gador/nix-flake-crowdsec
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add acquisitions module option

Browse Source
This commit is contained in:
PopeRigby
2024-07-16 19:18:43 -07:00
committed by Christian Kampka
parent 5a021d5ca5
commit b27b84acb8
1 changed files with 23 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
modules/crowdsec/default.nix
View File

@@ -42,6 +42,14 @@
}; };
crowdsec_service = { crowdsec_service = {
enable = mkDefault true; enable = mkDefault true;
acquisition_dir = let
yamlFiles = map (format.generate "acquisition.yaml") cfg.acquisitions;
dir = pkgs.runCommand "crowdsec-acquisitions" {} ''
mkdir -p $out
cp ${lib.concatStringsSep " " yamlFiles} $out
'';
in
mkDefault dir;
}; };
api = { api = {
client = { client = {
@@ -93,6 +101,21 @@ in {
type = types.nullOr types.path; type = types.nullOr types.path;
default = null; default = null;
}; };
acquisitions = mkOption {
type = with types; listOf format.type;
default = {};
description = mdDoc ''
A list of acquisition specifications, which define the data sources you want to be parsed.
See <https://docs.crowdsec.net/u/getting_started/post_installation/acquisition_new> for details.
'';
example = [
{
source = "journalctl";
journalctl_filter = ["_SYSTEMD_UNIT=sshd.service"];
labels.type = "syslog";
}
];
};
patterns = mkOption { patterns = mkOption {
description = mdDoc '' description = mdDoc ''
A set of pattern files for parsing logs, in the form "type" to file containing the corresponding GROK patterns. A set of pattern files for parsing logs, in the form "type" to file containing the corresponding GROK patterns.