As long as you allow passwords, they will remain the weak link.
This wrongly assumes that the bouncer and the engine run on the same machine, which is not necessarily the case.
Ideally passkeys replace both password and 2FA token. Ideally, you'd not even need an identifier any more, like the email address. Even more ideally, you'd remove the password and 2FA entirely...
Thanks for the suggestion.
I'd rather replace the whole bit with a generic systemd-run0 based solution though.
Hi, thanks for the suggestion. I have decided not to go down this route to add more config options for complex setups beyond the basics that can be achieved without them. In your case, I suggest...
nix flake update
nix flake update
Glas you got it to work for you.
nix flake update
crowdsec needs a recent version of go to build.
Such a version is usually not available in stable nixpkgs branches when crowdsec cuts releases.
You should be able to build successfully by...
Fixed in 6e29e3574d56f8397cda8794564ccff4d0cf25ee