2022-03-16 15:01:51 +00:00
|
|
|
{ lib, buildGoModule, fetchFromGitHub, installShellFiles }:
|
|
|
|
|
|
|
|
buildGoModule rec {
|
|
|
|
pname = "crowdsec";
|
2023-04-22 08:23:43 +00:00
|
|
|
version = "1.4.6";
|
2022-03-16 15:01:51 +00:00
|
|
|
|
|
|
|
src = fetchFromGitHub {
|
|
|
|
owner = "crowdsecurity";
|
|
|
|
repo = pname;
|
|
|
|
rev = "v${version}";
|
2023-04-22 08:23:43 +00:00
|
|
|
hash = "sha256-+WvpsZjb1pb8WqK0HJYncJUo6wPkKzKvBi/nLKuhSD4=";
|
2022-03-16 15:01:51 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
vendorHash = "sha256-FPsoufB9UDgBDIE3yUq4doBse3qgjP19ussYnMAxntk=";
|
|
|
|
|
|
|
|
nativeBuildInputs = [ installShellFiles ];
|
|
|
|
|
|
|
|
subPackages = [
|
|
|
|
"cmd/crowdsec"
|
|
|
|
"cmd/crowdsec-cli"
|
|
|
|
];
|
|
|
|
|
|
|
|
ldflags = [
|
|
|
|
"-s"
|
|
|
|
"-w"
|
|
|
|
"-X github.com/crowdsecurity/crowdsec/pkg/cwversion.Version=v${version}"
|
|
|
|
"-X github.com/crowdsecurity/crowdsec/pkg/cwversion.BuildDate=1970-01-01_00:00:00"
|
|
|
|
];
|
|
|
|
|
|
|
|
postBuild = "mv $GOPATH/bin/{crowdsec-cli,cscli}";
|
|
|
|
|
|
|
|
postInstall = ''
|
|
|
|
mkdir -p $out/share/crowdsec
|
|
|
|
cp -r ./config $out/share/crowdsec/
|
|
|
|
|
|
|
|
installShellCompletion --cmd cscli \
|
|
|
|
--bash <($out/bin/cscli completion bash) \
|
|
|
|
--fish <($out/bin/cscli completion fish) \
|
|
|
|
--zsh <($out/bin/cscli completion zsh)
|
|
|
|
'';
|
|
|
|
|
|
|
|
meta = with lib; {
|
|
|
|
homepage = "https://crowdsec.net/";
|
|
|
|
changelog = "https://github.com/crowdsecurity/crowdsec/releases/tag/v${version}";
|
|
|
|
description = "CrowdSec is a free, open-source and collaborative IPS";
|
|
|
|
longDescription = ''
|
|
|
|
CrowdSec is a free, modern & collaborative behavior detection engine,
|
|
|
|
coupled with a global IP reputation network. It stacks on fail2ban's
|
|
|
|
philosophy but is IPV6 compatible and 60x faster (Go vs Python), uses Grok
|
|
|
|
patterns to parse logs and YAML scenario to identify behaviors. CrowdSec
|
|
|
|
is engineered for modern Cloud/Containers/VM based infrastructures (by
|
|
|
|
decoupling detection and remediation). Once detected you can remedy
|
|
|
|
threats with various bouncers (firewall block, nginx http 403, Captchas,
|
|
|
|
etc.) while the aggressive IP can be sent to CrowdSec for curation before
|
|
|
|
being shared among all users to further improve everyone's security.
|
|
|
|
'';
|
|
|
|
license = licenses.mit;
|
|
|
|
maintainers = with maintainers; [ jk urandom ];
|
|
|
|
};
|
|
|
|
}
|