diff options
author | Flakebi <flakebi@t-online.de> | 2023-02-15 10:11:38 +0100 |
---|---|---|
committer | Flakebi <flakebi@t-online.de> | 2023-02-15 10:11:38 +0100 |
commit | 12db8314d734f9fbb2dc58dfe73c1b3410599b29 (patch) | |
tree | 8dd93cb2b3558cd334948b548e35ea2f546ece97 /nixos/modules/services/security | |
parent | d917136f550a8c36efb1724390c7245105f79023 (diff) | |
download | nixlib-12db8314d734f9fbb2dc58dfe73c1b3410599b29.tar nixlib-12db8314d734f9fbb2dc58dfe73c1b3410599b29.tar.gz nixlib-12db8314d734f9fbb2dc58dfe73c1b3410599b29.tar.bz2 nixlib-12db8314d734f9fbb2dc58dfe73c1b3410599b29.tar.lz nixlib-12db8314d734f9fbb2dc58dfe73c1b3410599b29.tar.xz nixlib-12db8314d734f9fbb2dc58dfe73c1b3410599b29.tar.zst nixlib-12db8314d734f9fbb2dc58dfe73c1b3410599b29.zip |
fail2ban: 0.11.2 -> 1.0.2
Update to 1.0.2: https://github.com/fail2ban/fail2ban/blob/1.0.2/ChangeLog#ver-102-20221109---finally-war-game-test-tape-not-a-nuclear-alarm 1.0.1 contained a few breaking changes, but I think they have little impact. I changed the module to use the systemd service shipping with fail2ban (now added to the package).
Diffstat (limited to 'nixos/modules/services/security')
-rw-r--r-- | nixos/modules/services/security/fail2ban.nix | 12 |
1 files changed, 1 insertions, 11 deletions
diff --git a/nixos/modules/services/security/fail2ban.nix b/nixos/modules/services/security/fail2ban.nix index 3c4bcd1ac265..ead24d147071 100644 --- a/nixos/modules/services/security/fail2ban.nix +++ b/nixos/modules/services/security/fail2ban.nix @@ -273,26 +273,16 @@ in "fail2ban/filter.d".source = "${cfg.package}/etc/fail2ban/filter.d/*.conf"; }; + systemd.packages = [ cfg.package ]; systemd.services.fail2ban = { - description = "Fail2ban Intrusion Prevention System"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; partOf = optional config.networking.firewall.enable "firewall.service"; restartTriggers = [ fail2banConf jailConf pathsConf ]; path = [ cfg.package cfg.packageFirewall pkgs.iproute2 ] ++ cfg.extraPackages; - unitConfig.Documentation = "man:fail2ban(1)"; - serviceConfig = { - ExecStart = "${cfg.package}/bin/fail2ban-server -xf start"; - ExecStop = "${cfg.package}/bin/fail2ban-server stop"; - ExecReload = "${cfg.package}/bin/fail2ban-server reload"; - Type = "simple"; - Restart = "on-failure"; - PIDFile = "/run/fail2ban/fail2ban.pid"; # Capabilities CapabilityBoundingSet = [ "CAP_AUDIT_READ" "CAP_DAC_READ_SEARCH" "CAP_NET_ADMIN" "CAP_NET_RAW" ]; # Security |