{ config, lib, namespace, ... }: let cfg = config.${namespace}.services.crowdsec; in { imports = [ ./options.nix ]; config = lib.mkIf cfg.enable { services = { crowdsec = { enable = true; openFirewall = true; hub = { appSecConfigs = [ "crowdsecurity/appsec-default" ]; appSecRules = [ "crowdsecurity/base-config" ]; collections = [ "crowdsecurity/http-cve" "crowdsecurity/http-dos" "crowdsecurity/linux" "crowdsecurity/nextcloud" "crowdsecurity/pgsql" "crowdsecurity/smb" "crowdsecurity/sshd" "crowdsecurity/traefik" "firix/authentik" ]; parsers = [ "crowdsecurity/actual-budget-whitelist" "crowdsecurity/jellyfin-whitelist" "crowdsecurity/jellyseerr-whitelist" "crowdsecurity/nextcloud-logs" "crowdsecurity/nextcloud-whitelist" "crowdsecurity/pgsql-logs" "crowdsecurity/smb-logs" "crowdsecurity/sshd-logs" "crowdsecurity/sshd-success-logs" "crowdsecurity/syslog-logs" ]; postOverflows = [ "crowdsecurity/auditd-nix-wrappers-whitelist-process" ]; scenarios = [ "crowdsecurity/ssh-bf" ]; }; localConfig = { acquisitions = [ { journalctl_filter = [ "_SYSTEMD_UNIT=authentik.service" ]; labels = { type = "syslog"; }; source = "journalctl"; } { journalctl_filter = [ "_SYSTEMD_UNIT=postgresql.service" ]; labels = { type = "syslog"; }; source = "journalctl"; } { journalctl_filter = [ "_SYSTEMD_UNIT=smbd.service" ]; labels = { type = "syslog"; }; source = "journalctl"; } { journalctl_filter = [ "_SYSTEMD_UNIT=sshd.service" ]; labels = { type = "syslog"; }; source = "journalctl"; } { journalctl_filter = [ "_SYSTEMD_UNIT=traefik.service" ]; labels = { type = "syslog"; }; source = "journalctl"; } ]; }; settings = { general.api = { server = { enable = true; listen_uri = "${cfg.apiAddress}:${toString cfg.port}"; }; client = { credentials_path = lib.mkForce "/media/nas/main/nix-app-data/crowdsec/client.yaml"; }; }; capi.credentialsFile = lib.mkDefault "/media/nas/main/nix-app-data/crowdsec/capi.yaml"; }; }; }; }; }