teml
This commit is contained in:
mjallen18
@@ -5,115 +5,124 @@
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.${namespace}.services.crowdsec;
|
||||
in
|
||||
{
|
||||
imports = [ ./options.nix ];
|
||||
config = lib.mkIf cfg.enable {
|
||||
inherit (lib.${namespace}) mkOpt;
|
||||
name = "crowdsec";
|
||||
cfg = config.${namespace}.services.${name};
|
||||
|
||||
services = {
|
||||
crowdsec = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
hub = {
|
||||
appSecConfigs = [
|
||||
"crowdsecurity/appsec-default"
|
||||
];
|
||||
appSecRules = [
|
||||
"crowdsecurity/base-config"
|
||||
];
|
||||
collections = [
|
||||
"crowdsecurity/http-cve"
|
||||
"crowdsecurity/http-dos"
|
||||
"crowdsecurity/linux"
|
||||
"crowdsecurity/nextcloud"
|
||||
"crowdsecurity/pgsql"
|
||||
"crowdsecurity/smb"
|
||||
"crowdsecurity/sshd"
|
||||
"crowdsecurity/traefik"
|
||||
"firix/authentik"
|
||||
];
|
||||
parsers = [
|
||||
"crowdsecurity/actual-budget-whitelist"
|
||||
"crowdsecurity/jellyfin-whitelist"
|
||||
"crowdsecurity/jellyseerr-whitelist"
|
||||
"crowdsecurity/nextcloud-logs"
|
||||
"crowdsecurity/nextcloud-whitelist"
|
||||
"crowdsecurity/pgsql-logs"
|
||||
"crowdsecurity/smb-logs"
|
||||
"crowdsecurity/sshd-logs"
|
||||
"crowdsecurity/sshd-success-logs"
|
||||
"crowdsecurity/syslog-logs"
|
||||
];
|
||||
postOverflows = [
|
||||
"crowdsecurity/auditd-nix-wrappers-whitelist-process"
|
||||
];
|
||||
scenarios = [
|
||||
"crowdsecurity/ssh-bf"
|
||||
];
|
||||
};
|
||||
localConfig = {
|
||||
acquisitions = [
|
||||
{
|
||||
journalctl_filter = [
|
||||
"_SYSTEMD_UNIT=authentik.service"
|
||||
];
|
||||
labels = {
|
||||
type = "syslog";
|
||||
};
|
||||
source = "journalctl";
|
||||
}
|
||||
{
|
||||
journalctl_filter = [
|
||||
"_SYSTEMD_UNIT=postgresql.service"
|
||||
];
|
||||
labels = {
|
||||
type = "syslog";
|
||||
};
|
||||
source = "journalctl";
|
||||
}
|
||||
{
|
||||
journalctl_filter = [
|
||||
"_SYSTEMD_UNIT=smbd.service"
|
||||
];
|
||||
labels = {
|
||||
type = "syslog";
|
||||
};
|
||||
source = "journalctl";
|
||||
}
|
||||
{
|
||||
journalctl_filter = [
|
||||
"_SYSTEMD_UNIT=sshd.service"
|
||||
];
|
||||
labels = {
|
||||
type = "syslog";
|
||||
};
|
||||
source = "journalctl";
|
||||
}
|
||||
{
|
||||
journalctl_filter = [
|
||||
"_SYSTEMD_UNIT=traefik.service"
|
||||
];
|
||||
labels = {
|
||||
type = "syslog";
|
||||
};
|
||||
source = "journalctl";
|
||||
}
|
||||
];
|
||||
};
|
||||
settings = {
|
||||
general.api = {
|
||||
server = {
|
||||
enable = true;
|
||||
listen_uri = "${cfg.apiAddress}:${toString cfg.port}";
|
||||
};
|
||||
client = {
|
||||
credentials_path = lib.mkForce "/media/nas/main/nix-app-data/crowdsec/client.yaml";
|
||||
};
|
||||
crowdsecConfig = lib.${namespace}.mkModule {
|
||||
inherit config name;
|
||||
description = "crowdsec";
|
||||
