WIP: feat: Add minecraft server

My IP address is not static, and grafana seems to comfortably produce
enough traffic to get me IP banned.

configuration/services/conduit/matrix-hookshot.nix

@@ -16,7 +16,7 @@ let
 
   registration = matrixLib.writeRegistrationScript {
     id = "matrix-hookshot";
-    url = "${address}:${toString port}";
+    url = "http://${address}:${toString port}";
     sender_localpart = "hookshot";
 
     namespaces = {
@@ -91,6 +91,8 @@ in
         bindAddress = "127.0.0.1";
       };
 
+      bot.displayname = "Hookshot";
+
       generic = {
         enabled = true;
         outbound = false;

configuration/services/crowdsec.nix

@@ -1,4 +1,9 @@
-{ config, lib, ... }:
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:
 {
   security.crowdsec = {
     enable = true;
@@ -50,4 +55,36 @@
       };
     };
   };
+
+  # Add whitelists for matrix
+  systemd.tmpfiles.settings."10-matrix" =
+    let
+      stateDir = config.security.crowdsec.stateDirectory;
+    in
+    {
+      "${stateDir}/config/postoverflows".d = {
+        user = "crowdsec";
+        group = "crowdsec";
+        mode = "0700";
+      };
+
+      "${stateDir}/config/postoverflows/s01-whitelist".d = {
+        user = "crowdsec";
+        group = "crowdsec";
+        mode = "0700";
+      };
+
+      "${stateDir}/config/postoverflows/s01-whitelist/matrix-whitelist.yaml"."L+".argument =
+        ((pkgs.formats.yaml { }).generate "crowdsec-matrix-whitelist.yaml" {
+          name = "tetsumaki/matrix";
+          description = "custom matrix whitelist";
+          whitelist = {
+            reason = "whitelist false positive for matrix";
+            expression = [
+              "evt.Overflow.Alert.Events[0].GetMeta('target_fqdn') == '${config.services.matrix-conduit.settings.global.server_name}'"
+              "evt.Overflow.Alert.GetScenario() in ['crowdsecurity/http-probing', 'crowdsecurity/http-crawl-non_statics']"
+            ];
+          };
+        }).outPath;
+    };
 }