Modularized configuration now kind of works. (still need to do some refactoring)

services/fail2ban.nix

@@ -1,7 +1,9 @@
 { config, lib, pkgs, ... }:
 
 # mostly taken from https://github.com/davidak/nixos-config/blob/master/services/fail2ban.nix
-{
+with lib;
+
+mkIf (elem "fail2ban" config.machine.services) {
   services.fail2ban = {
     enable = true;
     jails = { 
@@ -50,7 +52,7 @@
         action = iptables-multiport[name=ReqLimit, port="http,https", protocol=tcp]
         findtime = 600
         bantime = 7200
-      ''
+      '';
     };
   };