2023-07-13

author: Azat Bahawi <azat@bahawi.net> 2023-07-13 07:39:07 +0300
committer: Azat Bahawi <azat@bahawi.net> 2023-07-13 07:39:07 +0300
commit: 138ff2ae32facaf4f2c072115b1b0f64f05f615a (patch)
tree: 1853385d7b07b92c3eb84439170fc719e56cf2c4 /modules/nixos/vaultwarden.nix
parent: 2023-07-09 (diff)
1 files changed, 30 insertions, 24 deletions
diff --git a/modules/nixos/vaultwarden.nix b/modules/nixos/vaultwarden.nix
index 2475ed3..2aaecf2 100644
--- a/modules/nixos/vaultwarden.nix
+++ b/modules/nixos/vaultwarden.nix
@@ -104,33 +104,39 @@ in {
           ];
         };
 
-        fail2ban.jails = mkIf config.nixfiles.modules.fail2ban.enable {
-          vaultwarden = ''
-            enabled = true
-            filter = vaultwarden
-            port = http,https
-          '';
-          vaultwarden-admin = ''
-            enabled = true
-            filter = vaultwarden-admin
-            port = http,https
-          '';
+        fail2ban.jails = {
+          vaultwarden = {
+            enabled = true;
+            settings = {
+              filter = "vaultwarden";
+              port = "http,https";
+            };
+          };
+          vaultwarden-admin = {
+            enabled = true;
+            settings = {
+              filter = "vaultwarden-admin";
+              port = "http,https";
+            };
+          };
         };
       };
 
-      environment.etc = mkIf config.nixfiles.modules.fail2ban.enable {
-        "fail2ban/filter.d/vaultwarden.conf".text = ''
-          [Definition]
-          failregex = ^.*Username or password is incorrect\. Try again\. IP: <ADDR>\. Username:.*$
-          ignoreregex =
-          journalmatch = _SYSTEMD_UNIT=vaultwarden.service
-        '';
-        "fail2ban/filter.d/vaultwarden-admin.conf".text = ''
-          [Definition]
-          failregex = ^.*Invalid admin token\. IP: <ADDR>.*$
-          ignoreregex =
-          journalmatch = _SYSTEMD_UNIT=vaultwarden.service
-        '';
+      environment.etc = {
+        "fail2ban/filter.d/vaultwarden.conf".text = generators.toINI {} {
+          Definition = {
+            failregex = "^.*Username or password is incorrect\. Try again\. IP: <ADDR>\. Username:.*$";
+            ignoreregex = "";
+            journalmatch = "_SYSTEMD_UNIT=vaultwarden.service";
+          };
+        };
+        "fail2ban/filter.d/vaultwarden-admin.conf".text = generators.toINI {} {
+          Definition = {
+            failregex = "^.*Invalid admin token\. IP: <ADDR>.*$";
+            ignoreregex = "";
+            journalmatch = "_SYSTEMD_UNIT=vaultwarden.service";
+          };
+        };
       };
     };
 }
author	Azat Bahawi <azat@bahawi.net>	2023-07-13 07:39:07 +0300
committer	Azat Bahawi <azat@bahawi.net>	2023-07-13 07:39:07 +0300
commit	138ff2ae32facaf4f2c072115b1b0f64f05f615a (patch)
tree	1853385d7b07b92c3eb84439170fc719e56cf2c4 /modules/nixos/vaultwarden.nix
parent	2023-07-09 (diff)