about summary refs log tree commit diff
path: root/modules/nixos/vaultwarden.nix
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--modules/nixos/vaultwarden.nix54
1 files changed, 30 insertions, 24 deletions
diff --git a/modules/nixos/vaultwarden.nix b/modules/nixos/vaultwarden.nix
index 2475ed3..2aaecf2 100644
--- a/modules/nixos/vaultwarden.nix
+++ b/modules/nixos/vaultwarden.nix
@@ -104,33 +104,39 @@ in {
           ];
         };
 
-        fail2ban.jails = mkIf config.nixfiles.modules.fail2ban.enable {
-          vaultwarden = ''
-            enabled = true
-            filter = vaultwarden
-            port = http,https
-          '';
-          vaultwarden-admin = ''
-            enabled = true
-            filter = vaultwarden-admin
-            port = http,https
-          '';
+        fail2ban.jails = {
+          vaultwarden = {
+            enabled = true;
+            settings = {
+              filter = "vaultwarden";
+              port = "http,https";
+            };
+          };
+          vaultwarden-admin = {
+            enabled = true;
+            settings = {
+              filter = "vaultwarden-admin";
+              port = "http,https";
+            };
+          };
         };
       };
 
-      environment.etc = mkIf config.nixfiles.modules.fail2ban.enable {
-        "fail2ban/filter.d/vaultwarden.conf".text = ''
-          [Definition]
-          failregex = ^.*Username or password is incorrect\. Try again\. IP: <ADDR>\. Username:.*$
-          ignoreregex =
-          journalmatch = _SYSTEMD_UNIT=vaultwarden.service
-        '';
-        "fail2ban/filter.d/vaultwarden-admin.conf".text = ''
-          [Definition]
-          failregex = ^.*Invalid admin token\. IP: <ADDR>.*$
-          ignoreregex =
-          journalmatch = _SYSTEMD_UNIT=vaultwarden.service
-        '';
+      environment.etc = {
+        "fail2ban/filter.d/vaultwarden.conf".text = generators.toINI {} {
+          Definition = {
+            failregex = "^.*Username or password is incorrect\. Try again\. IP: <ADDR>\. Username:.*$";
+            ignoreregex = "";
+            journalmatch = "_SYSTEMD_UNIT=vaultwarden.service";
+          };
+        };
+        "fail2ban/filter.d/vaultwarden-admin.conf".text = generators.toINI {} {
+          Definition = {
+            failregex = "^.*Invalid admin token\. IP: <ADDR>.*$";
+            ignoreregex = "";
+            journalmatch = "_SYSTEMD_UNIT=vaultwarden.service";
+          };
+        };
       };
     };
 }

Consider giving Nix/NixOS a try! <3