feat: Add crowdsec module

2025-01-24 00:35:23 +08:00 · 2025-01-24 00:35:23 +08:00 · b81de99288
commit b81de99288
parent 09198a416c
5 changed files with 335 additions and 2 deletions
--- a/configuration/services/crowdsec.nix
+++ b/configuration/services/crowdsec.nix
@ -0,0 +1,36 @@
+{ pkgs, ... }:
+{
+  services.crowdsec = {
+    enable = true;
+
+    settings.crowdsec_service.acquisition_path =
+      (pkgs.formats.yaml { }).generate "crowdsec-acquisitions.yaml"
+        {
+          source = "journalctl";
+          journalctl_filter = map (s: "_SYSTEMD_UNIT=${s}") [
+            "conduit.service"
+            "coturn.service"
+            "forgejo.service"
+            "foundryvtt.service"
+            "grafana.service"
+            "minecraft-server.service"
+            # Nextcloud?
+            "tlaternet-webserver.service"
+            "sshd.service"
+            # Wireguard?
+          ];
+          labels.type = "syslog";
+        };
+  };
+}
+
+#       db_config = {
+#         type = "postgresql";
+#         db_path = "/run/postgresql";
+#         user = "crowdsec";
+#         db_name = "crowdsec";
+#         flush = {
+#           max_items = 10000;
+#           max_age = "14d";
+#         };
+#       };