{ pkgs, ... }:
{
  services.crowdsec = {
    enable = true;

    settings.crowdsec_service.acquisition_path =
      (pkgs.formats.yaml { }).generate "crowdsec-acquisitions.yaml"
        {
          source = "journalctl";
          journalctl_filter = map (s: "_SYSTEMD_UNIT=${s}") [
            "conduit.service"
            "coturn.service"
            "forgejo.service"
            "foundryvtt.service"
            "grafana.service"
            "minecraft-server.service"
            # Nextcloud?
            "tlaternet-webserver.service"
            "sshd.service"
            # Wireguard?
          ];
          labels.type = "syslog";
        };
  };
}

#       db_config = {
#         type = "postgresql";
#         db_path = "/run/postgresql";
#         user = "crowdsec";
#         db_name = "crowdsec";
#         flush = {
#           max_items = 10000;
#           max_age = "14d";
#         };
#       };