nixos

rope/nixos

History

ediblerope a8d163b4a8 crowdsec: vendor PR #446307 rewrite to fix bootstrap The upstream NixOS crowdsec module fails on first deploy ("no API client section in configuration") because it doesn't auto-register LAPI credentials. The rewrite in NixOS/nixpkgs#446307 (TornaxO7's branch) adds a setup oneshot that runs `cscli machines add --auto` if the credentials file is missing, and handles DynamicUser StateDirectory permissions explicitly. The bouncer rewrite gets matching auto-registration. Vendor both module files locally and disable the upstream copies. Drop modules/crowdsec/ and the disabledModules+imports lines once the PR merges into nixpkgs unstable. Config moves to the new unified `settings` API (no more separate `localConfig`); LAPI moved to 127.0.0.1:8081 to dodge the qBit collision. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-25 15:00:32 +01:00
..
crowdsec	crowdsec: vendor PR #446307 rewrite to fix bootstrap	2026-04-25 15:00:32 +01:00

ediblerope a8d163b4a8 crowdsec: vendor PR #446307 rewrite to fix bootstrap

The upstream NixOS crowdsec module fails on first deploy ("no API client
section in configuration") because it doesn't auto-register LAPI
credentials. The rewrite in NixOS/nixpkgs#446307 (TornaxO7's branch) adds
a setup oneshot that runs `cscli machines add --auto` if the credentials
file is missing, and handles DynamicUser StateDirectory permissions
explicitly. The bouncer rewrite gets matching auto-registration.

Vendor both module files locally and disable the upstream copies. Drop
modules/crowdsec/ and the disabledModules+imports lines once the PR
merges into nixpkgs unstable.

Config moves to the new unified `settings` API (no more separate
`localConfig`); LAPI moved to 127.0.0.1:8081 to dodge the qBit collision.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-04-25 15:00:32 +01:00

crowdsec

crowdsec: vendor PR #446307 rewrite to fix bootstrap

2026-04-25 15:00:32 +01:00