Add tainted nextcloud-logs.yaml parser to crowdsec.service

[stephdl]

With this pull request I add a tainted configuration to the nextcloud parser of crowdsec

Sadly crowdsec does not offer to overwrite its configuration files like fail2ban, we need to modify the configuration and crowdsec should see them as tainted and does not overwrite them.

we have to modify it for two things

• we do not have json output
• the message name in journald is nextloud-app and not nextcloud

evidences of the ban

Sep 13 16:54:52 R2-pve.rocky9-pve2.org crowdsec3[43722]: time="2024-09-13T14:54:52Z" level=info msg="Ip 192.168.13.25 performed 'crowdsecurity/nextcloud-bf' (12 events over 13m10.249879085s) at 2024-09-13 14:54:52.125479573 +0000 UTC"
Sep 13 16:54:52 R2-pve.rocky9-pve2.org crowdsec3[43722]: time="2024-09-13T14:54:52Z" level=info msg="(localhost/crowdsec) crowdsecurity/nextcloud-bf by ip 192.168.13.25 : 4m ban on Ip 192.168.13.25"

Crowdsec has seen the parsed has been tainted

Sep 13 08:47:39 R1-pve crowdsec4[76868]: time="2024-09-13T06:47:39Z" level=warning msg="⚠️ crowdsecurity/nextcloud-logs is tainted, --force to overwrite"

NethServer/dev#7018

[DavidePrincipi]

• we do not have json output
• the message name in journald is nextloud-app and not nextcloud

As alternative to a custom configuration, can we switch to Nextcloud JSON log and set Podman log tag to "nextcloud"?

[DavidePrincipi]

Please choose a different path for the new .yaml file.

[DavidePrincipi]

In 10initialize, the Nextcloud collection (and the included parser) is installed after the tainted parser YAML file is mounted as a Podman volume. Is this safe for both new installs and updates?

[stephdl]

for upgrades yes no issue

for first install I missed it, we need to reload the configuration at the end, it is the easiest way

[DavidePrincipi]

LGTM