{ config, lib, namespace, ... }: let cfg = config.${namespace}.services.crowdsec; in { imports = [ ./options.nix ]; config = lib.mkIf cfg.enable { services = { crowdsec = { enable = true; openFirewall = true; hub = { appSecConfigs = [ "crowdsecurity/appsec-default" ]; appSecRules = [ "crowdsecurity/base-config" ]; collections = [ "crowdsecurity/linux" "crowdsecurity/traefik" "firix/authentik" ]; parsers = [ "crowdsecurity/sshd-logs" ]; postOverflows = [ "crowdsecurity/auditd-nix-wrappers-whitelist-process" ]; scenarios = [ "crowdsecurity/ssh-bf" ]; }; localConfig = { acquisitions = [ { journalctl_filter = [ "_SYSTEMD_UNIT=sshd.service" ]; labels = { type = "syslog"; }; source = "journalctl"; } { journalctl_filter = [ "_SYSTEMD_UNIT=traefik.service" ]; labels = { type = "syslog"; }; source = "journalctl"; } { journalctl_filter = [ "_SYSTEMD_UNIT=authentik.service" ]; labels = { type = "syslog"; }; source = "journalctl"; } ]; }; settings = { general.api = { server = { enable = true; listen_uri = "${cfg.apiAddress}:${toString cfg.port}"; }; client = { credentials_path = lib.mkForce "/media/nas/main/nix-app-data/crowdsec/client.yaml"; }; }; capi.credentialsFile = lib.mkDefault "/media/nas/main/nix-app-data/crowdsec/capi.yaml"; }; }; }; }; }