{ lib, config, pkgs, inputs, ... }: {

  environment.systemPackages = with pkgs; [
    suricata
  ];

  systemd.services.suricata = {
    description = "Suricata IDS/IPS";
    wantedBy = ["multi-user.target"];
    serviceConfig = {
      type = "simple";
      User = "logging";
      ExecStartPre = "/run/current-system/sw/bin/ip link set enp6s19 up";
      ExecStart = "${pkgs.suricata}/bin/suricata -c /etc/suricata.yaml -i enp6s19";
      Restart = "on-failure";
      CapabilityBoundingSet = "CAP_NET_RAW CAP_NET_ADMIN";
      AmbientCapabilities = "CAP_NET_RAW CAP_NET_ADMIN";
    };
  };

  environment.etc."suricata.yaml".source = ../assets/suricata.yaml;

  environment.etc."suricata/classification.config".text = ''
  '';

  environment.etc."suricata/reference.config".text = ''
  '';

  environment.etc."suricata/threshold.config".text = ''
  '';

  environment.etc."suricata/rules/suricata.rules".text = ''
  '';
}