Fix CrowdSec race: order crowdsec after tmpfiles-resetup

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-05 23:17:35 +01:00 · 2026-04-05 23:17:35 +01:00 · 8b85956f7c
commit 8b85956f7c
parent 9958198209
1 changed files with 3 additions and 0 deletions
--- a/services/crowdsec.nix
+++ b/services/crowdsec.nix
@ -31,6 +31,9 @@
      "L+ /etc/crowdsec/config.yaml - - - - ${(pkgs.formats.yaml { }).generate "crowdsec.yaml" config.services.crowdsec.settings.general}"
    ];

+    # Ensure /var/lib/crowdsec exists before crowdsec starts (race with tmpfiles-resetup)
+    systemd.services.crowdsec.after = [ "systemd-tmpfiles-resetup.service" ];
+
    # Firewall bouncer — auto-registers to local CrowdSec LAPI
    services.crowdsec-firewall-bouncer = {
      enable = true;