feat(nix-lib): Rename dgn-lib to lib.extra

modules/default.nix

@@ -31,10 +31,10 @@
 #  pris connaissance de la licence CeCILL, et que vous en avez accepté les
 #  termes.
 
-{ dgn-lib, sources, ... }:
+{ lib, sources, ... }:
 
 {
-  imports = (dgn-lib.mkImports ./. [
+  imports = (lib.extra.mkImports ./. [
     "dgn-access-control"
     "dgn-acme"
     "dgn-console"

modules/dgn-access-control.nix

@@ -31,7 +31,7 @@
 #  pris connaissance de la licence CeCILL, et que vous en avez accepté les
 #  termes.
 
-{ config, lib, dgn-lib, meta, name, ... }:
+{ config, lib, meta, name, ... }:
 
 let
   inherit (lib)
@@ -73,7 +73,7 @@ in
     dgn-access-control.users.root = mkDefault admins;
 
     users.users = builtins.mapAttrs
-      (u: members: { openssh.authorizedKeys.keys = dgn-lib.getAllKeys members; })
+      (u: members: { openssh.authorizedKeys.keys = lib.extra.getAllKeys members; })
       cfg.users;
   };
 }

modules/dgn-dns/zones/_dgnum.eu.nix

@@ -1,7 +1,7 @@
-{ dgn-lib, meta, dns, ... }:
+{ lib, meta, dns, ... }:
 
 let
-  inherit (dgn-lib)
+  inherit (lib.extra)
     fuseAttrs
     mapSingleFuse;
 

modules/dgn-dns/zones/default.nix

@@ -1,7 +1,7 @@
-args@{ dgn-lib, dns, ... }:
+args@{ lib, dns, ... }:
 
 let
-  inherit (dgn-lib)
+  inherit (lib.extra)
     mapSingleFuse
     mkRel
     recursiveFuse;

modules/dgn-fail2ban.nix

@@ -0,0 +1,81 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib)
+    mkDefault mkEnableOption mkIf mkOption
+
+    types;
+
+  cfg = config.dgn-fail2ban;
+
+  settingsFormat = pkgs.formats.keyValue { };
+
+  configFormat = pkgs.formats.ini { };
+
+  jailOptions = {
+    options = {
+      enabled = mkOption {
+        type = types.bool;
+
+        default = true;
+        description = "Wether to enable this jail.";
+      };
+
+      filter = mkOption {
+        type =
+          types.nullOr (types.submodule { freeformType = configFormat.type; });
+
+        description = "Content of the filter used for this jail.";
+      };
+
+      settings = mkOption {
+        type = types.submodule { freeformType = settingsFormat.type; };
+
+        default = { };
+        description = "Additional configuration for the jail.";
+      };
+    };
+  };
+
+in {
+  options.dgn-fail2ban = {
+    enable = mkEnableOption "fail2ban service.";
+
+    jails = mkOption {
+      type = types.attrsOf (types.submodule jailOptions);
+
+      default = { };
+      description = "Set of jails defined for fail2ban.";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    dgn-fail2ban.jails = builtins.mapAttrs (_: j: j // { enabled = mkDefault false; })
+      (import ./jails.nix { });
+
+    services.fail2ban = {
+      enable = true;
+
+      inherit (cfg) jails;
+
+      ignoreIP = [
+        "10.0.0.0/8"
+        "125.199.0.0/16"
+        "172.16.0.0/12"
+        "192.168.0.0/16"
+        "100.64.0.0/10"
+        "fd00::/8"
+      ];
+
+      bantime-increment = {
+        enable = true;
+
+        maxtime = "48h";
+        factor = "600";
+      };
+
+      extraPackages = [ pkgs.ipset ];
+      banaction = "iptables-ipset-proto6-allports";
+    };
+  };
+}

modules/dgn-secrets.nix

@@ -31,7 +31,7 @@
 #  pris connaissance de la licence CeCILL, et que vous en avez accepté les
 #  termes.
 
-{ config, lib, dgn-lib, ... }:
+{ config, lib, ... }:
 
 let
   inherit (lib)
@@ -39,7 +39,7 @@ let
 
     types;
 
-  inherit (dgn-lib) getSecrets mkBaseSecrets recursiveFuse;
+  inherit (lib.extra) getSecrets mkBaseSecrets recursiveFuse;
 
   cfg = config.dgn-secrets;
 
@@ -92,7 +92,7 @@ in {
 
     names = mkOption {
       type = with types; listOf str;
-      default = builtins.foldl' (acc: dir: acc ++ (dgn-lib.getSecrets dir)) [ ]
+      default = builtins.foldl' (acc: dir: acc ++ (getSecrets dir)) [ ]
         cfg.sources;
       description = ''
         List of the names of the secrets.