tlaternet-server/configuration/services/crowdsec.nix

{ pkgs, config, ... }:
{
  services.crowdsec = {
    enable = true;
    # clientCredentials = config.sops.secrets."crowdsec/credentials".path;

    settings.crowdsec_service.acquisition_path =
      (pkgs.formats.yaml { }).generate "crowdsec-acquisitions.yaml"
        {
          source = "journalctl";
          journalctl_filter = [ "_SYSTEMD_UNIT=sshd.service" ];
          labels.type = "syslog";
        };
  };
}

#       db_config = {
#         type = "postgresql";
#         db_path = "/run/postgresql";
#         user = "crowdsec";
#         db_name = "crowdsec";
#         flush = {
#           max_items = 10000;
#           max_age = "14d";
#         };
#       };