From ae4cc7cb08e13afd7d769e23bc8bbabfdd2e28fa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <tm@tlater.net>
Date: Thu, 30 Jan 2025 03:50:08 +0800
Subject: [PATCH] feat: Add crowdsec to replace fail2ban

---
 configuration/default.nix                     |  1 +
 configuration/services/crowdsec.nix           | 35 +++++++++++++++++++
 .../services/metrics/victoriametrics.nix      | 16 +++++++++
 3 files changed, 52 insertions(+)
 create mode 100644 configuration/services/crowdsec.nix

diff --git a/configuration/default.nix b/configuration/default.nix
index 8dddf76..d4c422f 100644
--- a/configuration/default.nix
+++ b/configuration/default.nix
@@ -18,6 +18,7 @@
     ./services/backups.nix
     ./services/battery-manager.nix
     ./services/conduit.nix
+    ./services/crowdsec.nix
     ./services/foundryvtt.nix
     ./services/gitea.nix
     ./services/metrics
diff --git a/configuration/services/crowdsec.nix b/configuration/services/crowdsec.nix
new file mode 100644
index 0000000..110602c
--- /dev/null
+++ b/configuration/services/crowdsec.nix
@@ -0,0 +1,35 @@
+{ pkgs, ... }:
+{
+  security.crowdsec = {
+    enable = true;
+
+    parserWhitelist = [
+      "1.64.239.213"
+    ];
+
+    settings.crowdsec_service.acquisition_path = pkgs.writeText "crowdsec-acquisitions.yaml" ''
+      ---
+      source: journalctl
+      journalctl_filter:
+        - "SYSLOG_IDENTIFIER=Nextcloud"
+      labels:
+        type: syslog
+      ---
+      source: journalctl
+      journalctl_filter:
+        - "SYSLOG_IDENTIFIER=sshd-session"
+      labels:
+        type: syslog
+      ---
+    '';
+
+    remediationComponents.firewallBouncer = {
+      enable = true;
+      settings.prometheus = {
+        enabled = true;
+        listen_addr = "127.0.0.1";
+        listen_port = "60601";
+      };
+    };
+  };
+}
diff --git a/configuration/services/metrics/victoriametrics.nix b/configuration/services/metrics/victoriametrics.nix
index 710cf70..5cfc614 100644
--- a/configuration/services/metrics/victoriametrics.nix
+++ b/configuration/services/metrics/victoriametrics.nix
@@ -10,6 +10,22 @@
         extraSettings.authorization.credentials_file = config.sops.secrets."forgejo/metrics-token".path;
       };
       coturn.targets = [ "127.0.0.1:9641" ];
+
+      crowdsec.targets =
+        let
+          address = config.security.crowdsec.settings.prometheus.listen_addr;
+          port = config.security.crowdsec.settings.prometheus.listen_port;
+        in
+        [ "${address}:${toString port}" ];
+
+      csFirewallBouncer.targets =
+        let
+          address =
+            config.security.crowdsec.remediationComponents.firewallBouncer.settings.prometheus.listen_addr;
+          port =
+            config.security.crowdsec.remediationComponents.firewallBouncer.settings.prometheus.listen_port;
+        in
+        [ "${address}:${toString port}" ];
     };
   };
 }