tbarnouin/nixos-hypervisor
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add netbox nginx vhosts and working crowdsec config
Some checks are pending
/ Build Nix targets (push) Waiting to run
Details

Browse source
This commit is contained in:
Théo Barnouin 2025-04-25 09:47:38 +02:00
parent 3f4ecf53b2
commit a743df3278
1 changed files with 18 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
services/nginx/default.nix
View file

@ -22,6 +22,10 @@ in {
"le43.eu" "le43.eu"
]; ];
}; };
age.secrets.nginx-lapi-key = {
file = ./secrets/cs-lapi-key.age;
owner = "crowdsec";
};
services = { services = {
crowdsec-firewall-bouncer = { crowdsec-firewall-bouncer = {
enable = true; enable = true;
@ -33,14 +37,11 @@ in {
}; };
crowdsec = { crowdsec = {
settings = { settings = {
general = { general.api.server = {
api = {
server = {
enable = true; enable = true;
listen_uri = "${cfg.proxy_ip}:8080"; listen_uri = "${cfg.proxy_ip}:8080";
}; };
}; lapi.credentialsFile = "${config.age.secrets.nginx-lapi-key.path}";
};
}; };
hub.collections = [ hub.collections = [
"firix/authentik" "firix/authentik"
@ -50,8 +51,7 @@ in {
"crowdsecurity/http-cve" "crowdsecurity/http-cve"
"crowdsecurity/base-http-scenarios" "crowdsecurity/base-http-scenarios"
]; ];
localConfig = { localConfig.acquisitions = [
acquisitions = [
{ {
source = "journalctl"; source = "journalctl";
journalctl_filter = [ "_SYSTEMD_UNIT=nginx.service" ]; journalctl_filter = [ "_SYSTEMD_UNIT=nginx.service" ];
@ -61,7 +61,6 @@ in {
} }
]; ];
}; };
};
fail2ban = { fail2ban = {
enable = lib.mkForce false; enable = lib.mkForce false;
jails = { jails = {
@ -146,7 +145,7 @@ in {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = { locations."/" = {
proxyPass = "http://192.168.1.90:8000"; proxyPass = "http://192.168.1.90:80";
proxyWebsockets = true; proxyWebsockets = true;
recommendedProxySettings = true; recommendedProxySettings = true;
}; };