2024-03-31

author: Azat Bahawi <azat@bahawi.net> 2024-03-31 21:29:27 +0300
committer: Azat Bahawi <azat@bahawi.net> 2024-03-31 21:29:27 +0300
commit: 9a5427e3a0c0ccf2a82dc503149a26b23fbd6004 (patch)
tree: f28beec29deeea36038615a8fb98a810891940b5 /modules/nixos/fail2ban.nix
parent: 4ad0c3afc1f6caf0c3f05f99a15b22178f2c190b (diff)
1 files changed, 13 insertions, 8 deletions
diff --git a/modules/nixos/fail2ban.nix b/modules/nixos/fail2ban.nix
index ce35c1f..a0cc2b4 100644
--- a/modules/nixos/fail2ban.nix
+++ b/modules/nixos/fail2ban.nix
@@ -4,14 +4,15 @@
   this,
   ...
 }:
-with lib; let
+with lib;
+let
   cfg = config.nixfiles.modules.fail2ban;
-in {
-  options.nixfiles.modules.fail2ban.enable =
-    mkEnableOption "fail2ban";
+in
+{
+  options.nixfiles.modules.fail2ban.enable = mkEnableOption "fail2ban";
 
   config = mkIf cfg.enable {
-    ark.directories = ["/var/lib/fail2ban"];
+    ark.directories = [ "/var/lib/fail2ban" ];
 
     services.fail2ban = {
       enable = true;
@@ -22,9 +23,13 @@ in {
         rndtime = "8m";
       };
 
-      ignoreIP =
-        optionals (hasAttr "wireguard" this)
-        (with config.nixfiles.modules.wireguard; [ipv4.subnet ipv6.subnet]);
+      ignoreIP = optionals (hasAttr "wireguard" this) (
+        with config.nixfiles.modules.wireguard;
+        [
+          ipv4.subnet
+          ipv6.subnet
+        ]
+      );
 
       jails.DEFAULT.settings.blocktype = "DROP";
     };
author	Azat Bahawi <azat@bahawi.net>	2024-03-31 21:29:27 +0300
committer	Azat Bahawi <azat@bahawi.net>	2024-03-31 21:29:27 +0300
commit	9a5427e3a0c0ccf2a82dc503149a26b23fbd6004 (patch)
tree	f28beec29deeea36038615a8fb98a810891940b5 /modules/nixos/fail2ban.nix
parent	4ad0c3afc1f6caf0c3f05f99a15b22178f2c190b (diff)