{
  config,
  pkgs,
  lib,
  ...
}: let
  cfg = config.services.vm_redis;
in {
  options.services.vm_redis = {
    enable = lib.mkEnableOption "Enable minimal config";
  };
  config = lib.mkIf cfg.enable {
    age.secrets.redis-lapi-key = {
      file = ../../secrets/redis-lapi-key.age;
      owner = "crowdsec";
    };
    services = {
      crowdsec = {
        settings.lapi.credentialsFile = "${config.age.secrets.redis-lapi-key.path}";
        localConfig = {
          acquisitions = [
            {
              source = "journalctl";
              journalctl_filter = [ "_SYSTEMD_UNIT=redis.service" ];
              labels = {
                type = "syslog";
              };
            }
          ];
        };
      };
      redis = {
        vmOverCommit = true;
        servers.redis = {
          enable = true;
          port = 6379;
          bind = "0.0.0.0";
          settings = {
            protected-mode = "no";
          };
        };
      };
    };
    networking.firewall.allowedTCPPorts = [6379];
  };
}