crowdsec: Fix journalctl acquisitions

After spending an hour figuring this out on my own, I found this https://codeberg.org/kampka/nix-flake-crowdsec/issues/20 :(
2026-01-21 14:01:34 +01:00 · 2025-10-15 20:44:41 +02:00 · 2025-10-15 20:44:41 +02:00 · 344baa5f46
commit 344baa5f46
parent 1fc98070f1
1 changed files with 48 additions and 47 deletions
--- a/modules/system/services/crowdsec/default.nix
+++ b/modules/system/services/crowdsec/default.nix
@ -57,55 +57,56 @@ in
      };
      allowLocalJournalAccess = true;
-      acquisitions =
+      acquisitions = [
-        let
+        (lib.mkIf cfg.sources.iptables {
-          mkJournalAcquisition = unit: {
+          source = "journalctl";
-            source = "journalctl";
+          journalctl_filter = [ "-k" ];
-            journalctl_filter = [ "_SYSTEMD_UNIT=${unit}" ];
+          labels.type = "syslog";
-            labels.type = "syslog";
+        })
-          };
+        (lib.mkIf cfg.sources.caddy {
-        in
+          filenames = [ "${config.services.caddy.logDir}/*.log" ];
-        [
+          labels.type = "caddy";
-          (lib.mkIf cfg.sources.iptables {
+        })
-            source = "journalctl";
+        (lib.mkIf cfg.sources.sshd {
-            journalctl_filter = [ "-k" ];
+          source = "journalctl";
-            labels.type = "syslog";
+          journalctl_filter = [ "_SYSTEMD_UNIT=sshd.service" ];
-          })
+          labels.type = "syslog";
-          (lib.mkIf cfg.sources.caddy {
+        })
-            filenames = [ "${config.services.caddy.logDir}/*.log" ];
+      ];
            labels.type = "caddy";
          })
          (lib.mkIf cfg.sources.sshd (mkJournalAcquisition "sshd.service"))
        ];
    };
-    systemd.services.crowdsec.serviceConfig.ExecStartPre =
+    systemd.services.crowdsec.serviceConfig = {
-      let
+      # Fix journalctl acquisitions
-        installCollection = collection: ''
+      PrivateUsers = false;
-          if ! cscli collections list | grep -q "${collection}"; then
+
-            cscli collections install ${collection}
+      ExecStartPre =
-          fi
+        let
-        '';
+          installCollection = collection: ''
-        mkScript =
+            if ! cscli collections list | grep -q "${collection}"; then
-          name: text:
+              cscli collections install ${collection}
-          lib.getExe (
+            fi
-            pkgs.writeShellApplication {
+          '';
-              inherit name text;
+          mkScript =
-            }
+            name: text:
-          );
+            lib.getExe (
-        collectionsScript =
+              pkgs.writeShellApplication {
-          [
+                inherit name text;
-            (lib.singleton "crowdsecurity/linux")
+              }
-            (lib.optional cfg.sources.iptables "crowdsecurity/iptables")
+            );
-            (lib.optional cfg.sources.caddy "crowdsecurity/caddy")
+          collectionsScript =
-            (lib.optional cfg.sources.sshd "crowdsecurity/sshd")
+            [
-          ]
+              (lib.singleton "crowdsecurity/linux")
-          |> lib.concatLists
+              (lib.optional cfg.sources.iptables "crowdsecurity/iptables")
-          |> lib.map installCollection
+              (lib.optional cfg.sources.caddy "crowdsecurity/caddy")
-          |> lib.concatLines
+              (lib.optional cfg.sources.sshd "crowdsecurity/sshd")
-          |> mkScript "crowdsec-install-collections";
+            ]
-      in
+            |> lib.concatLists
-      lib.mkAfter collectionsScript;
+            |> lib.map installCollection
            |> lib.concatLines
            |> mkScript "crowdsec-install-collections";
        in
        lib.mkAfter collectionsScript;
    };
    custom.persist.directories = [ "/var/lib/crowdsec" ];
  };