From a743df3278fc2b9772c005cecb4ccd6ffe239cde Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9o=20Barnouin?= Date: Fri, 25 Apr 2025 09:47:38 +0200 Subject: [PATCH] Add netbox nginx vhosts and working crowdsec config --- services/nginx/default.nix | 37 ++++++++++++++++++------------------- 1 file changed, 18 insertions(+), 19 deletions(-) diff --git a/services/nginx/default.nix b/services/nginx/default.nix index 324416a..d3150f9 100644 --- a/services/nginx/default.nix +++ b/services/nginx/default.nix @@ -22,6 +22,10 @@ in { "le43.eu" ]; }; + age.secrets.nginx-lapi-key = { + file = ./secrets/cs-lapi-key.age; + owner = "crowdsec"; + }; services = { crowdsec-firewall-bouncer = { enable = true; @@ -33,14 +37,11 @@ in { }; crowdsec = { settings = { - general = { - api = { - server = { - enable = true; - listen_uri = "${cfg.proxy_ip}:8080"; - }; - }; + general.api.server = { + enable = true; + listen_uri = "${cfg.proxy_ip}:8080"; }; + lapi.credentialsFile = "${config.age.secrets.nginx-lapi-key.path}"; }; hub.collections = [ "firix/authentik" @@ -50,17 +51,15 @@ in { "crowdsecurity/http-cve" "crowdsecurity/base-http-scenarios" ]; - localConfig = { - acquisitions = [ - { - source = "journalctl"; - journalctl_filter = [ "_SYSTEMD_UNIT=nginx.service" ]; - labels = { - type = "syslog"; - }; - } - ]; - }; + localConfig.acquisitions = [ + { + source = "journalctl"; + journalctl_filter = [ "_SYSTEMD_UNIT=nginx.service" ]; + labels = { + type = "syslog"; + }; + } + ]; }; fail2ban = { enable = lib.mkForce false; @@ -146,7 +145,7 @@ in { forceSSL = true; enableACME = true; locations."/" = { - proxyPass = "http://192.168.1.90:8000"; + proxyPass = "http://192.168.1.90:80"; proxyWebsockets = true; recommendedProxySettings = true; };