diff --git a/modules/crowdsec.nix b/modules/crowdsec.nix index fd9f702..76d9999 100644 --- a/modules/crowdsec.nix +++ b/modules/crowdsec.nix @@ -602,14 +602,14 @@ in console_path = mkDefault consoleFile; profiles_path = mkDefault localProfilesFile; - online_client = mkDefault { - sharing = mkDefault true; - pull = mkDefault { - community = mkDefault true; - blocklists = mkDefault true; - }; - credentials_path = cfg.settings.capi.credentialsFile; - }; + #online_client = mkDefault { + # sharing = mkDefault true; + # pull = mkDefault { + # community = mkDefault true; + # blocklists = mkDefault true; + # }; + # credentials_path = cfg.settings.capi.credentialsFile; + #}; }; }; prometheus = { diff --git a/secrets.nix b/secrets.nix index 07762b7..f774c4c 100644 --- a/secrets.nix +++ b/secrets.nix @@ -35,7 +35,6 @@ in { "secrets/postgresql-lapi-key.age".publicKeys = [tbarnouin postgresql]; "services/nginx/secrets/cs-lapi-key.age".publicKeys = [tbarnouin nginx]; - "services/nginx/secrets/cs-capi-key.age".publicKeys = [tbarnouin nginx]; "services/minimalConfig/secrets/cs-lapi-key.age".publicKeys = users ++ systems; "secrets/cs-lapi-key.age".publicKeys = users ++ systems; diff --git a/services/nginx/default.nix b/services/nginx/default.nix index 174ff26..cc5d1b3 100644 --- a/services/nginx/default.nix +++ b/services/nginx/default.nix @@ -26,11 +26,6 @@ in { file = ./secrets/cs-lapi-key.age; owner = "crowdsec"; }; - age.secrets.nginx-capi-key = { - file = ./secrets/cs-capi-key.age; - owner = "crowdsec"; - mode = "600"; - }; services = { crowdsec-firewall-bouncer = { enable = true; @@ -47,7 +42,6 @@ in { listen_uri = "${cfg.proxy_ip}:8080"; }; lapi.credentialsFile = "${config.age.secrets.nginx-lapi-key.path}"; - capi.credentialsFile = "${config.age.secrets.nginx-capi-key.path}"; }; hub.collections = [ "firix/authentik" diff --git a/services/nginx/secrets/cs-capi-key.age b/services/nginx/secrets/cs-capi-key.age deleted file mode 100644 index d9c4fe9..0000000 --- a/services/nginx/secrets/cs-capi-key.age +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyB0Q1Js -Kys0clVVOFQwVTUzV04yZ0cyUGM5QnJ6L3ZYNTZpZFVKeTRuZWtBCmYyV1RQR2xC -SExUeEx3MjYwOGgzU0s2U1gxV0Z0ajJ2RUE2bE9LQzFZWTgKLT4gc3NoLWVkMjU1 -MTkgbXUwZm5BIEZRKzkxZnRvZThpSm9PUjc0U2VxU015RzRFWmQ5VVBiV0R3UHVJ -aDRuWEEKTXJFWnhRckZuNUVHeXdQMWxLZ1NpUEE4MktYdHhTT0dVbVJUK3NGOTZa -VQotPiAwUH1nLWdyZWFzZSBCdVZcJyZjaCBQXyFvUndDdCBMbk5mOWlUYyBVewoy -cHRlR1JvUEF2VGZ2SnRIaS9RTmJlVWVTd1dneDdGQjh5LzQxSnRTNSs4WmNRWWc5 -WkFlNGlDMWw2NGdtOGpnCkNtTERzb24wSlVRT3pGSWZab2ZxQytCWlk2RTJ3MEhi -YzlOMTBmemFtYzJPRk80NldoRTY5MmJwbHhGUAotLS0gdHBOSHRxOXNtMmo1QnR5 -N1c0clUxRnlKL2l5bU42ejVRQ0J1dEh2RzY5MAp+G3SFYm9lPhGr3CjIU11K8a8s -YIBgWVCSZ57Dr5LPKfy7kIWuJTFI/YAx1qN4fjwwEXuvyNVWPPVOeO1PAaLhHgAt -1Tx1V3u/LqyzYeXQWuazBZgHbLU+weKoBSmP8JCWXAyVOPzaQdpEDCT+hB/OFYdc -i7lKvTwttJK4Fvv2bVE6R1q1mRCiIz+sVLVydXVQHEqSgGP6o8L9cCfccoIDk3Oo -mtrP+ZEaJU9j4ZM/Y+Shsw/U2TBXOk18f9g+CidhCw== ------END AGE ENCRYPTED FILE----- diff --git a/services/nixarr/default.nix b/services/nixarr/default.nix index 8ef1d24..2a0f6b7 100644 --- a/services/nixarr/default.nix +++ b/services/nixarr/default.nix @@ -1,5 +1,6 @@ { config, + pkgs, lib, ... }: let @@ -38,34 +39,6 @@ in { type = "syslog"; }; } - { - source = "journalctl"; - journalctl_filter = [ "_SYSTEMD_UNIT=sonarr.service" ]; - labels = { - type = "syslog"; - }; - } - { - source = "journalctl"; - journalctl_filter = [ "_SYSTEMD_UNIT=bazarr.service" ]; - labels = { - type = "syslog"; - }; - } - { - source = "journalctl"; - journalctl_filter = [ "_SYSTEMD_UNIT=prowlarr.service" ]; - labels = { - type = "syslog"; - }; - } - { - source = "journalctl"; - journalctl_filter = [ "_SYSTEMD_UNIT=jellyseerr.service" ]; - labels = { - type = "syslog"; - }; - } ]; }; }; diff --git a/systems/minimalLXCConfig.nix b/systems/minimalLXCConfig.nix index e88dd7d..5540ada 100644 --- a/systems/minimalLXCConfig.nix +++ b/systems/minimalLXCConfig.nix @@ -1,5 +1,9 @@ { + config, pkgs, + lib, + inputs, + modulesPath, ... }: { nix = { @@ -7,21 +11,6 @@ settings.trusted-users = ["root" "@wheel"]; }; - nixpkgs.overlays = [ - (final: prev: { - crowdsec = prev.crowdsec.overrideAttrs ( prev: rec { - pname = "crowdsec"; - version = "1.6.4"; - src = pkgs.fetchFromGitHub { - owner = "crowdsecurity"; - repo = "${pname}"; - tag = "v${version}"; - hash = "sha256-/NTlj0kYCOMxShfoKdmouJTiookDjccUj5HFHLPn5HI="; - }; - }); - }) - ]; - networking = { firewall = { enable = true; @@ -46,7 +35,7 @@ time.timeZone = "Europe/Paris"; console.keyMap = "fr"; i18n.defaultLocale = "fr_FR.UTF-8"; - environment.sessionVariables = { + environment.sessionVariables = rec { TERM = "xterm-256color"; }; @@ -108,7 +97,6 @@ nmap iperf3 netcat-openbsd - gnugrep ]; }; diff --git a/systems/minimalVMConfig.nix b/systems/minimalVMConfig.nix index 96c12e2..771c02d 100644 --- a/systems/minimalVMConfig.nix +++ b/systems/minimalVMConfig.nix @@ -1,5 +1,8 @@ { - pkgs, + config, pkgs, + lib, + inputs, + modulesPath, ... }: { nix = { @@ -7,21 +10,6 @@ settings.trusted-users = ["root" "@wheel"]; }; - nixpkgs.overlays = [ - (final: prev: { - crowdsec = prev.crowdsec.overrideAttrs ( prev: rec { - pname = "crowdsec"; - version = "1.6.4"; - src = pkgs.fetchFromGitHub { - owner = "crowdsecurity"; - repo = "${pname}"; - tag = "v${version}"; - hash = "sha256-/NTlj0kYCOMxShfoKdmouJTiookDjccUj5HFHLPn5HI="; - }; - }); - }) - ]; - networking = { firewall = { enable = true; @@ -33,7 +21,7 @@ time.timeZone = "Europe/Paris"; console.keyMap = "fr"; i18n.defaultLocale = "fr_FR.UTF-8"; - environment.sessionVariables = { + environment.sessionVariables = rec { TERM = "xterm-256color"; }; @@ -95,7 +83,6 @@ nmap iperf3 netcat-openbsd - gnugrep ]; };