{ pkgs, ... }:
{
  security.crowdsec = {
    enable = true;

    parserWhitelist = [
      "1.64.239.213"
    ];

    settings.crowdsec_service.acquisition_path = pkgs.writeText "crowdsec-acquisitions.yaml" ''
      ---
      source: journalctl
      journalctl_filter:
        - "SYSLOG_IDENTIFIER=Nextcloud"
      labels:
        type: syslog
      ---
      source: journalctl
      journalctl_filter:
        - "SYSLOG_IDENTIFIER=sshd-session"
      labels:
        type: syslog
      ---
    '';

    remediationComponents.firewallBouncer = {
      enable = true;
      settings.prometheus = {
        enabled = true;
        listen_addr = "127.0.0.1";
        listen_port = "60601";
      };
    };
  };
}