feat: Add crowdsec to replace fail2ban

feat: Add crowdsec module
2025-01-31 22:41:51 +08:00 · 2025-01-31 22:41:51 +08:00
1 changed files with 30 additions and 0 deletions
--- a/modules/crowdsec/default.nix
+++ b/modules/crowdsec/default.nix
@ -335,6 +335,36 @@ in
            SupplementaryGroups = [ "systemd-journal" ];
            StateDirectory = "crowdsec";
            # PrivateTmp = true;
            # PrivateUsers = true;
            # ProtectHome = true;
            # CapabilityBoundingSet = [ ];
            # LockPersonality = true;
            # PrivateDevices = true;
            # ProtectHostname = true;
            # ProtectKernelTunables = true;
            # ProtectKernelModules = true;
            # ProtectControlGroups = true;
            # NoNewPrivileges = true;
            # RestrictSUIDSGID = true;
            # ProtectProc = "invisible";
            # ProcSubset = "pid"; # Needed for journal access
            # RestrictNamespaces = true;
            # RestrictRealtime = true;
            # SystemCallFilter = [
            #   "@system-service"
            #   "@network-io"
            # ];
            # SystemCallArchitectures = [ "native" ];
            # SystemCallErrorNumber = "EPERM";
            # ExecPaths = [ "/nix/store" ];
            # NoExecPaths = [ "/" ];
          };
        };
      };
Author	SHA1	Message	Date
Tristan Daniël Maat	af76e7fe52	feat: Add crowdsec to replace fail2ban	2025-01-31 22:41:51 +08:00
Tristan Daniël Maat	fd9938af04	feat: Add crowdsec module	2025-01-31 22:41:51 +08:00