feat: Add crowdsec to replace fail2ban

configuration/default.nix

@@ -18,6 +18,7 @@
     ./services/backups.nix
     ./services/battery-manager.nix
     ./services/conduit.nix
+    ./services/crowdsec.nix
     ./services/foundryvtt.nix
     ./services/gitea.nix
     ./services/metrics

configuration/services/crowdsec.nix

@@ -0,0 +1,27 @@
+{ pkgs, ... }:
+{
+  security.crowdsec = {
+    enable = true;
+    remediationComponents.firewallBouncer.enable = true;
+
+    parserWhitelist = [
+      "1.64.239.213"
+    ];
+
+    settings.crowdsec_service.acquisition_path = pkgs.writeText "crowdsec-acquisitions.yaml" ''
+      ---
+      source: journalctl
+      journalctl_filter:
+        - "SYSLOG_IDENTIFIER=Nextcloud"
+      labels:
+        type: syslog
+      ---
+      source: journalctl
+      journalctl_filter:
+        - "SYSLOG_IDENTIFIER=sshd-session"
+      labels:
+        type: syslog
+      ---
+    '';
+  };
+}

configuration/services/metrics/victoriametrics.nix

@@ -10,6 +10,7 @@
         extraSettings.authorization.credentials_file = config.sops.secrets."forgejo/metrics-token".path;
       };
       coturn.targets = [ "127.0.0.1:9641" ];
+      crowdsec.targets = [ "127.0.0.1:6060" ];
     };
   };
 }