SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 17:31:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix crowdsec install order

Browse source
This commit is contained in:
SebastianStork 2025-06-02 20:46:23 +02:00
parent 22bdc1d19b
commit 219a9099a3
2 changed files with 14 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

10
modules/system/services/crowdsec/default.nix
View file

@ -63,9 +63,9 @@ in
]; ];
}; };
systemd.services.crowdsec.preStart = systemd.services.crowdsec.serviceConfig.ExecStartPre =
let let
addCollection = collection: '' installCollection = collection: ''
if ! cscli collections list | grep -q "${collection}"; then if ! cscli collections list | grep -q "${collection}"; then
cscli collections install ${collection} cscli collections install ${collection}
fi fi
@ -78,7 +78,9 @@ in
(lib.optional (lib.elem "iptables" cfg.sources) "crowdsecurity/iptables") (lib.optional (lib.elem "iptables" cfg.sources) "crowdsecurity/iptables")
] ]
|> lib.flatten |> lib.flatten
|> lib.map addCollection |> lib.map installCollection
|> lib.concatLines; |> lib.concatLines
|> (text: pkgs.writeShellScript "crowdsec-install-collections" "set -e\n${text}")
|> lib.mkAfter;
}; };
} }

7
modules/system/services/crowdsec/firewall-bouncer.nix
View file

@ -23,10 +23,13 @@ in
}; };
}; };
systemd.services.crowdsec.preStart = '' systemd.services.crowdsec.serviceConfig.ExecStartPre = lib.mkAfter (
pkgs.writeShellScript "crowdsec-add-bouncer" ''
set -e
if ! cscli bouncers list | grep -q "firewall"; then if ! cscli bouncers list | grep -q "firewall"; then
cscli bouncers add "firewall" --key "cs-firewall-bouncer" cscli bouncers add "firewall" --key "cs-firewall-bouncer"
fi fi
''; ''
);
}; };
} }