tbarnouin/nixos-hypervisor
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add netbox nginx vhosts and working crowdsec config
Some checks are pending
/ Build Nix targets (push) Waiting to run
Details

Browse source
This commit is contained in:
Théo Barnouin 2025-04-25 09:47:38 +02:00
parent 3f4ecf53b2
commit a743df3278
1 changed files with 18 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
services/nginx/default.nix
View file

@ -22,6 +22,10 @@ in {
"le43.eu"
];
};
age.secrets.nginx-lapi-key = {
file = ./secrets/cs-lapi-key.age;
owner = "crowdsec";
};
services = {
crowdsec-firewall-bouncer = {
enable = true;
@ -33,14 +37,11 @@ in {
};
crowdsec = {
settings = {
general = {
api = {
server = {
general.api.server = {
enable = true;
listen_uri = "${cfg.proxy_ip}:8080";
};
};
};
lapi.credentialsFile = "${config.age.secrets.nginx-lapi-key.path}";
};
hub.collections = [
"firix/authentik"
@ -50,8 +51,7 @@ in {
"crowdsecurity/http-cve"
"crowdsecurity/base-http-scenarios"
];
localConfig = {
acquisitions = [
localConfig.acquisitions = [
{
source = "journalctl";
journalctl_filter = [ "_SYSTEMD_UNIT=nginx.service" ];
@ -61,7 +61,6 @@ in {
}
];
};
};
fail2ban = {
enable = lib.mkForce false;
jails = {
@ -146,7 +145,7 @@ in {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://192.168.1.90:8000";
proxyPass = "http://192.168.1.90:80";
proxyWebsockets = true;
recommendedProxySettings = true;
};