From e23111b6d7b1b6eca6d3fc2071e089bc5eb32d8a Mon Sep 17 00:00:00 2001 From: SebastianStork Date: Wed, 10 Sep 2025 23:39:27 +0200 Subject: [PATCH] crowdsec: Fix bouncer option --- hosts/srv-public/default.nix | 2 +- modules/system/services/crowdsec.nix | 20 +++++++++++--------- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/hosts/srv-public/default.nix b/hosts/srv-public/default.nix index 585bcc7..88e13f5 100644 --- a/hosts/srv-public/default.nix +++ b/hosts/srv-public/default.nix @@ -29,7 +29,7 @@ sshd = true; caddy = true; }; - bouncer.firewall = true; + bouncers.firewall = true; }; forgejo = { diff --git a/modules/system/services/crowdsec.nix b/modules/system/services/crowdsec.nix index 4323adf..0e5faab 100644 --- a/modules/system/services/crowdsec.nix +++ b/modules/system/services/crowdsec.nix @@ -11,9 +11,9 @@ let user = config.users.users.crowdsec.name; in { - imports = [ - inputs.crowdsec.nixosModules.crowdsec - inputs.crowdsec.nixosModules.crowdsec-firewall-bouncer + imports = with inputs.crowdsec.nixosModules; [ + crowdsec + crowdsec-firewall-bouncer ]; options.custom.services.crowdsec = { @@ -31,7 +31,7 @@ in caddy = lib.mkEnableOption ""; sshd = lib.mkEnableOption ""; }; - bouncer.firewall = lib.mkEnableOption ""; + bouncers.firewall = lib.mkEnableOption ""; }; config = lib.mkIf cfg.enable { @@ -77,7 +77,7 @@ in ]; }; - crowdsec-firewall-bouncer = { + crowdsec-firewall-bouncer = lib.mkIf cfg.bouncers.firewall { enable = true; package = inputs.crowdsec.packages.${pkgs.system}.crowdsec-firewall-bouncer; settings = { @@ -120,9 +120,11 @@ in fi ''; in - lib.mkAfter [ - collectionsScript - bouncerScript - ]; + lib.mkAfter ( + lib.concatLists [ + (lib.singleton collectionsScript) + (lib.optional cfg.bouncers.firewall bouncerScript) + ] + ); }; }