From: muradm <mail@muradm.net>
To: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Cc: 57473@debbugs.gnu.org
Subject: [bug#57473] [PATCH v2 3/4] gnu: fail2ban-service-type: Fix type of enabled? field.
Date: Tue, 30 Aug 2022 09:42:16 +0300 [thread overview]
Message-ID: <877d2qmd25.fsf@muradm.net> (raw)
In-Reply-To: <877d2qbwfl.fsf@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1756 bytes --]
Hi,
Maxim Cournoyer <maxim.cournoyer@gmail.com> writes:
> Hi,
>
> muradm <mail@muradm.net> writes:
>
>> * gnu/services/security.scm (fail2ban-jail-configuration)
>> [enabled?]: Should be maybe-boolean, which is how normaly
>> fail2ban
>> is configured. This also allows sections without enabled field
>> like @samp{[DEFAULT]}.
>> * doc/guix.texi: Type of enabled? is maybe-boolean.
>> ---
[...]
>> @@ -197,7 +197,7 @@ (define-configuration
>> fail2ban-jail-configuration
>> "Required name of this jail configuration."
>> empty-serializer)
>> (enabled?
>> - (boolean #t)
>> + maybe-boolean
>
> I made this change willingly, because it doesn't make sense to
> me to
> define a jail configuration that is disabled by default.
>
> Does that make sense?
When I was implementing configuration, I was thinking the same.
However, while trying to find sensible or hardcoded defaults,
looking at code and usage examples, I found that configuration
of fail2ban is quite loose, than one can anticipiate. Variables
can be overriden from many places, so absence of variable also
becomes as important. So I decided to opt-in for most fields
as maybe-.
IMHO, this is why they had to make --d/--dp flags to
dump effective configuration :)
I actually mention that in the docs, where it says that
unspecified values are not serialized in favor of whatever
are defaults and/or values specified elsewhere. Which are
basically hard to track.
And finally there is a [DEFAULT] section which applies to
all jails. But it is not a jail by itself. So if there is
"enabled = false" or "enabled = true", fail2ban fails to
start, because of unexpected variable for that section.
I hope it is clear enough.
Thanks in advance,
muradm
>
> Thanks,
>
> Maxim
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]
next prev parent reply other threads:[~2022-08-30 7:00 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-29 9:42 [bug#57473] [PATCH] gnu: fail2ban-service-type: Fix field name serialization muradm
2022-08-29 13:51 ` [bug#57473] [PATCH v2 1/4] " muradm
2022-08-29 13:51 ` [bug#57473] [PATCH v2 2/4] gnu: fail2ban-service-type: Improve jail configuration serialization muradm
2022-08-29 13:51 ` [bug#57473] [PATCH v2 3/4] gnu: fail2ban-service-type: Fix type of enabled? field muradm
2022-08-29 20:56 ` Maxim Cournoyer
2022-08-30 6:42 ` muradm [this message]
2022-09-01 13:03 ` bug#57473: " Maxim Cournoyer
2022-08-29 13:51 ` [bug#57473] [PATCH v2 4/4] gnu: fail2ban-service-type: Fix documentation typos muradm
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=877d2qmd25.fsf@muradm.net \
--to=mail@muradm.net \
--cc=57473@debbugs.gnu.org \
--cc=maxim.cournoyer@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).