{ config, lib, ... }:
{
  security.crowdsec = {
    enable = true;

    parserWhitelist = [
      "10.45.249.2"
    ];

    extraGroups = [
      "systemd-journal"
      "nginx"
    ];

    acquisitions = [
      {
        source = "journalctl";
        labels.type = "syslog";
        journalctl_filter = [
          "SYSLOG_IDENTIFIER=Nextcloud"
        ];
      }

      {
        source = "journalctl";
        labels.type = "syslog";
        journalctl_filter = [
          "SYSLOG_IDENTIFIER=sshd-session"
        ];
      }

      {
        labels.type = "nginx";
        filenames =
          [
            "/var/log/nginx/*.log"
          ]
          ++ lib.mapAttrsToList (
            vHost: _: "/var/log/nginx/${vHost}/access.log"
          ) config.services.nginx.virtualHosts;
      }
    ];

    remediationComponents.firewallBouncer = {
      enable = true;
      settings.prometheus = {
        enabled = true;
        listen_addr = "127.0.0.1";
        listen_port = "60601";
      };
    };
  };
}