services: add crowdsec-firewall-bouncer module

services/crowdsec-firewall-bouncer.nix

@@ -0,0 +1,30 @@
+# Module: services/crowdsec-firewall-bouncer
+# Enrolls a traefik bouncer with the crowdsec console
+{
+  config,
+  lib,
+  pkgs,
+  pkgsUnstable,
+  inputs,
+  ...
+}:
+
+with lib;
+
+let
+  cfg = config.crowdsec-firewall-bouncer;
+  lapiHost = "log-01.tail755c5.ts.net:8080";
+in
+{
+  #imports = [ "${pkgsUnstable.path}/nixos/modules/services/security/crowdsec.nix" ];
+
+  options.crowdsec-firewall-bouncer = {
+    enable = mkEnableOption "Enables traefik bouncer for a specified crowdsec instance";
+  };
+
+  config = mkIf (cfg.enable && config.services.crowdsec.enable) {
+    environment.systemPackages = with pkgsUnstable; [
+      crowdsec-firewall-bouncer
+    ];
+  };
+}

services/services.nix

@@ -11,6 +11,7 @@
 {
   imports = [
     ./crowdsec.nix
+    ./crowdsec-firewall-bouncer.nix
     ./crowdsec-traefik-bouncer.nix
     ./docker.nix
     ./healthchecks.nix
@@ -22,6 +23,7 @@
   ];
 
   crowdsec.enable = lib.mkDefault false;
+  crowdsec-firewall-bouncer.enable = lib.mkDefault false;
   crowdsec-traefik-bouncer.enable = lib.mkDefault false;
   docker.enable = lib.mkDefault false;
   healthchecks.enable = lib.mkDefault false;