Nix Podman Stacks
Search K

Appearance

crowdsec

Example

nix
{
  crowdsec = {
    enable = true;
    enableGrafanaDashboard = true;
    enablePrometheusExport = true;

    # Optional, to enroll the security engine to the console
    extraEnv = {
      ENROLL_INSTANCE_NAME = "homeserver";
      ENROLL_KEY.fromFile = config.sops.secrets."crowdsec/enroll_key".path;
    };
  };
}

Stack Options

nps.stacks.crowdsec.acquisSettings

Acquisitions settings for Crowdsec. Each attribute set value will be mapped to an acquis configuration and mounted into the /etc/crowdsec/acquis.d directory.

See https://docs.crowdsec.net/docs/next/log_processor/data_sources/intro for all available options.

Type
plaintext
attribute set of (open submodule of (YAML 1.1 value))
Default
nix
{ }
Declaration
<nps/modules/crowdsec>

nps.stacks.crowdsec.acquisSettings.<name>.labels

A map of labels to add to the event. The type label is mandatory, and used by the Security Engine to choose which parser to use.

See https://docs.crowdsec.net/docs/next/log_processor/data_sources/intro#labels

Type
plaintext
open submodule of (YAML 1.1 value)
Default
nix
{ }
Declaration
<nps/modules/crowdsec>

nps.stacks.crowdsec.acquisSettings.<name>.labels.type

This option has no description.

Type
plaintext
string
Declaration
<nps/modules/crowdsec>

nps.stacks.crowdsec.acquisSettings.<name>.log_level

Log level to use in the datasource

Type
plaintext
string
Default
nix
"info"
Declaration
<nps/modules/crowdsec>

nps.stacks.crowdsec.acquisSettings.<name>.source

Which type of datasource to use.

Type
plaintext
string
Example
nix
"docker"
Declaration
<nps/modules/crowdsec>

nps.stacks.crowdsec.collections

Collections to install. Will be passed as the COLLECTIONS environment variable.

See https://app.crowdsec.net/hub/collections

Type
plaintext
strings concatenated with " "
Default
nix
""
Example
nix
"LePresidente/adguardhome crowdsecurity/aws-console"
Declaration
<nps/modules/crowdsec>

nps.stacks.crowdsec.containers.crowdsec

Alias of {option}services.podman.containers.crowdsec.

Type
plaintext
submodule
Declaration
<nps/modules/crowdsec>

nps.stacks.crowdsec.enable

Whether to enable crowdsec.

Type
plaintext
boolean
Default
nix
false
Example
nix
true
Declaration
<nps/modules/crowdsec>

nps.stacks.crowdsec.enableGrafanaDashboard

Whether to enable Grafana Dashboard.

Type
plaintext
boolean
Default
nix
false
Example
nix
true
Declaration
<nps/modules/crowdsec>

nps.stacks.crowdsec.enablePrometheusExport

Whether to enable Prometheus Export.

Type
plaintext
boolean
Default
nix
false
Example
nix
true
Declaration
<nps/modules/crowdsec>

nps.stacks.crowdsec.extraEnv

Extra environment variables to set for the container. Variables can be either set directly or sourced from a file (e.g. for secrets).

See https://github.com/crowdsecurity/crowdsec/blob/master/docker/README.md#environment-variables

Type
plaintext
attribute set of (null or boolean or signed integer or string or absolute path or (submodule))
Default
nix
{ }
Example
nix
{
  FOO = "bar";
  SOME_SECRET = {
    fromFile = "/run/secrets/secret_name";
  };
}
Declaration
<nps/modules/crowdsec>

nps.stacks.crowdsec.settings

Configuration settings for Crowdsec. Will be provided as the config.yaml.local file.

See https://docs.crowdsec.net/docs/configuration/crowdsec_configuration/

Type
plaintext
YAML 1.1 value
Default
nix
{ }
Declaration
<nps/modules/crowdsec>

nps.stacks.crowdsec.useSocketProxy

Whether to access the Podman socket through the read-only proxy for the crowdsec stack. Will be enabled by default if the 'docker-socket-proxy' stack is enabled.

Type
plaintext
boolean
Default
nix
config.nps.stacks.docker-socket-proxy.enable
Declaration
<nps/modules/crowdsec>