From b27b84acb8602ff38e24ece9faaebc0ea632f899 Mon Sep 17 00:00:00 2001
From: PopeRigby <poperigby@mailbox.org>
Date: Tue, 16 Jul 2024 19:18:43 -0700
Subject: [PATCH] Add `acquisitions` module option

---
 modules/crowdsec/default.nix | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/modules/crowdsec/default.nix b/modules/crowdsec/default.nix
index 9ed4a54..df446ab 100644
--- a/modules/crowdsec/default.nix
+++ b/modules/crowdsec/default.nix
@@ -42,6 +42,14 @@
     };
     crowdsec_service = {
       enable = mkDefault true;
+      acquisition_dir = let
+        yamlFiles = map (format.generate "acquisition.yaml") cfg.acquisitions;
+        dir = pkgs.runCommand "crowdsec-acquisitions" {} ''
+          mkdir -p $out
+          cp ${lib.concatStringsSep " " yamlFiles} $out
+        '';
+      in
+        mkDefault dir;
     };
     api = {
       client = {
@@ -93,6 +101,21 @@ in {
       type = types.nullOr types.path;
       default = null;
     };
+    acquisitions = mkOption {
+      type = with types; listOf format.type;
+      default = {};
+      description = mdDoc ''
+        A list of acquisition specifications, which define the data sources you want to be parsed.
+        See <https://docs.crowdsec.net/u/getting_started/post_installation/acquisition_new> for details.
+      '';
+      example = [
+        {
+          source = "journalctl";
+          journalctl_filter = ["_SYSTEMD_UNIT=sshd.service"];
+          labels.type = "syslog";
+        }
+      ];
+    };
     patterns = mkOption {
       description = mdDoc ''
         A set of pattern files for parsing logs, in the form "type" to file containing the corresponding GROK patterns.