Add redis crowdsec config

2025-05-13 14:44:53 +02:00 · 2025-05-13 14:44:53 +02:00 · 0012bcd36b
commit 0012bcd36b
parent 3fd9c73fc1
4 changed files with 47 additions and 9 deletions
--- a/services/redis/default.nix
+++ b/services/redis/default.nix
@ -10,14 +10,34 @@ in {
    enable = lib.mkEnableOption "Enable minimal config";
  };
  config = lib.mkIf cfg.enable {
-    services.redis = {
-      vmOverCommit = true;
-      servers.redis = {
-        enable = true;
-        port = 6379;
-        bind = "0.0.0.0";
-        settings = {
-          protected-mode = "no";
+    age.secrets.redis-lapi-key = {
+      file = ../../secrets/redis-lapi-key.age;
+      owner = "crowdsec";
+    };
+    services = {
+      crowdsec = {
+        settings.lapi.credentialsFile = "${config.age.secrets.redis-lapi-key.path}";
+        localConfig = {
+          acquisitions = [
+            {
+              source = "journalctl";
+              journalctl_filter = [ "_SYSTEMD_UNIT=redis.service" ];
+              labels = {
+                type = "syslog";
+              };
+            }
+          ];
+        };
+      };
+      redis = {
+        vmOverCommit = true;
+        servers.redis = {
+          enable = true;
+          port = 6379;
+          bind = "0.0.0.0";
+          settings = {
+            protected-mode = "no";
+          };
        };
      };
    };