rope/nixos
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nixos/services/crowdsec.nix

31 lines
790 B
Nix
Raw Normal View History

Add CrowdSec IPS with firewall bouncer on FredOS-Mediaserver Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-05 22:59:37 +01:00
{ config, lib, ... }:
{
config = lib.mkIf (config.networking.hostName == "FredOS-Mediaserver") {
services.crowdsec = {
enable = true;
autoUpdateService = true;
localConfig.acquisitions = [
# SSH
{
source = "journalctl";
journalctl_filter = [ "-u" "sshd" ];
labels.type = "syslog";
}
# Nginx Proxy Manager (Docker logs via journald)
{
source = "journalctl";
journalctl_filter = [ "-u" "docker" "-t" "nginx-proxy-manager" ];
labels.type = "nginx";
}
];
};
# Firewall bouncer — auto-registers to local CrowdSec API
Fix CrowdSec bouncer api_url to resolve null coercion error Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-05 23:05:57 +01:00
services.crowdsec-firewall-bouncer = {
enable = true;
settings.api_url = "http://127.0.0.1:8080";
};
Add CrowdSec IPS with firewall bouncer on FredOS-Mediaserver Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-05 22:59:37 +01:00
};
}
Reference in a new issue Copy permalink