nixpkgs/nixos/modules
David Anderson 089da1c14d nixos/sshguard: create ipsets before starting, and clean up after stopping.
The fix for #62874 introduced a race condition on startup: the postStart
commands that configure the firewall run concurrently with sshguard's
creation of the ipsets that the rules depend on. Unfortunately iptables
fails hard when referencing an ipset that doesn't exist, so this causes
non-deterministic crashlooping until sshguard wins the race.

This change fixes that race condition by always creating the ipset and
reconfiguring the firewall before starting sshguard, so that the order
of operations is always deterministic.

This change also cleans up the ipsets on sshguard shutdown, so that
removing sshguard from a running system doesn't leave state behind.

Fixes #65985.
2019-08-04 16:23:22 -07:00
..
config nixos/xdg/portal: set GTK_USE_PORTAL with lib.mkIf 2019-08-01 17:51:51 -04:00
hardware Merge pull request #63894 from ambrop72/no-opengl-xdg-data-dirs 2019-07-11 13:16:08 -04:00
i18n/input-method docs: format 2018-09-29 20:51:11 -04:00
installer nixos netboot: explicitly specify initrd 2019-07-15 19:33:21 +03:00
misc nixos/zabbixWeb: replace httpd subservice with new module 2019-07-11 18:45:46 -04:00
profiles nixos/hardened: make pti=on overridable 2019-07-30 02:24:56 +02:00
programs Merge pull request #30712 from peterhoeg/f/service 2019-08-02 11:58:27 +08:00
security nixos/hardened: make pti=on overridable 2019-07-30 02:24:56 +02:00
services nixos/sshguard: create ipsets before starting, and clean up after stopping. 2019-08-04 16:23:22 -07:00
system system-boot: configurationLimit should be null as default 2019-07-23 10:20:09 +02:00
tasks nixos/xfs: Add xfs_repair to the initrd 2019-07-30 09:28:34 +02:00
testing nixos/test: remove the stateVersion statement from the test-instrumentation 2019-06-03 15:05:24 +02:00
virtualisation Merge pull request #61981 from ambrop72/no-opengl-ld-library-path 2019-07-11 13:15:51 -04:00
module-list.nix Merge pull request #62748 from aanderse/mediawiki 2019-07-31 22:12:23 -04:00
rename.nix Renaming security.virtualization.flushL1DataCache to virtualisation 2019-07-19 15:49:37 +02:00