From eefd8f3330b276a16cde957d1b6864d9e014a0d1 Mon Sep 17 00:00:00 2001
From: death916 <mail@trentnelson.dev>
Date: Fri, 16 Jan 2026 03:34:36 -0800
Subject: [PATCH] crowdsec

---
 modules/nixos/orac/crowdsec.nix | 75 ---------------------------------
 nixos/orac.nix                  |  2 +-
 2 files changed, 1 insertion(+), 76 deletions(-)
 delete mode 100644 modules/nixos/orac/crowdsec.nix

diff --git a/modules/nixos/orac/crowdsec.nix b/modules/nixos/orac/crowdsec.nix
deleted file mode 100644
index 61fcbe3..0000000
--- a/modules/nixos/orac/crowdsec.nix
+++ /dev/null
@@ -1,75 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  services.crowdsec = {
-    enable = true;
-
-    localConfig = {
-      acquisitions = [
-        {
-          source = "journalctl";
-          journalctl_filter = [ "_SYSTEMD_UNIT=sshd.service" ];
-          labels.type = "syslog";
-        }
-        {
-          source = "journalctl";
-          journalctl_filter = [
-            "SYSLOG_IDENTIFIER=sudo"
-            "SYSLOG_IDENTIFIER=auth"
-          ];
-          labels.type = "syslog";
-        }
-        {
-          source = "journalctl";
-          journalctl_filter = [ "_SYSTEMD_UNIT=docker-traefik.service" ];
-          labels.type = "traefik";
-        }
-      ];
-    };
-
-    settings = {
-      common = {
-        log_media = "stdout";
-      };
-      api = {
-        client = {
-          credentials_path = "/var/lib/crowdsec/lapi-credentials.yaml";
-        };
-        server = {
-          enable = true;
-          listen_uri = "127.0.0.1:8080";
-        };
-      };
-    };
-
-    hub = {
-      collections = [
-        "crowdsecurity/linux"
-        "crowdsecurity/sshd"
-        "crowdsecurity/traefik"
-        "crowdsecurity/http-cve"
-      ];
-    };
-  };
-
-  services.crowdsec-firewall-bouncer = {
-    enable = true;
-
-    registerBouncer = {
-      enable = true;
-    };
-
-    settings = {
-      mode = "nftables";
-      log_level = "info";
-      update_frequency = "10s";
-      api_url = "http://127.0.0.1:8080/";
-    };
-  };
-
-  users.users.crowdsec.extraGroups = [ "systemd-journal" ];
-
-  systemd.tmpfiles.rules = [
-    "d /var/lib/crowdsec 0750 crowdsec crowdsec -"
-  ];
-}
diff --git a/nixos/orac.nix b/nixos/orac.nix
index e1f01e5..59b7bd5 100644
--- a/nixos/orac.nix
+++ b/nixos/orac.nix
@@ -9,7 +9,7 @@
     ../modules/nixos/orac/restic.nix
     ../modules/containers/docker/karakeep/docker-compose.nix
     ../modules/nixos/orac/monitoring.nix
-    ../modules/nixos/orac/crowdsec.nix
+    ../modules/containers/docker/crowdsec/crowdsec.nix
   ];
 
   networking.firewall = {