3
0
Fork 0
forked from mirrors/nixpkgs

fail2ban: move /var/run/fail2ban creation to activation script to be able to restrict the write locations for the service properly, add configuration files to the restartTriggers.

This commit is contained in:
Rob Vermaas 2013-07-31 11:22:32 +02:00
parent 3ca7d7b291
commit 9cf0a41925

View file

@ -98,22 +98,20 @@ in
}
];
system.activationScripts.fail2ban =
''
mkdir -p /var/run/fail2ban -m 0755
'';
systemd.services.fail2ban =
{ description = "Fail2ban intrusion prevention system";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
restartTriggers = [ fail2banConf jailConf ];
path = [ pkgs.fail2ban pkgs.iptables ];
preStart =
''
# FIXME: this won't detect changes to
# /etc/fail2ban/{filter.d,action.d}.
# ${fail2banConf} ${jailConf}
mkdir -p /var/run/fail2ban -m 0755
'';
serviceConfig =
{ ExecStart = "${pkgs.fail2ban}/bin/fail2ban-server -f";
ReadOnlyDirectories = "/";