nixos/services/crowdsec.nix

{ config, lib, ... }:
{
  config = lib.mkIf (config.networking.hostName == "FredOS-Mediaserver") {
    services.crowdsec = {
      enable = true;
      autoUpdateService = true;

      localConfig.acquisitions = [
        # SSH
        {
          source = "journalctl";
          journalctl_filter = [ "-u" "sshd" ];
          labels.type = "syslog";
        }
        # Nginx Proxy Manager (Docker logs via journald)
        {
          source = "journalctl";
          journalctl_filter = [ "-u" "docker" "-t" "nginx-proxy-manager" ];
          labels.type = "nginx";
        }
      ];
    };

    # Firewall bouncer — auto-registers to local CrowdSec API
    services.crowdsec-firewall-bouncer.enable = true;
  };
}
Add CrowdSec IPS with firewall bouncer on FredOS-Mediaserver Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-04-05 22:59:37 +01:00			`{ config, lib, ... }:`
			`{`
			`config = lib.mkIf (config.networking.hostName == "FredOS-Mediaserver") {`
			`services.crowdsec = {`
			`enable = true;`
			`autoUpdateService = true;`

			`localConfig.acquisitions = [`
			`# SSH`
			`{`
			`source = "journalctl";`
			`journalctl_filter = [ "-u" "sshd" ];`
			`labels.type = "syslog";`
			`}`
			`# Nginx Proxy Manager (Docker logs via journald)`
			`{`
			`source = "journalctl";`
			`journalctl_filter = [ "-u" "docker" "-t" "nginx-proxy-manager" ];`
			`labels.type = "nginx";`
			`}`
			`];`
			`};`

			`# Firewall bouncer — auto-registers to local CrowdSec API`
			`services.crowdsec-firewall-bouncer.enable = true;`
			`};`
			`}`