Add netbox nginx vhosts and working crowdsec config

services/nginx/default.nix

@@ -22,6 +22,10 @@ in {
         "le43.eu"
       ];
     };
+    age.secrets.nginx-lapi-key = {
+      file = ./secrets/cs-lapi-key.age;
+      owner = "crowdsec";
+    };
     services = {
       crowdsec-firewall-bouncer = {
         enable = true;
@@ -33,14 +37,11 @@ in {
       };
       crowdsec = {
         settings = {
-          general = {
+          general.api.server = {
-            api = {
+            enable = true;
-              server = {
+            listen_uri = "${cfg.proxy_ip}:8080";
-                enable = true;
-                listen_uri = "${cfg.proxy_ip}:8080";
-              };
-            };
           };
+          lapi.credentialsFile = "${config.age.secrets.nginx-lapi-key.path}";
         };
         hub.collections = [
           "firix/authentik"
@@ -50,17 +51,15 @@ in {
           "crowdsecurity/http-cve"
           "crowdsecurity/base-http-scenarios"
         ];
-        localConfig = {
+        localConfig.acquisitions = [
-          acquisitions = [
+          {
-            {
+            source = "journalctl";
-              source = "journalctl";
+            journalctl_filter = [ "_SYSTEMD_UNIT=nginx.service" ];
-              journalctl_filter = [ "_SYSTEMD_UNIT=nginx.service" ];
+            labels = {
-              labels = {
+              type = "syslog";
-                type = "syslog";
+            };
-              };
+          }
-            }
+        ];
-          ];
-        };
       };
       fail2ban = {
         enable = lib.mkForce false;
@@ -146,7 +145,7 @@ in {
             forceSSL = true;
             enableACME = true;
             locations."/" = {
-              proxyPass = "http://192.168.1.90:8000";
+              proxyPass = "http://192.168.1.90:80";
               proxyWebsockets = true;
               recommendedProxySettings = true;
             };