feat: Add crowdsec to replace fail2ban

2025-01-30 03:50:08 +08:00 · 2025-01-30 03:50:08 +08:00 · af76e7fe52
commit af76e7fe52
parent fd9938af04
3 changed files with 29 additions and 0 deletions
--- a/configuration/services/crowdsec.nix
+++ b/configuration/services/crowdsec.nix
@ -0,0 +1,27 @@
+{ pkgs, ... }:
+{
+  security.crowdsec = {
+    enable = true;
+    remediationComponents.firewallBouncer.enable = true;
+
+    parserWhitelist = [
+      "1.64.239.213"
+    ];
+
+    settings.crowdsec_service.acquisition_path = pkgs.writeText "crowdsec-acquisitions.yaml" ''
+      ---
+      source: journalctl
+      journalctl_filter:
+        - "SYSLOG_IDENTIFIER=Nextcloud"
+      labels:
+        type: syslog
+      ---
+      source: journalctl
+      journalctl_filter:
+        - "SYSLOG_IDENTIFIER=sshd-session"
+      labels:
+        type: syslog
+      ---
+    '';
+  };
+}