Refactor parsers in crowdsec module to make use of symlinkjoin

Fixes failing build when running nix flake check --no-build because
store paths may not be present.

README.md

@@ -1,9 +1,5 @@
 # Crowdsec for NixOS
 
-This project has moved to Codeberg.
-You can find the latest version at https://codeberg.org/kampka/nix-flake-crowdsec
-Please make sure to update your dependency to receive the latests updates.
-
 ## About
 
 This repository contains a [Nix flake](https://nixos.wiki/wiki/Flakes) for running [Crowdsec](https://www.crowdsec.net/) on NixOS.
@@ -64,7 +60,7 @@ To enroll your crowdsec engine into the central API, you need to obtain an enrol
 Enrolling your engine will give it access to community or commercial blocklist and decisions, depending on your plan.
 Enrollment is optional, if you do not want to enroll your engine and just at on your own logs / events, simply omit the `enrollKeyFile` from the settings.
 
-For additional configuration options, please consult the (Crowdsec documentation)[https://docs.crowdsec.net/docs/configuration/crowdsec_configuration/].
+For additional configuration options, please consult the [Crowdsec documentation](https://docs.crowdsec.net/docs/configuration/crowdsec_configuration/).
 
 
 ### Crowdsec firewall bouncer

modules/crowdsec/default.nix

@@ -10,17 +10,9 @@
 
   pkg = cfg.package;
 
-  defaultPatterns = lib.mapAttrs (name: value: lib.mkDefault "${pkg}/share/crowdsec/config/patterns/${name}") (builtins.readDir "${pkg}/share/crowdsec/config/patterns");
+  defaultPatterns = [pkg.patterns];
 
-  patternsDir = pkgs.runCommandNoCC "crowdsec-patterns" {} ''
+  patternsDir = pkgs.symlinkJoin { name = "crowdsec-merged-patterns"; paths = [cfg.patterns];};
-    mkdir -p $out
-    ${lib.concatStringsSep "\n" (lib.attrValues (lib.mapAttrs (
-        k: v: ''
-          ln -sf ${v} $out/${k}
-        ''
-      )
-      cfg.patterns))}
-  '';
 
   defaultSettings = with lib; {
     common = {
@@ -42,6 +34,14 @@
     };
     crowdsec_service = {
       enable = mkDefault true;
+      acquisition_dir = let
+        yamlFiles = map (format.generate "acquisition.yaml") cfg.acquisitions;
+        dir = pkgs.runCommand "crowdsec-acquisitions" {} ''
+          mkdir -p $out
+          cp ${lib.concatStringsSep " " yamlFiles} $out
+        '';
+      in
+        mkDefault dir;
     };
     api = {
       client = {
@@ -81,7 +81,7 @@ in {
     name = mkOption {
       type = types.str;
       description = mdDoc ''
-        Name of the machine when registering it at the central or loal api.
+        Name of the machine when registering it at the central or local api.
       '';
       default = config.networking.hostName;
     };
@@ -93,22 +93,38 @@ in {
       type = types.nullOr types.path;
       default = null;
     };
+    acquisitions = mkOption {
+      type = with types; listOf format.type;
+      default = {};
+      description = mdDoc ''
+        A list of acquisition specifications, which define the data sources you want to be parsed.
+        See <https://docs.crowdsec.net/u/getting_started/post_installation/acquisition_new> for details.
+      '';
+      example = [
+        {
+          source = "journalctl";
+          journalctl_filter = ["_SYSTEMD_UNIT=sshd.service"];
+          labels.type = "syslog";
+        }
+      ];
+    };
     patterns = mkOption {
       description = mdDoc ''
-        A set of pattern files for parsing logs, in the form "type" to file containing the corresponding GROK patterns.
+        A list of pattern derrivations for parsing logs, in the form "type" to file containing the corresponding GROK patterns.
+        Files in the derriviatons will be merged into one and must only contains files in the root of the derivation.
         All default patterns are automatically included.
         See <https://github.com/crowdsecurity/crowdsec/tree/master/config/patterns>.
       '';
-      type = types.attrsOf types.pathInStore;
+      type = types.listOf types.package; #types.attrsOf types.pathInStore;
-      default = {};
+      default = [];
       example = lib.literalExpression ''
-        { ssh = ./patterns/ssh;}
+        [ (pkgs.writeTextDir "ssh" (builtins.readFile ./ssh)) ]
       '';
     };
     settings = mkOption {
       description = mdDoc ''
-        Settings for MediaMTX. Refer to the defaults at
+        Settings for Crowdsec. Refer to the defaults at
-        <https://github.com/bluenviron/mediamtx/blob/main/mediamtx.yml>.
+        <https://github.com/crowdsecurity/crowdsec/blob/master/config/config.yaml>.
       '';
       type = format.type;
       default = {};
@@ -128,6 +144,9 @@ in {
       set -eu
       set -o pipefail
 
+      # cscli needs crowdsec on it's path in order to be able to run `cscli explain`
+      export PATH=$PATH:${lib.makeBinPath [pkg]}
+
       exec ${pkg}/bin/cscli -c=${configFile} "''${@}"
     '';
   in

packages/bouncer-firewall/default.nix

@@ -5,16 +5,16 @@
 }:
 buildGoModule rec {
   pname = "cs-firewall-bouncer";
-  version = "0.0.28";
+  version = "0.0.31";
 
   src = fetchFromGitHub {
     owner = "crowdsecurity";
     repo = pname;
     rev = "v${version}";
-    hash = "sha256-Y1pCupCtYkOD6vKpcmM8nPlsGbO0kYhc3PC9YjJHeMw=";
+    hash = "sha256-59MWll8v00CF4WA53gjHZSTFc8hpYaHENg9O7LgTCrA=";
   };
 
-  vendorHash = "sha256-BA7OHvqIRck3LVgtx7z8qhgueaJ6DOMU8clvWKUCdqE=";
+  vendorHash = "sha256-7Jxvg8UEjUxnIz1llvXyI2AefJ31OVdNzhWD/C8wU/Y=";
 
   meta = with lib; {
     homepage = "https://crowdsec.net/";

packages/crowdsec/default.nix

@@ -32,16 +32,18 @@ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 }:
 buildGoModule rec {
   pname = "crowdsec";
-  version = "1.6.2";
+  version = "1.6.3";
 
   src = fetchFromGitHub {
     owner = "crowdsecurity";
     repo = pname;
     rev = "v${version}";
-    hash = "sha256-3GpSpADtCNvekR7gjbIlqzog7PMog6Sra5tpcnUf/gk=";
+    hash = "sha256-JN2siYUUFPSz+SyQwkX6DZ9k82SGHEQ1QHBEIfEV4EM=";
   };
 
-  vendorHash = "sha256-kkQYKiOSmFHjhOrYV40YRZX9w6rUue0NSKfw+Bqxb9s=";
+  vendorHash = "sha256-fl5LkRz69QOq4aPyAhMFxw1FWozLzofDBUGvRptuyZY=";
+
+  outputs = [ "out" "patterns" ];
 
   nativeBuildInputs = [installShellFiles];
 
@@ -64,9 +66,13 @@ buildGoModule rec {
   postBuild = "mv $GOPATH/bin/{crowdsec-cli,cscli}";
 
   postInstall = ''
+      mkdir -p $patterns
+      mv ./config/patterns/* $patterns
+
     mkdir -p $out/share/crowdsec
     cp -r ./config $out/share/crowdsec/
 
+
     installShellCompletion --cmd cscli \
       --bash <($out/bin/cscli completion bash) \
       --fish <($out/bin/cscli completion fish) \