feat: Add crowdsec to replace fail2ban

feat: Add crowdsec module
2025-01-31 23:00:55 +08:00 · 2025-01-31 23:00:54 +08:00
1 changed files with 0 additions and 30 deletions
--- a/modules/crowdsec/default.nix
+++ b/modules/crowdsec/default.nix
@ -335,36 +335,6 @@ in
            SupplementaryGroups = [ "systemd-journal" ];

            StateDirectory = "crowdsec";
-
-            # PrivateTmp = true;
-            # PrivateUsers = true;
-            # ProtectHome = true;
-            # CapabilityBoundingSet = [ ];
-            # LockPersonality = true;
-            # PrivateDevices = true;
-            # ProtectHostname = true;
-            # ProtectKernelTunables = true;
-            # ProtectKernelModules = true;
-            # ProtectControlGroups = true;
-
-            # NoNewPrivileges = true;
-            # RestrictSUIDSGID = true;
-
-            # ProtectProc = "invisible";
-            # ProcSubset = "pid"; # Needed for journal access
-
-            # RestrictNamespaces = true;
-            # RestrictRealtime = true;
-
-            # SystemCallFilter = [
-            #   "@system-service"
-            #   "@network-io"
-            # ];
-            # SystemCallArchitectures = [ "native" ];
-            # SystemCallErrorNumber = "EPERM";
-
-            # ExecPaths = [ "/nix/store" ];
-            # NoExecPaths = [ "/" ];
          };
        };
      };
Author	SHA1	Message	Date
Tristan Daniël Maat	cff5e74e23	feat: Add crowdsec to replace fail2ban	2025-01-31 23:00:55 +08:00
Tristan Daniël Maat	409b9d4144	feat: Add crowdsec module	2025-01-31 23:00:54 +08:00