death916/nixconfig
1
0
Fork 0
mirror of https://github.com/Death916/nixconfig.git synced 2026-04-11 04:48:25 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

crowdsec

Browse source
This commit is contained in:
death916 2026-01-16 03:02:02 -08:00
parent e12f26c6d6
commit ae4639fa47
1 changed files with 30 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

56
modules/nixos/orac/crowdsec.nix
View file

@ -4,33 +4,37 @@
services.crowdsec = {
enable = true;
hub.collections = [
"crowdsecurity/linux"
"crowdsecurity/sshd"
"crowdsecurity/traefik"
"crowdsecurity/http-cve"
];
hub = {
collections = [
"crowdsecurity/linux"
"crowdsecurity/sshd"
"crowdsecurity/traefik"
"crowdsecurity/http-cve"
];
};
localConfig = [
{
source = "journalctl";
journalctl_filter = [ "_SYSTEMD_UNIT=sshd.service" ];
labels.type = "syslog";
}
{
source = "journalctl";
journalctl_filter = [
"SYSLOG_IDENTIFIER=sudo"
"SYSLOG_IDENTIFIER=auth"
];
labels.type = "syslog";
}
{
source = "journalctl";
journalctl_filter = [ "_SYSTEMD_UNIT=docker-traefik.service" ];
labels.type = "traefik";
}
];
localConfig = {
acquisitions = [
{
source = "journalctl";
journalctl_filter = [ "_SYSTEMD_UNIT=sshd.service" ];
labels.type = "syslog";
}
{
source = "journalctl";
journalctl_filter = [
"SYSLOG_IDENTIFIER=sudo"
"SYSLOG_IDENTIFIER=auth"
];
labels.type = "syslog";
}
{
source = "journalctl";
journalctl_filter = [ "_SYSTEMD_UNIT=docker-traefik.service" ];
labels.type = "traefik";
}
];
};
settings = {
api = {