about summary refs log tree commit diff
path: root/nixpkgs/nixos/modules/services/security/sshguard.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixpkgs/nixos/modules/services/security/sshguard.nix')
-rw-r--r--nixpkgs/nixos/modules/services/security/sshguard.nix18
1 files changed, 9 insertions, 9 deletions
diff --git a/nixpkgs/nixos/modules/services/security/sshguard.nix b/nixpkgs/nixos/modules/services/security/sshguard.nix
index 53bd9efa5ac7..4e9d9571de5e 100644
--- a/nixpkgs/nixos/modules/services/security/sshguard.nix
+++ b/nixpkgs/nixos/modules/services/security/sshguard.nix
@@ -17,7 +17,7 @@ let
       else "sshg-fw-ipset";
   in pkgs.writeText "sshguard.conf" ''
     BACKEND="${pkgs.sshguard}/libexec/${backend}"
-    LOGREADER="LANG=C ${pkgs.systemd}/bin/journalctl ${args}"
+    LOGREADER="LANG=C ${config.systemd.package}/bin/journalctl ${args}"
   '';
 
 in {
@@ -30,13 +30,13 @@ in {
       enable = mkOption {
         default = false;
         type = types.bool;
-        description = "Whether to enable the sshguard service.";
+        description = lib.mdDoc "Whether to enable the sshguard service.";
       };
 
       attack_threshold = mkOption {
         default = 30;
         type = types.int;
-        description = ''
+        description = lib.mdDoc ''
             Block attackers when their cumulative attack score exceeds threshold. Most attacks have a score of 10.
           '';
       };
@@ -45,7 +45,7 @@ in {
         default = null;
         example = 120;
         type = types.nullOr types.int;
-        description = ''
+        description = lib.mdDoc ''
             Blacklist an attacker when its score exceeds threshold. Blacklisted addresses are loaded from and added to blacklist-file.
           '';
       };
@@ -53,7 +53,7 @@ in {
       blacklist_file = mkOption {
         default = "/var/lib/sshguard/blacklist.db";
         type = types.path;
-        description = ''
+        description = lib.mdDoc ''
             Blacklist an attacker when its score exceeds threshold. Blacklisted addresses are loaded from and added to blacklist-file.
           '';
       };
@@ -61,7 +61,7 @@ in {
       blocktime = mkOption {
         default = 120;
         type = types.int;
-        description = ''
+        description = lib.mdDoc ''
             Block attackers for initially blocktime seconds after exceeding threshold. Subsequent blocks increase by a factor of 1.5.
 
             sshguard unblocks attacks at random intervals, so actual block times will be longer.
@@ -71,7 +71,7 @@ in {
       detection_time = mkOption {
         default = 1800;
         type = types.int;
-        description = ''
+        description = lib.mdDoc ''
             Remember potential attackers for up to detection_time seconds before resetting their score.
           '';
       };
@@ -80,7 +80,7 @@ in {
         default = [ ];
         example = [ "198.51.100.56" "198.51.100.2" ];
         type = types.listOf types.str;
-        description = ''
+        description = lib.mdDoc ''
             Whitelist a list of addresses, hostnames, or address blocks.
           '';
       };
@@ -89,7 +89,7 @@ in {
         default = [ "sshd" ];
         example = [ "sshd" "exim" ];
         type = types.listOf types.str;
-        description = ''
+        description = lib.mdDoc ''
             Systemd services sshguard should receive logs of.
           '';
       };
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-17 11:24:24 +0000