nixos/services/crowdsec: add data sources option

2025-01-31 04:58:01 +00:00 · 2024-09-18 09:49:03 +08:00 · 2024-09-18 09:49:03 +08:00 · c5eac6f3f9
commit c5eac6f3f9
parent 30a39a2fd8
1 changed files with 74 additions and 5 deletions
--- a/modules/nixos/services/crowdsec.nix
+++ b/modules/nixos/services/crowdsec.nix
@ -16,7 +16,7 @@ let
        default = pluginsConfigDrv;
        defaultText = ''
          All of the compiled configuration files from
-          {option}`services.crowdsec.plugins.settings`.
+          {option}`services.crowdsec.plugins.<name>.settings`.
        '';
        example = "./config/crowdsec/plugins";
      };
@ -29,28 +29,56 @@ let
        default = pluginsDir;
        defaultText = ''
          All of the compiled plugins from
-          {options}`services.crowdsec.plugins.package`.
+          {options}`services.crowdsec.plugins.<name>.package`.
        '';
      };
    };
+
+    options.crowdsec_service = {
+      acqusition_dir = lib.mkOption {
+        type = lib.types.path;
+        description = ''
+          Directory containing acqusition configurations.
+        '';
+        default = acqusitionsDir;
+        defaultText = ''
+          All of the compiled configuration from
+          {options}`services.crowdsec.acqusitions.<name>.settings`.
+        '';
+        example = "./config/crowdsec/acqusitions";
+      };
+    };
  };

  pluginsDir = pkgs.symlinkJoin {
    name = "crowdsec-system-plugins";
-    paths = lib.mapAttrsToList (n: v: "${v.package}/share/crowdsec") cfg.plugins;
+    paths =
+      let
+        plugins = lib.filterAttrs (n: v: v.package != null) cfg.plugins;
+      in
+        lib.mapAttrsToList (n: v: "${v.package}/share/crowdsec") plugins;
  };

  pluginsConfigDrv = let
    pluginsConfigs =
      lib.mapAttrsToList
-        (n: v:
-          pkgs.writeTextDir "/notifications/${n}.yaml" (lib.generators.toYAML { } v.settings))
+        (n: v: settingsFormat.generate "crowdsec-system-plugin-config-${n}" v.settings)
        cfg.plugins;
  in pkgs.symlinkJoin {
    name = "crowdsec-system-plugins-configs";
    paths = pluginsConfigs;
  };

+  acqusitionsDir = let
+    acqusitionConfigs =
+      lib.mapAttrsToList
+        (n: v: settingsFormat.generate "crowdsec-system-acqusition-config-${n}" v.settings)
+        cfg.dataSources;
+  in pkgs.symlinkJoin {
+    name = "crowdsec-system-acqusitions-configs";
+    paths = acqusitionConfigs;
+  };
+
  crowdsecPluginsModule = { name, config, ... }: {
    options = {
      settings = lib.mkOption {
@ -82,6 +110,22 @@ let
    };
  };

+  acqusitionsSubmodule = { name, config, ... }: {
+    options.settings = lib.mkOption {
+      type = settingsFormat.type;
+      description = ''
+        Configuration associated with each data source.
+      '';
+      default = { };
+      example = {
+        source = "journalctl";
+        journalctl_filter = [
+          "_SYSTEMD_UNIT=ssh.service"
+        ];
+      };
+    };
+  };
+
  configFile = settingsFormat.generate "crowdsec-config" cfg.settings;
 in
 {
@ -140,6 +184,31 @@ in
        }
      '';
    };
+
+    dataSources = lib.mkOption {
+      type = with lib.types; attrsOf (submodule acqusitionsSubmodule);
+      description = ''
+        Set of data sources where logs are to be analyzed from.
+
+        ::: {.caution}
+        This is to be included as part of the default acqusition configuration
+        directory.
+
+        If {option}`services.crowdsec.settings.crowdsec_agent.acqusition_dir`
+        is set by the user, this option is effectively ignored.
+        :::
+      '';
+      default = { };
+      example = {
+        ssh = {
+          source = "journalctl";
+          journalctl_filter = [
+            "_SYSTEMD_UNIT=ssh.service"
+          ];
+          labels.type = "syslog";
+        };
+      };
+    };
  };

  config = lib.mkIf cfg.enable {