.enable) {
warnings = warnings =
[] []
++ lib.optionals (cfg.localConfig.profiles == []) [ ++ lib.optionals (cfg.localConfig.profiles == []) [
@ -824,7 +816,8 @@ in
argument = "${scenarioFile}"; argument = "${scenarioFile}";
}; };
}; };
}) localScenariosMap })
localScenariosMap
) )
// builtins.listToAttrs ( // builtins.listToAttrs (
map (parser: { map (parser: {
@ -836,7 +829,8 @@ in
argument = "${parser}"; argument = "${parser}";
}; };
}; };
}) localParsersS00RawMap })
localParsersS00RawMap
) )
// builtins.listToAttrs ( // builtins.listToAttrs (
map (parser: { map (parser: {
@ -848,7 +842,8 @@ in
argument = "${parser}"; argument = "${parser}";
}; };
}; };
}) localParsersS01ParseMap })
localParsersS01ParseMap
) )
// builtins.listToAttrs ( // builtins.listToAttrs (
map (parser: { map (parser: {
@ -860,7 +855,8 @@ in
argument = "${parser}"; argument = "${parser}";
}; };
}; };
}) localParsersS02EnrichMap })
localParsersS02EnrichMap
) )
// builtins.listToAttrs ( // builtins.listToAttrs (
map (postoverflow: { map (postoverflow: {
@ -872,7 +868,8 @@ in
argument = "${postoverflow}"; argument = "${postoverflow}";
}; };
}; };
}) localPostOverflowsS01WhitelistMap })
localPostOverflowsS01WhitelistMap
) )
// builtins.listToAttrs ( // builtins.listToAttrs (
map (context: { map (context: {
@ -884,7 +881,8 @@ in
argument = "${context}"; argument = "${context}";
}; };
}; };
}) localContextsMap })
localContextsMap
) )
// builtins.listToAttrs ( // builtins.listToAttrs (
map (notification: { map (notification: {
@ -896,7 +894,8 @@ in
argument = "${notification}"; argument = "${notification}";
}; };
}; };
}) localNotificationsMap })
localNotificationsMap
); );
}; };

1
services/netbox/default.nix
View file

@ -18,7 +18,6 @@ in {
file = ../../secrets/netbox-lapi-key.age; file = ../../secrets/netbox-lapi-key.age;
owner = "crowdsec"; owner = "crowdsec";
}; };
};
services = { services = {
crowdsec = { crowdsec = {
settings.lapi.credentialsFile = "${config.age.secrets.netbox-lapi-key.path}"; settings.lapi.credentialsFile = "${config.age.secrets.netbox-lapi-key.path}";

5
systems/minimalLXCConfig.nix
View file

@ -1,7 +1,4 @@
{ {pkgs, ...}: {
pkgs,
...
}: {
nix = { nix = {
settings.experimental-features = ["nix-command" "flakes"]; settings.experimental-features = ["nix-command" "flakes"];
settings.trusted-users = ["root" "@wheel"]; settings.trusted-users = ["root" "@wheel"];

5
systems/minimalVMConfig.nix
View file

@ -1,7 +1,4 @@
{ {pkgs, ...}: {
pkgs,
...
}: {
nix = { nix = {
settings.experimental-features = ["nix-command" "flakes"]; settings.experimental-features = ["nix-command" "flakes"];
settings.trusted-users = ["root" "@wheel"]; settings.trusted-users = ["root" "@wheel"];