remove crowdsec and add tpm key

2025-04-25 08:06:19 +02:00 · 2023-09-06 13:35:16 +02:00 · 2023-09-06 13:35:16 +02:00 · 970ddcdacb
commit 970ddcdacb
parent 74a4348d1d
13 changed files with 23 additions and 123 deletions
--- a/hosts/falkenstein-1/default.nix
+++ b/hosts/falkenstein-1/default.nix
@ -6,7 +6,6 @@
      # Include the results of the hardware scan.
      ./hardware-configuration.nix
      ./modules/backup
-      ./modules/crowdsec
      ./modules/mail
      ./modules/networks
      ./modules/nginx
--- a/hosts/falkenstein-1/modules/backup/default.nix
+++ b/hosts/falkenstein-1/modules/backup/default.nix
@ -9,7 +9,6 @@
        source_directories = [
          "/var/lib"
          "/var/log"
-          "/etc/crowdsec"
          "/root"
        ];

--- a/hosts/falkenstein-1/modules/crowdsec/default.nix
+++ b/hosts/falkenstein-1/modules/crowdsec/default.nix
@ -1,52 +0,0 @@
-{ pkgs, lib, ... }:
-{
-  environment.systemPackages = with pkgs; [
-    crowdsec
-    crowdsec-firewall-bouncer
-    ipset
-  ];
-  services.postgresql = {
-    enable = true;
-    ensureUsers = [
-      {
-        name = "crowdsec";
-        ensurePermissions = {
-          "DATABASE crowdsec" = "ALL PRIVILEGES";
-        };
-      }
-    ];
-    ensureDatabases = [ "crowdsec" ];
-
-  };
-  systemd.services.crowdsec = {
-    after = [ "syslog.target" "network.target" "remote-fs.target" "nss-lookup.target" ];
-    description = "Crowdsec agent";
-    serviceConfig = {
-      Type = "notify";
-      ExecStartPre = "${pkgs.crowdsec}/bin/crowdsec -t -error";
-      ExecStart = "${pkgs.crowdsec}/bin/crowdsec";
-      ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
-      Restart = "always";
-      RestartSec = 60;
-    };
-    wantedBy = [ "multi-user.target" ];
-  };
-  systemd.services.crowdsec-firewall-bouncer = {
-    path = [ pkgs.ipset pkgs.iptables ];
-    after = [ "syslog.target" "network.target" "remote-fs.target" "nss-lookup.target" ];
-    before = [ "netfilter-persistent.service" ];
-    description = "Crowdsec firewall bouncer";
-    serviceConfig = {
-      # Type = "notify";
-      ExecStartPre = "${lib.getExe pkgs.crowdsec-firewall-bouncer} -c /etc/crowdsec/crowdsec-firewall-bouncer.yaml -t";
-      ExecStart = "${lib.getExe pkgs.crowdsec-firewall-bouncer} -c /etc/crowdsec/crowdsec-firewall-bouncer.yaml";
-      ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
-      Restart = "always";
-      RestartSec = 10;
-      LimitNOFILE = 65536;
-    };
-    wantedBy = [ "multi-user.target" ];
-  };
-
-
-}
--- a/hosts/thinkpad/default.nix
+++ b/hosts/thinkpad/default.nix
@ -185,12 +185,12 @@
    };
  };

-  # security.tpm2 = {
-  #   enable = true;
-  #   pkcs11.enable = true;
-  #   abrmd.enable = true;
-  #   tctiEnvironment.enable = true;
-  # };
+  security.tpm2 = {
+    enable = true;
+    pkcs11.enable = true;
+    abrmd.enable = true;
+    tctiEnvironment.enable = true;
+  };

  hardware.opengl.extraPackages = with pkgs; [
    intel-compute-runtime