crowdsec: prune hub items the bundled binary can't parse
The crowdsec hub tracks upstream master, but nixpkgs stable's crowdsec binary is a few versions behind and doesn't know newer expr functions (LookupFile in particular). When crowdsec-setup re-pulls the hub on each rebuild, it lands /etc/crowdsec/scenarios/http-technology-probing.yaml which then crashes the agent at load time with "unknown name LookupFile". Adds a tiny oneshot ordered between crowdsec-setup and crowdsec that removes the offending file. RequiredBy crowdsec.service so the hook always fires even if someone restarts the agent manually. Drop this unit (and revert the bundled-package fix) once nixpkgs catches up. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
parent
0c1b23337f
commit
32f2a4df2b
1 changed files with 18 additions and 0 deletions
|
|
@ -168,5 +168,23 @@ in
|
||||||
enable = true;
|
enable = true;
|
||||||
registerBouncer.enable = true;
|
registerBouncer.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# The hub keeps tracking upstream master, but nixpkgs stable's crowdsec
|
||||||
|
# binary is a few versions behind and doesn't know newer expr functions
|
||||||
|
# (e.g. LookupFile, used by crowdsecurity/http-technology-probing). The
|
||||||
|
# agent then refuses to load the entire bucket and crashes on startup.
|
||||||
|
# Strip incompatible scenarios after crowdsec-setup repopulates the hub
|
||||||
|
# but before crowdsec.service tries to load them.
|
||||||
|
systemd.services.crowdsec-prune-incompatible-hub-items = {
|
||||||
|
description = "Remove hub scenarios incompatible with the bundled crowdsec";
|
||||||
|
after = [ "crowdsec-setup.service" ];
|
||||||
|
before = [ "crowdsec.service" ];
|
||||||
|
requiredBy = [ "crowdsec.service" ];
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
RemainAfterExit = true;
|
||||||
|
ExecStart = "${pkgs.coreutils}/bin/rm -f /etc/crowdsec/scenarios/http-technology-probing.yaml";
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue