Commit Graph

20 Commits

Author SHA1 Message Date
Malte Brandy
cebf9198f3
treewide: De-inline uses of lib.boolToString
This commit should not change eval results
2020-10-14 01:46:17 +02:00
Simon Lackerbauer
017dca51fa
fail2ban: fix firewall warning 2020-03-22 18:11:36 +01:00
Izorkin
c75398b10a nixos/fail2ban: disable work fail2ban without firewall 2020-03-18 09:54:19 +03:00
Izorkin
96e2669114 nixos/fail2ban: enable sandboxing 2020-01-29 23:15:56 +03:00
Izorkin
f1d7dfe29f nixos/fail2ban: add custom options 2020-01-29 23:15:56 +03:00
Izorkin
a55be8d794 nixos/fail2ban: update serviceConfig 2020-01-29 23:15:56 +03:00
Izorkin
182012ef43 nixos/fail2ban: add options to enable work service with iptables-compat 2020-01-29 23:15:56 +03:00
Izorkin
68d601d65c nixos/fail2ban: clean-up configuration 2020-01-29 23:15:56 +03:00
Renaud
fa0a63ec13 fail2ban service : improve ssh jail (#21131)
Improvement to the ssh-iptables to block the port(s) actually defined
for sshd in config.services.openssh.ports
2016-12-14 14:58:02 +01:00
Taeradan
77028b1e8d
fail2ban service: add iproute to PATH
iproute is required for blocking via null routes; without it, rules
based on routes.conf will fail.

Closes #15638
2016-05-23 15:57:21 +02:00
Alexander Ried
fc941899a3 fail2ban: rework service 2016-04-26 20:34:41 +02:00
Leroy Hopson
eb90705d45 fail2ban service: fix formatting of example 2016-02-27 22:25:39 +13:00
Svein Ove Aas
f16594e18b nixos/fail2ban: Enable jails by default
With jails defaulting to 'enabled = true', the sshd jail that NixOS
defines will now be enabled.

[Bjørn: tweak commit message]
2016-01-04 21:52:32 +01:00
Bjørn Forsman
25a6745310 nixos/fail2ban: capitalize service description 2015-02-22 16:54:14 +01:00
Bjørn Forsman
b7a889759d nixos/fail2ban: don't use types.string (it's deprecated)
I'm not really sure which one of types.lines or types.str that fit
better, but I'm going for types.lines because it behaves more like the
current type (i.e. have the ability to merge).
2014-09-05 22:56:30 +02:00
Joel Taylor
d8cca3d624 fail2ban: systemd support
- upgrade fail2ban to 0.9
- override systemd to enable python support and include sqlite3 module
- make fail2ban enablable
2014-08-08 00:10:19 +02:00
Eelco Dolstra
29027fd1e1 Rewrite ‘with pkgs.lib’ -> ‘with lib’
Using pkgs.lib on the spine of module evaluation is problematic
because the pkgs argument depends on the result of module
evaluation. To prevent an infinite recursion, pkgs and some of the
modules are evaluated twice, which is inefficient. Using ‘with lib’
prevents this problem.
2014-04-14 16:26:48 +02:00
Eelco Dolstra
14018c2de1 fail2ban: Fix preStart action
Creating /run/fail2ban didn't work since it didn't have write
permission to /run.  Now it does.

Reported by Thomas Bereknyei.
2013-12-11 21:16:58 +01:00
Eelco Dolstra
7c7bfa817a fail2ban: Update to 0.8.10
Also fix random start failures due to a race between the fail2ban
server and the postStart script.
2013-10-16 10:03:43 +02:00
Eelco Dolstra
5c1f8cbc70 Move all of NixOS to nixos/ in preparation of the repository merge 2013-10-10 13:28:20 +02:00