options = with lib; {
|
||||
apiKey = mkOpt types.str "" "API key for crowdsec bouncer";
|
||||
};
|
||||
moduleConfig = {
|
||||
services = {
|
||||
crowdsec = {
|
||||
enable = true;
|
||||
openFirewall = cfg.openFirewall;
|
||||
hub = {
|
||||
appSecConfigs = [
|
||||
"crowdsecurity/appsec-default"
|
||||
];
|
||||
appSecRules = [
|
||||
"crowdsecurity/base-config"
|
||||
];
|
||||
collections = [
|
||||
"crowdsecurity/http-cve"
|
||||
"crowdsecurity/http-dos"
|
||||
"crowdsecurity/linux"
|
||||
"crowdsecurity/nextcloud"
|
||||
"crowdsecurity/pgsql"
|
||||
"crowdsecurity/smb"
|
||||
"crowdsecurity/sshd"
|
||||
"crowdsecurity/traefik"
|
||||
"firix/authentik"
|
||||
];
|
||||
parsers = [
|
||||
"crowdsecurity/actual-budget-whitelist"
|
||||
"crowdsecurity/jellyfin-whitelist"
|
||||
"crowdsecurity/jellyseerr-whitelist"
|
||||
"crowdsecurity/nextcloud-logs"
|
||||
"crowdsecurity/nextcloud-whitelist"
|
||||
"crowdsecurity/pgsql-logs"
|
||||
"crowdsecurity/smb-logs"
|
||||
"crowdsecurity/sshd-logs"
|
||||
"crowdsecurity/sshd-success-logs"
|
||||
"crowdsecurity/syslog-logs"
|
||||
];
|
||||
postOverflows = [
|
||||
"crowdsecurity/auditd-nix-wrappers-whitelist-process"
|
||||
];
|
||||
scenarios = [
|
||||
"crowdsecurity/ssh-bf"
|
||||
];
|
||||
};
|
||||
localConfig = {
|
||||
acquisitions = [
|
||||
{
|
||||
journalctl_filter = [
|
||||
"_SYSTEMD_UNIT=authentik.service"
|
||||
];
|
||||
labels = {
|
||||
type = "syslog";
|
||||
};
|
||||
source = "journalctl";
|
||||
}
|
||||
{
|
||||
journalctl_filter = [
|
||||
"_SYSTEMD_UNIT=postgresql.service"
|
||||
];
|
||||
labels = {
|
||||
type = "syslog";
|
||||
};
|
||||
source = "journalctl";
|
||||
}
|
||||
{
|
||||
journalctl_filter = [
|
||||
"_SYSTEMD_UNIT=smbd.service"
|
||||
];
|
||||
labels = {
|
||||
type = "syslog";
|
||||
};
|
||||
source = "journalctl";
|
||||
}
|
||||
{
|
||||
journalctl_filter = [
|
||||
"_SYSTEMD_UNIT=sshd.service"
|
||||
];
|
||||
labels = {
|
||||
type = "syslog";
|
||||
};
|
||||
source = "journalctl";
|
||||
}
|
||||
{
|
||||
journalctl_filter = [
|
||||
"_SYSTEMD_UNIT=traefik.service"
|
||||
];
|
||||
labels = {
|
||||
type = "syslog";
|
||||
};
|
||||
source = "journalctl";
|
||||
}
|
||||
];
|
||||
};
|
||||
settings = {
|
||||
general.api = {
|
||||
server = {
|
||||
enable = true;
|
||||
listen_uri = "${cfg.listenAddress}:${toString cfg.port}";
|
||||
};
|
||||
client = {
|
||||
credentials_path = lib.mkForce "/media/nas/main/nix-app-data/crowdsec/client.yaml";
|
||||
};
|
||||
};
|
||||
capi.credentialsFile = lib.mkDefault "/media/nas/main/nix-app-data/crowdsec/capi.yaml";
|
||||
};
|
||||
capi.credentialsFile = lib.mkDefault "/media/nas/main/nix-app-data/crowdsec/capi.yaml";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
imports = [ crowdsecConfig ];
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user