tlaternet/tlaternet-server
1
0
Fork 0
Code Issues10 Pull requests Releases Activity

feat(crowdsec-service): Add nginx monitoring

Browse source
This commit is contained in:
Tristan Daniël Maat 2025-02-01 17:58:15 +08:00
parent 2831fdb0f2
commit 68450870cf
Signed by: tlater
GPG key ID: 49670FD774E43268
1 changed files with 34 additions and 16 deletions

50
configuration/services/crowdsec.nix
View file

@ -1,4 +1,4 @@
{ pkgs, ... }: { config, lib, ... }:
{ {
security.crowdsec = { security.crowdsec = {
enable = true; enable = true;
@ -7,21 +7,39 @@
"1.64.239.213" "1.64.239.213"
]; ];
settings.crowdsec_service.acquisition_path = pkgs.writeText "crowdsec-acquisitions.yaml" '' extraGroups = [
--- "systemd-journal"
source: journalctl "nginx"
journalctl_filter: ];
- "SYSLOG_IDENTIFIER=Nextcloud"
labels: acquisitions = [
type: syslog {
--- source = "journalctl";
source: journalctl labels.type = "syslog";
journalctl_filter: journalctl_filter = [
- "SYSLOG_IDENTIFIER=sshd-session" "SYSLOG_IDENTIFIER=Nextcloud"
labels: ];
type: syslog }
---
''; {
source = "journalctl";
labels.type = "syslog";
journalctl_filter = [
"SYSLOG_IDENTIFIER=sshd-session"
];
}
{
labels.type = "nginx";
filenames =
[
"/var/log/nginx/*.log"
]
++ lib.mapAttrsToList (
vHost: _: "/var/log/nginx/${vHost}/access.log"
) config.services.nginx.virtualHosts;
}
];
remediationComponents.firewallBouncer = { remediationComponents.firewallBouncer = {
enable = true; enable = true;