SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 23:11:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix crowdsec's acquisition of caddy logs

Browse source
This commit is contained in:
SebastianStork 2025-06-06 08:58:53 +02:00
parent e7cdd49bcf
commit a1481db722
2 changed files with 10 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

11
modules/system/services/crowdsec/default.nix
View file

@ -7,6 +7,8 @@
}:
let
cfg = config.custom.services.crowdsec;
user = config.users.users.crowdsec.name;
in
{
imports = [ inputs.crowdsec.nixosModules.crowdsec ];
@ -32,7 +34,9 @@ in
config = lib.mkIf cfg.enable {
nixpkgs.overlays = [ inputs.crowdsec.overlays.default ];
sops.secrets."crowdsec/enrollment-key".owner = config.users.users.crowdsec.name;
sops.secrets."crowdsec/enrollment-key".owner = user;
users.groups.caddy.members = lib.mkIf (lib.elem "caddy" cfg.sources) [ user ];
services.crowdsec = {
enable = true;
@ -53,7 +57,10 @@ in
in
[
(mkAcquisition (lib.elem "sshd" cfg.sources) "sshd.service")
(mkAcquisition (lib.elem "caddy" cfg.sources) "caddy.service")
(lib.mkIf (lib.elem "caddy" cfg.sources) {
filenames = [ "${config.services.caddy.logDir}/*.log" ];
labels.type = "caddy";
})
(lib.mkIf (lib.elem "iptables" cfg.sources) {
source = "journalctl";
journalctl_filter = [ "-k" ];