swendel/nixpkgs
1
0
Fork 0
mirror of https://github.com/SebastianWendel/nixpkgs.git synced 2024-09-20 12:29:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

nixos/fail2ban: add options to enable work service with iptables-compat

Browse source
This commit is contained in:
Izorkin 2019-09-03 21:57:25 +03:00
parent 68d601d65c
commit 182012ef43
1 changed files with 8 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
nixos/modules/services/security/fail2ban.nix
View file

@ -55,6 +55,13 @@ in
description = "The fail2ban package to use for running the fail2ban service."; description = "The fail2ban package to use for running the fail2ban service.";
}; };
packageFirewall = mkOption {
default = pkgs.iptables;
type = types.package;
example = "pkgs.nftables";
description = "The firewall package used by fail2ban service.";
};
daemonConfig = mkOption { daemonConfig = mkOption {
default = '' default = ''
[Definition] [Definition]
@ -103,7 +110,6 @@ in
}; };
###### implementation ###### implementation
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -131,7 +137,7 @@ in
restartTriggers = [ fail2banConf jailConf pathsConf ]; restartTriggers = [ fail2banConf jailConf pathsConf ];
reloadIfChanged = true; reloadIfChanged = true;
path = [ cfg.package pkgs.iptables pkgs.iproute ]; path = [ cfg.package cfg.packageFirewall pkgs.iproute ];
preStart = '' preStart = ''
mkdir -p /var/lib/fail2ban mkdir -p /var/lib/fail2ban