pkgs/by-name/fa/fail2ban/package.nix at devShellTools-shell · tjh.dev/nixpkgs

tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
nixpkgs / pkgs / by-name / fa / fail2ban / package.nix
at devShellTools-shell 106 lines 3.1 kB view raw
  1{
  2  lib,
  3  stdenv,
  4  fetchFromGitHub,
  5  fetchpatch,
  6  python3,
  7  installShellFiles,
  8  nixosTests,
  9}:
 10
 11python3.pkgs.buildPythonApplication rec {
 12  pname = "fail2ban";
 13  version = "1.1.0";
 14  format = "setuptools";
 15
 16  src = fetchFromGitHub {
 17    owner = "fail2ban";
 18    repo = "fail2ban";
 19    rev = version;
 20    hash = "sha256-0xPNhbu6/p/cbHOr5Y+PXbMbt5q/S13S5100ZZSdylE=";
 21  };
 22
 23  outputs = [
 24    "out"
 25    "man"
 26  ];
 27
 28  nativeBuildInputs = [ installShellFiles ];
 29
 30  pythonPath =
 31    with python3.pkgs;
 32    lib.optionals stdenv.hostPlatform.isLinux [
 33      systemd
 34      pyinotify
 35
 36      # https://github.com/fail2ban/fail2ban/issues/3787, remove it in the next release
 37      setuptools
 38    ];
 39
 40  preConfigure = ''
 41    for i in config/action.d/sendmail*.conf; do
 42      substituteInPlace $i \
 43        --replace /usr/sbin/sendmail sendmail
 44    done
 45
 46    substituteInPlace config/filter.d/dovecot.conf \
 47      --replace dovecot.service dovecot2.service
 48  '';
 49
 50  doCheck = false;
 51
 52  patches = [
 53    # Adjust sshd filter for OpenSSH 9.8 new daemon name - remove next release
 54    (fetchpatch {
 55      url = "https://github.com/fail2ban/fail2ban/commit/2fed408c05ac5206b490368d94599869bd6a056d.patch";
 56      hash = "sha256-uyrCdcBm0QyA97IpHzuGfiQbSSvhGH6YaQluG5jVIiI=";
 57    })
 58    # filter.d/sshd.conf: ungroup (unneeded for _daemon) - remove next release
 59    (fetchpatch {
 60      url = "https://github.com/fail2ban/fail2ban/commit/50ff131a0fd8f54fdeb14b48353f842ee8ae8c1a.patch";
 61      hash = "sha256-YGsUPfQRRDVqhBl7LogEfY0JqpLNkwPjihWIjfGdtnQ=";
 62    })
 63  ];
 64
 65  preInstall = ''
 66    substituteInPlace setup.py --replace /usr/share/doc/ share/doc/
 67
 68    # see https://github.com/NixOS/nixpkgs/issues/4968
 69    ${python3.pythonOnBuildForHost.interpreter} setup.py install_data --install-dir=$out --root=$out
 70  '';
 71
 72  postInstall =
 73    let
 74      sitePackages = "$out/${python3.sitePackages}";
 75    in
 76    ''
 77      install -m 644 -D -t "$out/lib/systemd/system" build/fail2ban.service
 78      # Replace binary paths
 79      sed -i "s#build/bdist.*/wheel/fail2ban.*/scripts/#$out/bin/#g" $out/lib/systemd/system/fail2ban.service
 80      # Delete creating the runtime directory, systemd does that
 81      sed -i "/ExecStartPre/d" $out/lib/systemd/system/fail2ban.service
 82
 83      # see https://github.com/NixOS/nixpkgs/issues/4968
 84      rm -r "${sitePackages}/etc"
 85
 86      installManPage man/*.[1-9]
 87
 88      # This is a symlink to the build python version created by `updatePyExec`, seemingly to assure the same python version is used?
 89      rm $out/bin/fail2ban-python
 90      ln -s ${python3.interpreter} $out/bin/fail2ban-python
 91
 92    ''
 93    + lib.optionalString stdenv.hostPlatform.isLinux ''
 94      # see https://github.com/NixOS/nixpkgs/issues/4968
 95      rm -r "${sitePackages}/usr"
 96    '';
 97
 98  passthru.tests = { inherit (nixosTests) fail2ban; };
 99
100  meta = with lib; {
101    homepage = "https://www.fail2ban.org/";
102    description = "Program that scans log files for repeated failing login attempts and bans IP addresses";
103    license = licenses.gpl2Plus;
104    maintainers = with maintainers; [ lovek323 ];
105  };
106}