From c75398b10a23fe19408026b455b20a1961af3917 Mon Sep 17 00:00:00 2001
From: Izorkin <izorkin@elven.pw>
Date: Tue, 17 Mar 2020 22:24:48 +0300
Subject: [PATCH] nixos/fail2ban: disable work fail2ban without firewall

---
 nixos/modules/services/security/fail2ban.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/nixos/modules/services/security/fail2ban.nix b/nixos/modules/services/security/fail2ban.nix
index cb748c93d24e..976b01fd10ee 100644
--- a/nixos/modules/services/security/fail2ban.nix
+++ b/nixos/modules/services/security/fail2ban.nix
@@ -216,6 +216,10 @@ in
 
   config = mkIf cfg.enable {
 
+    warnings = mkIf (config.networking.firewall.enable == false || config.networking.nftables.enable == false) [
+      "fail2ban can not be used without a firewall"
+    ];
+
     environment.systemPackages = [ cfg.package ];
 
     environment.etc = {