update

common/services/opensnitch.nix

@@ -3,8 +3,6 @@
   pkgs,
   ...
 }: {
-  services.opensnitch.enable = true;
-
   environment.systemPackages = with pkgs; [
     opensnitch
     opensnitch-ui
@@ -13,4 +11,170 @@
   home-manager.users.tasia = {
     services.opensnitch-ui.enable = true;
   };
+
+  services.opensnitch = {
+    enable = true;
+    rules = {
+      #   systemd-resolved = {
+      #     name = "systemd-resolved";
+      #     enabled = true;
+      #     action = "allow";
+      #     duration = "always";
+      #     operator = {
+      #       type = "simple";
+      #       sensitive = false;
+      #       operand = "process.path";
+      #       data = "${lib.getBin pkgs.systemd}/lib/systemd/systemd-resolved";
+      #     };
+      #   };
+      # };
+      systemd-timesyncd = {
+        name = "systemd-timesyncd";
+        enabled = true;
+        action = "allow";
+        duration = "always";
+        operator = {
+          type = "simple";
+          sensitive = false;
+          operand = "process.path";
+          data = "${lib.getBin pkgs.systemd}/lib/systemd/systemd-timesyncd";
+        };
+      };
+      adguardhome = {
+        name = "adguardhome";
+        enabled = true;
+        action = "allow";
+        duration = "always";
+        operator = {
+          type = "simple";
+          sensitive = false;
+          operand = "process.path";
+          data = "${lib.getBin pkgs.adguardhome}/bin/adguardhome";
+        };
+      };
+      syncthing = {
+        name = "syncthing";
+        enabled = true;
+        action = "allow";
+        duration = "always";
+        operator = {
+          type = "simple";
+          sensitive = false;
+          operand = "process.path";
+          data = "${lib.getBin pkgs.syncthing}/bin/syncthing";
+        };
+      };
+      tailscale = {
+        name = "tailscale";
+        enabled = true;
+        action = "allow";
+        duration = "always";
+        operator = {
+          type = "simple";
+          sensitive = false;
+          operand = "process.path";
+          data = "${lib.getBin pkgs.tailscale}/bin/.tailscaled-wrapped";
+        };
+      };
+      networkmanager = {
+        name = "networkmanager";
+        enabled = true;
+        action = "allow";
+        duration = "always";
+        operator = {
+          type = "simple";
+          sensitive = false;
+          operand = "process.path";
+          data = "${lib.getBin pkgs.networkmanager}/bin/NetworkManager";
+        };
+      };
+      librewolf = {
+        name = "librewolf";
+        enabled = true;
+        action = "allow";
+        duration = "always";
+        operator = {
+          type = "simple";
+          sensitive = false;
+          operand = "process.path";
+          data = "${lib.getBin pkgs.librewolf}/lib/librewolf/librewolf";
+        };
+      };
+      dhcpcd = {
+        name = "dhcpcd";
+        enabled = true;
+        action = "allow";
+        duration = "always";
+        operator = {
+          type = "simple";
+          sensitive = false;
+          operand = "process.path";
+          data = "${lib.getBin pkgs.dhcpcd}/bin/dhcpcd";
+        };
+      };
+      nsncd = {
+        name = "nsncd";
+        enabled = true;
+        action = "allow";
+        duration = "always";
+        operator = {
+          type = "simple";
+          sensitive = false;
+          operand = "process.path";
+          data = "${lib.getBin pkgs.nsncd}/bin/nsncd";
+        };
+      };
+      ssb-patchwork = {
+        name = "ssb-patchwork";
+        enabled = true;
+        action = "allow";
+        duration = "always";
+        operator = {
+          type = "simple";
+          sensitive = false;
+          operand = "process.path";
+          data = "${lib.getBin pkgs.ssb-patchwork}/ssb-patchwork";
+        };
+      };
+      rustdesk-serverk = {
+        name = "rustdesk-server";
+        enabled = true;
+        action = "allow";
+        duration = "always";
+        operator = {
+          type = "simple";
+          sensitive = false;
+          operand = "process.path";
+          data = "${lib.getBin pkgs.rustdesk-server}/bin/hbbs";
+        };
+      };
+      vscodium = {
+        name = "vscodium";
+        enabled = true;
+        action = "allow";
+        duration = "always";
+        operator = {
+          type = "list";
+          operand = "list";
+          data = "[{\"type\": \"simple\", \"operand\": \"dest.host\", \"data\": \"open-vsx.org\"}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"${lib.getBin pkgs.vscodium}/lib/vscode/codium\"}]";
+          list = [
+            {
+              type = "simple";
+              operand = "dest.host";
+              sensitive = false;
+              data = "open-vsx.org";
+              list = null;
+            }
+            {
+              type = "simple";
+              sensitive = false;
+              operand = "process.path";
+              data = "${lib.getBin pkgs.vscodium}/lib/vscode/codium";
+              list = null;
+            }
+          ];
+        };
+      };
+    };
+  };
 }

flake.nix

@@ -22,7 +22,7 @@
 
     # nixos-conf-editor.url = "github:snowfallorg/nixos-conf-editor";
     # nix-software-center.url = "github:snowfallorg/nix-software-center";
-    
+
     agenix = {
       url = "github:ryantm/agenix";
       inputs.nixpkgs.follows = "stable";