| Commit message (Collapse) | Author | Age |
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Improvement to the ssh-iptables to block the port(s) actually defined
for sshd in config.services.openssh.ports
|
|
|
|
|
|
|
| |
iproute is required for blocking via null routes; without it, rules
based on routes.conf will fail.
Closes #15638
|
| |
|
| |
|
|
|
|
|
|
|
| |
With jails defaulting to 'enabled = true', the sshd jail that NixOS
defines will now be enabled.
[Bjørn: tweak commit message]
|
| |
|
|
|
|
|
|
| |
I'm not really sure which one of types.lines or types.str that fit
better, but I'm going for types.lines because it behaves more like the
current type (i.e. have the ability to merge).
|
|
|
|
|
|
| |
- upgrade fail2ban to 0.9
- override systemd to enable python support and include sqlite3 module
- make fail2ban enablable
|
|
|
|
|
|
|
|
| |
Using pkgs.lib on the spine of module evaluation is problematic
because the pkgs argument depends on the result of module
evaluation. To prevent an infinite recursion, pkgs and some of the
modules are evaluated twice, which is inefficient. Using ‘with lib’
prevents this problem.
|
|
|
|
|
|
|
| |
Creating /run/fail2ban didn't work since it didn't have write
permission to /run. Now it does.
Reported by Thomas Bereknyei.
|
|
|
|
|
| |
Also fix random start failures due to a race between the fail2ban
server and the postStart script.
|
|
|