config/modules/services/sshguard/default.nix

{
  config,
  lib,
  myData,
  ...
}:
{
  options.mj.services.sshguard = with lib.types; {
    enable = lib.mkOption {
      type = bool;
      default = false;
    };
  };

  config = lib.mkIf config.mj.services.sshguard.enable {
    services.sshguard = {
      enable = true;
      blocktime = 900;
      whitelist = [
        "192.168.0.0/16"
        myData.subnets.tailscale.cidr
      ] ++ (lib.catAttrs "publicIP" (lib.attrValues myData.hosts));
    };
  };
}
enable sshguard and plocate 2023-07-26 14:10:22 +03:00			`{`
			`config,`
			`lib,`
			`myData,`
			`...`
nix fmt 2024-07-29 15:39:54 +03:00			`}:`
			`{`
sshguard is now optional 2023-09-14 06:41:16 +03:00			`options.mj.services.sshguard = with lib.types; {`
enable sshguard and plocate 2023-07-26 14:10:22 +03:00			`enable = lib.mkOption {`
			`type = bool;`
sshguard is now optional 2023-09-14 06:41:16 +03:00			`default = false;`
enable sshguard and plocate 2023-07-26 14:10:22 +03:00			`};`
			`};`

sshguard is now optional 2023-09-14 06:41:16 +03:00			`config = lib.mkIf config.mj.services.sshguard.enable {`
enable sshguard and plocate 2023-07-26 14:10:22 +03:00			`services.sshguard = {`
			`enable = true;`
			`blocktime = 900;`
nix fmt 2024-07-29 15:39:54 +03:00			`whitelist = [`
			`"192.168.0.0/16"`
			`myData.subnets.tailscale.cidr`
			`] ++ (lib.catAttrs "publicIP" (lib.attrValues myData.hosts));`
enable sshguard and plocate 2023-07-26 14:10:22 +03:00			`};`
			`};`
			`}`