From c75398b10a23fe19408026b455b20a1961af3917 Mon Sep 17 00:00:00 2001
From: Izorkin <izorkin@elven.pw>
Date: Tue, 17 Mar 2020 22:24:48 +0300
Subject: nixos/fail2ban: disable work fail2ban without firewall

---
 nixos/modules/services/security/fail2ban.nix | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'nixos/modules/services/security/fail2ban.nix')

diff --git a/nixos/modules/services/security/fail2ban.nix b/nixos/modules/services/security/fail2ban.nix
index cb748c93d24..976b01fd10e 100644
--- a/nixos/modules/services/security/fail2ban.nix
+++ b/nixos/modules/services/security/fail2ban.nix
@@ -216,6 +216,10 @@ in
 
   config = mkIf cfg.enable {
 
+    warnings = mkIf (config.networking.firewall.enable == false || config.networking.nftables.enable == false) [
+      "fail2ban can not be used without a firewall"
+    ];
+
     environment.systemPackages = [ cfg.package ];
 
     environment.etc = {
-- 
cgit 1.4.1


From 017dca51fa46df4f1b02f57eb17feaa75a1916ed Mon Sep 17 00:00:00 2001
From: Simon Lackerbauer <simon@lackerbauer.com>
Date: Sun, 22 Mar 2020 18:11:36 +0100
Subject: fail2ban: fix firewall warning

---
 nixos/modules/services/security/fail2ban.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'nixos/modules/services/security/fail2ban.nix')

diff --git a/nixos/modules/services/security/fail2ban.nix b/nixos/modules/services/security/fail2ban.nix
index 976b01fd10e..3f84f9c2560 100644
--- a/nixos/modules/services/security/fail2ban.nix
+++ b/nixos/modules/services/security/fail2ban.nix
@@ -216,7 +216,7 @@ in
 
   config = mkIf cfg.enable {
 
-    warnings = mkIf (config.networking.firewall.enable == false || config.networking.nftables.enable == false) [
+    warnings = mkIf (config.networking.firewall.enable == false && config.networking.nftables.enable == false) [
       "fail2ban can not be used without a firewall"
     ];
 
-- 
cgit 1.4.1