mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-24 16:03:23 +00:00
nixos/fail2ban: add options to enable work service with iptables-compat
This commit is contained in:
parent
68d601d65c
commit
182012ef43
@ -55,6 +55,13 @@ in
|
||||
description = "The fail2ban package to use for running the fail2ban service.";
|
||||
};
|
||||
|
||||
packageFirewall = mkOption {
|
||||
default = pkgs.iptables;
|
||||
type = types.package;
|
||||
example = "pkgs.nftables";
|
||||
description = "The firewall package used by fail2ban service.";
|
||||
};
|
||||
|
||||
daemonConfig = mkOption {
|
||||
default = ''
|
||||
[Definition]
|
||||
@ -103,7 +110,6 @@ in
|
||||
|
||||
};
|
||||
|
||||
|
||||
###### implementation
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
@ -131,7 +137,7 @@ in
|
||||
restartTriggers = [ fail2banConf jailConf pathsConf ];
|
||||
reloadIfChanged = true;
|
||||
|
||||
path = [ cfg.package pkgs.iptables pkgs.iproute ];
|
||||
path = [ cfg.package cfg.packageFirewall pkgs.iproute ];
|
||||
|
||||
preStart = ''
|
||||
mkdir -p /var/lib/fail2ban
|
||||
|
Loading…
Reference in New Issue
Block a user