feat: Add crowdsec to replace fail2ban

2025-01-30 03:50:08 +08:00 · 2025-01-30 03:50:08 +08:00 · ae4cc7cb08
commit ae4cc7cb08
parent 5f4d4de135
3 changed files with 52 additions and 0 deletions
--- a/configuration/services/metrics/victoriametrics.nix
+++ b/configuration/services/metrics/victoriametrics.nix
@ -10,6 +10,22 @@
        extraSettings.authorization.credentials_file = config.sops.secrets."forgejo/metrics-token".path;
      };
      coturn.targets = [ "127.0.0.1:9641" ];
+
+      crowdsec.targets =
+        let
+          address = config.security.crowdsec.settings.prometheus.listen_addr;
+          port = config.security.crowdsec.settings.prometheus.listen_port;
+        in
+        [ "${address}:${toString port}" ];
+
+      csFirewallBouncer.targets =
+        let
+          address =
+            config.security.crowdsec.remediationComponents.firewallBouncer.settings.prometheus.listen_addr;
+          port =
+            config.security.crowdsec.remediationComponents.firewallBouncer.settings.prometheus.listen_port;
+        in
+        [ "${address}:${toString port}" ];
    };
  };
 }