Try to implement crowdsec everywhere, connected to central lapi

systems/minimalLXCConfig.nix

@@ -98,6 +98,12 @@
       netcat-openbsd
     ];
   };
+  age.secrets = {
+    cs-lapi-key = {
+      file = ../secrets/cs-lapi-key.age;
+      owner = "crowdsec";
+    };
+  };
 
   services = {
     openssh = {
@@ -115,6 +121,21 @@
     fail2ban = {
       enable = true;
     };
+    crowdsec = {
+      enable = true;
+      package = pkgs.crowdsec;
+      autoUpdateService = false;
+      openFirewall = true;
+      settings = {
+        general = {
+          prometheus.listen_addr = "0.0.0.0";
+        };
+        lapi.credentialsFile = "${config.age.secrets.cs-lapi-key.path}";
+      };
+      hub.collections = [
+        "crowdsecurity/linux"
+      ];
+    };
     rsyslogd = {
       enable = true;
       extraConfig = "*.*@192.168.1.27:514;RSYSLOG_SyslogProtocol23Format";