nixos/crowdsec-firewall-bouncer: Fix missing systemd dependencies to firewall services (#476651)

              # Replace the api_key placeholder with the secret

              ${lib.getExe pkgs.replace-secret} '@API_KEY_FILE@' "$CREDENTIALS_DIRECTORY/API_KEY_FILE" ${final-config-file}

            '';

            isIptables = (cfg.settings.mode == "iptables") || (cfg.settings.mode == "ipset");

            isNftables = cfg.settings.mode == "nftables";

          in

          rec {

            description = "CrowdSec Firewall Bouncer";

            wantedBy = [ "multi-user.target" ];

            after = [ "network.target" ] ++ (lib.optional config.services.crowdsec.enable "crowdsec.service");

            partOf = lib.optional isNftables "nftables.service" ++ lib.optional isIptables "firewall.service";

            after =

              lib.optional isNftables "nftables.service"

              ++ lib.optional isIptables "firewall.service"

              ++ lib.optional config.services.crowdsec.enable "crowdsec.service";

            wants = after;

            requires = lib.optional cfg.registerBouncer.enable "crowdsec-firewall-bouncer-register.service";

            # When using iptables/ipset modes, the bouncer calls external binaries so they must be added to the path.

            # For nftables mode, it does not depend on external binaries.

            path = lib.optionals ((cfg.settings.mode == "iptables") || (cfg.settings.mode == "ipset")) [

            path = lib.optionals isIptables [

              pkgs.iptables

              pkgs.ipset

            ];

  };

  meta = {

    maintainers = with lib.maintainers; [ nicomem ];

    maintainers = with lib.maintainers; [

      nicomem

      tornax

    ];

  };

}