From 164acc1042408b99eef0c4704e71e285c0cffc20 Mon Sep 17 00:00:00 2001
From: "Chinmay D. Pai" <chinmaydpai@gmail.com>
Date: Sun, 6 Oct 2024 00:03:01 +0530
Subject: [PATCH] fix: use correct module options for fail2ban

* ignoreIPs -> ignoreIP
* Add settings block to each jail

Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>
---
 modules/nixos/services/fail2ban/default.nix | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/modules/nixos/services/fail2ban/default.nix b/modules/nixos/services/fail2ban/default.nix
index 373d4e0..e920926 100644
--- a/modules/nixos/services/fail2ban/default.nix
+++ b/modules/nixos/services/fail2ban/default.nix
@@ -28,7 +28,7 @@
           factor = "4";
         };
 
-        ignoreIPs =
+        ignoreIP =
           [
             "192.168.69.0/16"
             "172.16.0.0/12"
@@ -38,9 +38,11 @@
 
         jails = {
           DEFAULT = {
-            blocktype = "DROP";
-            bantime = "6h";
-            findtime = "6h";
+            settings = {
+              blocktype = "DROP";
+              bantime = lib.mkDefault "6h";
+              findtime = "6h";
+            };
           };
 
           sshd = {
@@ -56,10 +58,12 @@
           };
 
           port-scan = {
-            filter = "port-scan";
-            action = "iptables-allports[name=port-scan]";
-            bantime = 86400;
-            maxretry = 2;
+            settings = {
+              filter = "port-scan";
+              action = "iptables-allports[name=port-scan]";
+              bantime = 86400;
+              maxretry = 2;
+            };
           };
         };
       };