From df951077f38752dae14e7593fcb96e0d883802e9 Mon Sep 17 00:00:00 2001
From: Zane van Iperen <zane@zanevaniperen.com>
Date: Wed, 31 Jul 2024 19:18:45 +1000
Subject: [PATCH] fail2ban: backport openssh 9.8 fixes + move to by-name

See [1].

[1]: https://discourse.nixos.org/t/fail2ban-is-not-working-for-sshd-with-systemd-backend/48972/3?u=vs49688
---
 .../fa/fail2ban/package.nix}                   | 18 +++++++++++++++++-
 pkgs/top-level/all-packages.nix                |  2 --
 2 files changed, 17 insertions(+), 3 deletions(-)
 rename pkgs/{tools/security/fail2ban/default.nix => by-name/fa/fail2ban/package.nix} (78%)

diff --git a/pkgs/tools/security/fail2ban/default.nix b/pkgs/by-name/fa/fail2ban/package.nix
similarity index 78%
rename from pkgs/tools/security/fail2ban/default.nix
rename to pkgs/by-name/fa/fail2ban/package.nix
index 49f741617de3..00ea39b40a2b 100644
--- a/pkgs/tools/security/fail2ban/default.nix
+++ b/pkgs/by-name/fa/fail2ban/package.nix
@@ -1,4 +1,7 @@
-{ lib, stdenv, fetchFromGitHub
+{ lib
+, stdenv
+, fetchFromGitHub
+, fetchpatch
 , python3
 , installShellFiles
 }:
@@ -39,6 +42,19 @@ python3.pkgs.buildPythonApplication rec {
 
   doCheck = false;
 
+  patches = [
+    # Adjust sshd filter for OpenSSH 9.8 new daemon name - remove next release
+    (fetchpatch {
+      url = "https://github.com/fail2ban/fail2ban/commit/2fed408c05ac5206b490368d94599869bd6a056d.patch";
+      hash = "sha256-uyrCdcBm0QyA97IpHzuGfiQbSSvhGH6YaQluG5jVIiI=";
+    })
+    # filter.d/sshd.conf: ungroup (unneeded for _daemon) - remove next release
+    (fetchpatch {
+      url = "https://github.com/fail2ban/fail2ban/commit/50ff131a0fd8f54fdeb14b48353f842ee8ae8c1a.patch";
+      hash = "sha256-YGsUPfQRRDVqhBl7LogEfY0JqpLNkwPjihWIjfGdtnQ=";
+    })
+  ];
+
   preInstall = ''
     substituteInPlace setup.py --replace /usr/share/doc/ share/doc/
 
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index ed2192dd8e0f..68906c09dea8 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -7720,8 +7720,6 @@ with pkgs;
 
   Fabric = with python3Packages; toPythonApplication fabric;
 
-  fail2ban = callPackage ../tools/security/fail2ban { };
-
   fakeroot = callPackage ../tools/system/fakeroot { };
 
   fakeroute = callPackage ../tools/networking/fakeroute { };