death916/nixconfig
1
0
Fork 0
mirror of https://github.com/Death916/nixconfig.git synced 2026-04-11 04:48:25 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'main' of https://github.com/death916/nixconfig

Browse source
This commit is contained in:
death916 2026-02-08 10:25:16 -08:00
commit 60fa7715d6
1 changed files with 12 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

12
modules/containers/docker/crowdsec/crowdsec.nix
View file

@ -41,6 +41,17 @@ let
cidr:
- "100.64.0.0/10"
'';
nextcloudWhitelistYaml = pkgs.writeText "nextcloud-whitelist.yaml" ''
name: my/nextcloud_whitelist
description: "Whitelist Nextcloud URLs to prevent false positives"
whitelist:
reason: "Nextcloud Sync / Mobile App"
expression:
- "evt.Parsed.request contains '/remote.php/dav/'"
- "evt.Parsed.request contains '/index.php/svg/'"
- "evt.Parsed.request contains '/status.php'"
'';
in
{
virtualisation.docker.enable = true;
@ -69,6 +80,7 @@ in
"/etc/machine-id:/etc/machine-id:ro"
"${acquisYaml}:/etc/crowdsec/acquis.yaml"
"${whitelistYaml}:/etc/crowdsec/parsers/s02-enrich/tailscale-whitelist.yaml"
"${nextcloudWhitelistYaml}:/etc/crowdsec/parsers/s02-enrich/nextcloud-whitelist.yaml"
];
};