From 59d2a732a0699db5982844c957589d34f1f41dbb Mon Sep 17 00:00:00 2001
From: SebastianStork <sebastian.stork@pm.me>
Date: Sun, 9 Nov 2025 21:41:30 +0100
Subject: [PATCH] crowdsec: Auto enable sources when appropriate

---
 hosts/srv-public/default.nix                 |  5 -----
 modules/system/services/crowdsec/default.nix | 12 +++++++++---
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/hosts/srv-public/default.nix b/hosts/srv-public/default.nix
index b8c9654..7b6de63 100644
--- a/hosts/srv-public/default.nix
+++ b/hosts/srv-public/default.nix
@@ -36,11 +36,6 @@
 
         crowdsec = {
           enable = true;
-          sources = {
-            iptables = true;
-            sshd = true;
-            caddy = true;
-          };
           bouncers.firewall = true;
         };
 
diff --git a/modules/system/services/crowdsec/default.nix b/modules/system/services/crowdsec/default.nix
index fc5dc83..94ad3ea 100644
--- a/modules/system/services/crowdsec/default.nix
+++ b/modules/system/services/crowdsec/default.nix
@@ -24,9 +24,15 @@ in
       default = 6060;
     };
     sources = {
-      iptables = lib.mkEnableOption "";
-      caddy = lib.mkEnableOption "";
-      sshd = lib.mkEnableOption "";
+      iptables = lib.mkEnableOption "" // {
+        default = true;
+      };
+      caddy = lib.mkEnableOption "" // {
+        default = config.services.caddy.enable;
+      };
+      sshd = lib.mkEnableOption "" // {
+        default = config.services.openssh.enable;
+      };
     };
   };