This repository was archived by the owner on Sep 14, 2025. It is now read-only.
File tree Expand file tree Collapse file tree 1 file changed +25
-5
lines changed Expand file tree Collapse file tree 1 file changed +25
-5
lines changed Original file line number Diff line number Diff line change 44 pkgs ,
55 ...
66} :
7+ let
8+ # generate multiline string of modsecurity rules with automatic indexing
9+ genModsecRules =
10+ rules :
11+ builtins . concatStringsSep "\n " (
12+ lib . lists . imap0 (
13+ i : v : builtins . replaceStrings [ "id:AUTO" ] [ "id:${ toString ( 10000 + i ) } " ] v
14+ ) rules
15+ ) ;
16+ in
717{
818 options . secshell . nginx = {
919 openFirewall = lib . mkOption {
2535 type = lib . types . int ;
2636 default = 1 ;
2737 } ;
28- pre = lib . mkOption {
29- type = lib . types . lines ;
30- default = "" ;
38+
39+ preRules = lib . mkOption {
40+ type = with lib . types ; listOf lines ;
41+ default = [ ] ;
3142 } ;
32- post = lib . mkOption {
43+ pre = lib . mkOption {
3344 type = lib . types . lines ;
34- default = "" ;
45+ default = genModsecRules config . secshell . nginx . modsecurity . preRules ;
3546 } ;
3647 preFile = lib . mkOption {
3748 type = lib . types . path ;
3849 default = pkgs . writeText "modsecurity_pre.conf" config . secshell . nginx . modsecurity . pre ;
3950 } ;
51+
52+ postRules = lib . mkOption {
53+ type = with lib . types ; listOf lines ;
54+ default = [ ] ;
55+ } ;
56+ post = lib . mkOption {
57+ type = lib . types . lines ;
58+ default = genModsecRules config . secshell . nginx . modsecurity . postRules ;
59+ } ;
4060 postFile = lib . mkOption {
4161 type = lib . types . path ;
4262 default = pkgs . writeText "modsecurity_post.conf" config . secshell . nginx . modsecurity . post ;
You can’t perform that action at this time.
0 commit comments