diff --git a/modules/services/security/fail2ban.nix b/modules/services/security/fail2ban.nix
index 48756fbeebc..3c3519a9db7 100644
--- a/modules/services/security/fail2ban.nix
+++ b/modules/services/security/fail2ban.nix
@@ -90,10 +90,10 @@ in
         { source = jailConf;
           target = "fail2ban/jail.conf";
         }
-        { source = "${pkgs.fail2ban}/etc/fail2ban/action.d";
+        { source = "${pkgs.fail2ban}/etc/fail2ban/action.d/*.conf";
           target = "fail2ban/action.d";
         }
-        { source = "${pkgs.fail2ban}/etc/fail2ban/filter.d";
+        { source = "${pkgs.fail2ban}/etc/fail2ban/filter.d/*.conf";
           target = "fail2ban/filter.d";
         }
       ];
diff --git a/modules/system/etc/make-etc.sh b/modules/system/etc/make-etc.sh
index a5866d0a349..6075bdb2673 100644
--- a/modules/system/etc/make-etc.sh
+++ b/modules/system/etc/make-etc.sh
@@ -1,23 +1,42 @@
 source $stdenv/setup
 
-ensureDir $out/etc
+mkdir -p $out/etc
 
+set -f
 sources_=($sources)
 targets_=($targets)
 modes_=($modes)
+set +f
+
 for ((i = 0; i < ${#targets_[@]}; i++)); do
-    ensureDir $out/etc/$(dirname ${targets_[$i]})
-    if ! test -e $out/etc/${targets_[$i]}; then
-        ln -s ${sources_[$i]} $out/etc/${targets_[$i]};
+    source="${sources_[$i]}"
+    target="${targets_[$i]}"
+
+    if [[ "$source" =~ '*' ]]; then
+
+        # If the source name contains '*', perform globbing.
+        mkdir -p $out/etc/$target
+        for fn in $source; do
+            ln -s "$fn" $out/etc/$target/
+        done
+
     else
-        echo "Duplicate entry ${targets_[$i]} -> ${sources_[$i]}"
-        if test "$(readlink $out/etc/${targets_[$i]})" != "${sources_[$i]}"; then
-            echo "Mismatched duplicate entry $(readlink $out/etc/${targets_[$i]}) <-> ${sources_[$i]}"
-            exit 1
+        
+        mkdir -p $out/etc/$(dirname $target)
+        if ! [ -e $out/etc/$target ]; then
+            ln -s $source $out/etc/$target
+        else
+            echo "Duplicate entry $target -> $source"
+            if test "$(readlink $out/etc/$target)" != "$source"; then
+                echo "Mismatched duplicate entry $(readlink $out/etc/$target) <-> $source"
+                exit 1
+            fi
         fi
-    fi;
-    if test "${modes_[$i]}" != symlink; then
-        echo "${modes_[$i]}" > $out/etc/${targets_[$i]}.mode
+        
+        if test "${modes_[$i]}" != symlink; then
+            echo "${modes_[$i]}" > $out/etc/$target.mode
+        fi
+        
     fi
 done