nixpkgs/nixos
David Anderson 089da1c14d nixos/sshguard: create ipsets before starting, and clean up after stopping.
The fix for #62874 introduced a race condition on startup: the postStart
commands that configure the firewall run concurrently with sshguard's
creation of the ipsets that the rules depend on. Unfortunately iptables
fails hard when referencing an ipset that doesn't exist, so this causes
non-deterministic crashlooping until sshguard wins the race.

This change fixes that race condition by always creating the ipset and
reconfiguring the firewall before starting sshguard, so that the order
of operations is always deterministic.

This change also cleans up the ipsets on sshguard shutdown, so that
removing sshguard from a running system doesn't leave state behind.

Fixes #65985.
2019-08-04 16:23:22 -07:00
..
doc nixos/release-notes: add note about prometheus-exporters 2019-08-02 18:50:02 +02:00
lib nixos-test-driver: allow configuration of net frontend and backend 2019-07-22 13:44:27 +03:00
maintainers treewide: Remove usage of isNull 2019-04-29 14:05:50 +02:00
modules nixos/sshguard: create ipsets before starting, and clean up after stopping. 2019-08-04 16:23:22 -07:00
tests Merge pull request #65616 from JohnAZoidberg/cassandra-jmxport-test 2019-08-03 08:40:17 +02:00
COPYING
default.nix
README
release-combined.nix nixos/release: make ipv6 tests as important as legacy IP tests 2019-03-24 18:09:39 +01:00
release-small.nix release-small.nix: Don't depend on currentSystem 2019-06-19 14:07:37 +02:00
release.nix nixos/sd-image-aarch64-new-kernel: Added to release 2018-12-26 11:03:32 +00:00

*** NixOS ***

NixOS is a Linux distribution based on the purely functional package
management system Nix.  More information can be found at
http://nixos.org/nixos and in the manual in doc/manual.