diff options
| author | Alejandro Soto <alejandro@34project.org> | 2025-05-19 22:58:31 -0600 |
|---|---|---|
| committer | Alejandro Soto <alejandro@34project.org> | 2025-05-19 22:58:46 -0600 |
| commit | cb3eb1f0cc8c34d79fa1e1bf7f3326e8c5d99e6b (patch) | |
| tree | 919f3971dbc61b72462d6e4c2585a019678e3987 /sys/auth/openssh.nix | |
| parent | 79777bab1f2b9f0b2b9932df771bf7cc7d2a54ab (diff) | |
sys/auth/openssh: fix syntax error in sshd_config when PerSourcePenaltyExemptList is empty
Diffstat (limited to 'sys/auth/openssh.nix')
| -rw-r--r-- | sys/auth/openssh.nix | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/auth/openssh.nix b/sys/auth/openssh.nix index 3e37c06..ca32979 100644 --- a/sys/auth/openssh.nix +++ b/sys/auth/openssh.nix @@ -7,7 +7,7 @@ with lib; let port = if cfg.shiftPortNumber then 2234 else 22; restrict = cfg.restrictListen; - exemptList = config.services.fail2ban.ignoreIP; + exemptList = optionals config.local.net.fail2ban.enable config.services.fail2ban.ignoreIP; in { options.local.auth.openssh = { @@ -104,7 +104,7 @@ in ports = optional (restrict != null -> restrict.addresses != [ ]) port; startWhenNeeded = mkDefault (!config.services.fail2ban.enable); - extraConfig = '' + extraConfig = optionalString (exemptList != [ ]) '' PerSourcePenaltyExemptList ${concatStringsSep "," exemptList} '' + optionalString cfg.tunnel.enable '' # User 'tunnel' has no password. Use PAM OATH |