nixpkgs/pkgs/tools/security/crowdsec/default.nix

{ lib, buildGoModule, fetchFromGitHub, installShellFiles }:

buildGoModule rec {
  pname = "crowdsec";
  version = "1.5.4";

  src = fetchFromGitHub {
    owner = "crowdsecurity";
    repo = pname;
    rev = "v${version}";
    hash = "sha256-5VwsuPNoAhCvhKUJDUkXnEVLMqHx2M1Nz11VoBASoxU=";
  };

  vendorHash = "sha256-6ODcb7UQPgM5n5RPN4AdkrY3+vlu+GXlUfrlTePywyY=";

  nativeBuildInputs = [ installShellFiles ];

  subPackages = [
    "cmd/crowdsec"
    "cmd/crowdsec-cli"
  ];

  ldflags = [
    "-s"
    "-w"
    "-X github.com/crowdsecurity/go-cs-lib/pkg/version.Version=v${version}"
    "-X github.com/crowdsecurity/go-cs-lib/pkg/version.BuildDate=1970-01-01_00:00:00"
    "-X github.com/crowdsecurity/go-cs-lib/pkg/version.Tag=${src.rev}"
    "-X github.com/crowdsecurity/crowdsec/pkg/cwversion.Codename=alphaga"
    "-X github.com/crowdsecurity/crowdsec/pkg/csconfig.defaultConfigDir=/etc/crowdsec"
    "-X github.com/crowdsecurity/crowdsec/pkg/csconfig.defaultDataDir=/var/lib/crowdsec/data"
  ];

  postBuild = "mv $GOPATH/bin/{crowdsec-cli,cscli}";

  postInstall = ''
    mkdir -p $out/share/crowdsec
    cp -r ./config $out/share/crowdsec/

    installShellCompletion --cmd cscli \
      --bash <($out/bin/cscli completion bash) \
      --fish <($out/bin/cscli completion fish) \
      --zsh <($out/bin/cscli completion zsh)
  '';

  meta = with lib; {
    homepage = "https://crowdsec.net/";
    changelog = "https://github.com/crowdsecurity/crowdsec/releases/tag/v${version}";
    description = "CrowdSec is a free, open-source and collaborative IPS";
    longDescription = ''
      CrowdSec is a free, modern & collaborative behavior detection engine,
      coupled with a global IP reputation network. It stacks on fail2ban's
      philosophy but is IPV6 compatible and 60x faster (Go vs Python), uses Grok
      patterns to parse logs and YAML scenario to identify behaviors. CrowdSec
      is engineered for modern Cloud/Containers/VM based infrastructures (by
      decoupling detection and remediation). Once detected you can remedy
      threats with various bouncers (firewall block, nginx http 403, Captchas,
      etc.) while the aggressive IP can be sent to CrowdSec for curation before
      being shared among all users to further improve everyone's security.
    '';
    license = licenses.mit;
    maintainers = with maintainers; [ jk urandom ];
  };
}
crowdsec: init at 1.4.2 Fixes #155822 Closes #162633 2022-03-16 15:01:51 +00:00			`{ lib, buildGoModule, fetchFromGitHub, installShellFiles }:`

			`buildGoModule rec {`
			`pname = "crowdsec";`
crowdsec: 1.5.2 -> 1.5.4 2023-09-28 17:32:49 +00:00			`version = "1.5.4";`
crowdsec: init at 1.4.2 Fixes #155822 Closes #162633 2022-03-16 15:01:51 +00:00
			`src = fetchFromGitHub {`
			`owner = "crowdsecurity";`
			`repo = pname;`
			`rev = "v${version}";`
crowdsec: 1.5.2 -> 1.5.4 2023-09-28 17:32:49 +00:00			`hash = "sha256-5VwsuPNoAhCvhKUJDUkXnEVLMqHx2M1Nz11VoBASoxU=";`
crowdsec: init at 1.4.2 Fixes #155822 Closes #162633 2022-03-16 15:01:51 +00:00			`};`

crowdsec: 1.5.2 -> 1.5.4 2023-09-28 17:32:49 +00:00			`vendorHash = "sha256-6ODcb7UQPgM5n5RPN4AdkrY3+vlu+GXlUfrlTePywyY=";`
crowdsec: init at 1.4.2 Fixes #155822 Closes #162633 2022-03-16 15:01:51 +00:00
			`nativeBuildInputs = [ installShellFiles ];`

			`subPackages = [`
			`"cmd/crowdsec"`
			`"cmd/crowdsec-cli"`
			`];`

			`ldflags = [`
			`"-s"`
			`"-w"`
crowdsec: Correct versioning flags in build 2023-07-18 00:30:21 +00:00			`"-X github.com/crowdsecurity/go-cs-lib/pkg/version.Version=v${version}"`
			`"-X github.com/crowdsecurity/go-cs-lib/pkg/version.BuildDate=1970-01-01_00:00:00"`
			`"-X github.com/crowdsecurity/go-cs-lib/pkg/version.Tag=${src.rev}"`
			`"-X github.com/crowdsecurity/crowdsec/pkg/cwversion.Codename=alphaga"`
			`"-X github.com/crowdsecurity/crowdsec/pkg/csconfig.defaultConfigDir=/etc/crowdsec"`
			`"-X github.com/crowdsecurity/crowdsec/pkg/csconfig.defaultDataDir=/var/lib/crowdsec/data"`
crowdsec: init at 1.4.2 Fixes #155822 Closes #162633 2022-03-16 15:01:51 +00:00			`];`

			`postBuild = "mv $GOPATH/bin/{crowdsec-cli,cscli}";`

			`postInstall = ''`
			`mkdir -p $out/share/crowdsec`
			`cp -r ./config $out/share/crowdsec/`

			`installShellCompletion --cmd cscli \`
			`--bash <($out/bin/cscli completion bash) \`
			`--fish <($out/bin/cscli completion fish) \`
			`--zsh <($out/bin/cscli completion zsh)`
			`'';`

			`meta = with lib; {`
			`homepage = "https://crowdsec.net/";`
			`changelog = "https://github.com/crowdsecurity/crowdsec/releases/tag/v${version}";`
			`description = "CrowdSec is a free, open-source and collaborative IPS";`
			`longDescription = ''`
			`CrowdSec is a free, modern & collaborative behavior detection engine,`
			`coupled with a global IP reputation network. It stacks on fail2ban's`
			`philosophy but is IPV6 compatible and 60x faster (Go vs Python), uses Grok`
			`patterns to parse logs and YAML scenario to identify behaviors. CrowdSec`
			`is engineered for modern Cloud/Containers/VM based infrastructures (by`
			`decoupling detection and remediation). Once detected you can remedy`
			`threats with various bouncers (firewall block, nginx http 403, Captchas,`
			`etc.) while the aggressive IP can be sent to CrowdSec for curation before`
			`being shared among all users to further improve everyone's security.`
			`'';`
			`license = licenses.mit;`
			`maintainers = with maintainers; [ jk urandom ];`
			`};`
			`}`