From a79be91c41fb4a58a10a5e2d5d6c5691df7bd594 Mon Sep 17 00:00:00 2001
From: death916 <mail@trentnelson.dev>
Date: Sun, 18 Jan 2026 03:08:14 -0800
Subject: [PATCH] ts whitelist

---
 modules/containers/docker/crowdsec/crowdsec.nix | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/modules/containers/docker/crowdsec/crowdsec.nix b/modules/containers/docker/crowdsec/crowdsec.nix
index 18008e1..2e1cfd8 100644
--- a/modules/containers/docker/crowdsec/crowdsec.nix
+++ b/modules/containers/docker/crowdsec/crowdsec.nix
@@ -32,6 +32,15 @@ let
     labels:
       type: syslog
   '';
+
+  whitelistYaml = pkgs.writeText "tailscale-whitelist.yaml" ''
+    name: my/tailscale_whitelist
+    description: "Whitelist Tailscale IPs"
+    whitelist:
+      reason: "Tailscale / Internal"
+      ip:
+        - "100.64.0.0/10"
+  '';
 in
 {
   virtualisation.docker.enable = true;
@@ -59,6 +68,7 @@ in
       "/run/log/journal:/run/log/journal:ro"
       "/etc/machine-id:/etc/machine-id:ro"
       "${acquisYaml}:/etc/crowdsec/acquis.yaml"
+      "${whitelistYaml}:/etc/crowdsec/parsers/s02-enrich/tailscale-whitelist.yaml"
     ];
   };