{ pkgs, ... }:
{
  security.crowdsec = {
    enable = true;
    remediationComponents.firewallBouncer.enable = true;

    parserWhitelist = [
      "1.64.239.213"
    ];

    settings.crowdsec_service.acquisition_path = pkgs.writeText "crowdsec-acquisitions.yaml" ''
      ---
      source: journalctl
      journalctl_filter:
        - "SYSLOG_IDENTIFIER=Nextcloud"
      labels:
        type: syslog
      ---
      source: journalctl
      journalctl_filter:
        - "SYSLOG_IDENTIFIER=sshd-session"
      labels:
        type: syslog
      ---
    '';
  };
}