SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 18:41:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Track ssh logs with crowdsec

Browse source
This commit is contained in:
SebastianStork 2025-06-01 22:27:45 +02:00
parent cb6570667b
commit 494327d30e
2 changed files with 30 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

1
hosts/cirrus/default.nix
View file

@ -16,6 +16,7 @@
enable = true;
firewallBouncer.enable = true;
sources = [
"sshd"
"iptables"
"caddy"
];

47
modules/system/services/crowdsec/default.nix
View file

@ -20,6 +20,7 @@ in
sources = lib.mkOption {
type = lib.types.listOf (
lib.types.enum [
"sshd"
"iptables"
"caddy"
]
@ -42,33 +43,43 @@ in
prometheus.enabled = false;
};
acquisitions = [
(lib.mkIf (lib.elem "iptables" cfg.sources) {
source = "journalctl";
journalctl_filter = [ "-k" ];
labels.type = "syslog";
})
(lib.mkIf (lib.elem "caddy" cfg.sources) {
source = "journalctl";
journalctl_filter = [ "_SYSTEMD_UNIT=caddy.service" ];
labels.type = "syslog";
})
];
acquisitions =
let
mkAcquisition =
enable: unit:
lib.optionalAttrs enable {
source = "journalctl";
journalctl_filter = [ "_SYSTEMD_UNIT=${unit}" ];
labels.type = "syslog";
};
in
[
(mkAcquisition (lib.elem "sshd" cfg.sources) "sshd.service")
(mkAcquisition (lib.elem "caddy" cfg.sources) "caddy.service")
(lib.mkIf (lib.elem "iptables" cfg.sources) {
source = "journalctl";
journalctl_filter = [ "-k" ];
labels.type = "syslog";
})
];
};
systemd.services.crowdsec.preStart =
let
collections = lib.flatten [
"crowdsecurity/linux"
(lib.optional (lib.elem "iptables" cfg.sources) "crowdsecurity/iptables")
(lib.optional (lib.elem "caddy" cfg.sources) "crowdsecurity/caddy")
];
addCollection = collection: ''
if ! cscli collections list | grep -q "${collection}"; then
cscli collections install ${collection}
fi
'';
in
collections |> lib.map addCollection |> lib.concatLines;
[
"crowdsecurity/linux"
(lib.optional (lib.elem "sshd" cfg.sources) "crowdsecurity/sshd")
(lib.optional (lib.elem "caddy" cfg.sources) "crowdsecurity/caddy")
(lib.optional (lib.elem "iptables" cfg.sources) "crowdsecurity/iptables")
]
|> lib.flatten
|> lib.map addCollection
|> lib.concatLines;
};
}