crowdsec

2026-04-10 02:54:39 -07:00 · 2026-01-16 02:46:42 -08:00 · 2026-01-16 02:46:42 -08:00 · 3d7f565c37
commit 3d7f565c37
parent ea9dcb4235
1 changed files with 12 additions and 11 deletions
--- a/modules/nixos/orac/crowdsec.nix
+++ b/modules/nixos/orac/crowdsec.nix
@ -4,6 +4,8 @@
  services.crowdsec = {
    enable = true;

+    allowLocalAPI = true;
+
    hub = {
      collections = [
        "crowdsecurity/linux"
@ -13,7 +15,7 @@
      ];
    };

-    localConfig.acquisitions = [
+    acquisitions = [
      {
        source = "journalctl";
        journalctl_filter = [ "_SYSTEMD_UNIT=sshd.service" ];
@ -21,34 +23,33 @@
      }
      {
        source = "journalctl";
-        journalctl_filter = [ "SYSLOG_IDENTIFIER=sudo" "SYSLOG_IDENTIFIER=auth" ];
+        journalctl_filter = [
+          "SYSLOG_IDENTIFIER=sudo"
+          "SYSLOG_IDENTIFIER=auth"
+        ];
        labels.type = "syslog";
      }
-
      {
        source = "journalctl";
        journalctl_filter = [ "_SYSTEMD_UNIT=docker-traefik.service" ];
        labels.type = "traefik";
      }
    ];
-
-    settings = {
-      api.server.enable = true;
-    };
  };

  services.crowdsec-firewall-bouncer = {
    enable = true;
-    
+    registerBouncer = {
+      enable = true;
+    };
+
    settings = {
-      registerBouncer = true;
      mode = "nftables";
      log_level = "info";
      update_frequency = "10s";
-      
      api_url = "http://127.0.0.1:8080/";
    };
  };

  users.users.crowdsec.extraGroups = [ "systemd-journal" ];
-}
+}