tasiaiso/nixos-config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

update

Browse source
This commit is contained in:
Tasia Iso 2024-08-06 19:31:07 +02:00
parent fa41b2eb5e
commit 13f2eb2628
Signed by: tasiaiso
SSH key fingerprint: SHA256:KiRjUay5C9i6objsEOIycygBHn54pDBB3Lj7fyJ0Elw
2 changed files with 167 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

168
common/services/opensnitch.nix
View file

@ -3,8 +3,6 @@
pkgs,
...
}: {
services.opensnitch.enable = true;
environment.systemPackages = with pkgs; [
opensnitch
opensnitch-ui
@ -13,4 +11,170 @@
home-manager.users.tasia = {
services.opensnitch-ui.enable = true;
};
services.opensnitch = {
enable = true;
rules = {
# systemd-resolved = {
# name = "systemd-resolved";
# enabled = true;
# action = "allow";
# duration = "always";
# operator = {
# type = "simple";
# sensitive = false;
# operand = "process.path";
# data = "${lib.getBin pkgs.systemd}/lib/systemd/systemd-resolved";
# };
# };
# };
systemd-timesyncd = {
name = "systemd-timesyncd";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "simple";
sensitive = false;
operand = "process.path";
data = "${lib.getBin pkgs.systemd}/lib/systemd/systemd-timesyncd";
};
};
adguardhome = {
name = "adguardhome";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "simple";
sensitive = false;
operand = "process.path";
data = "${lib.getBin pkgs.adguardhome}/bin/adguardhome";
};
};
syncthing = {
name = "syncthing";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "simple";
sensitive = false;
operand = "process.path";
data = "${lib.getBin pkgs.syncthing}/bin/syncthing";
};
};
tailscale = {
name = "tailscale";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "simple";
sensitive = false;
operand = "process.path";
data = "${lib.getBin pkgs.tailscale}/bin/.tailscaled-wrapped";
};
};
networkmanager = {
name = "networkmanager";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "simple";
sensitive = false;
operand = "process.path";
data = "${lib.getBin pkgs.networkmanager}/bin/NetworkManager";
};
};
librewolf = {
name = "librewolf";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "simple";
sensitive = false;
operand = "process.path";
data = "${lib.getBin pkgs.librewolf}/lib/librewolf/librewolf";
};
};
dhcpcd = {
name = "dhcpcd";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "simple";
sensitive = false;
operand = "process.path";
data = "${lib.getBin pkgs.dhcpcd}/bin/dhcpcd";
};
};
nsncd = {
name = "nsncd";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "simple";
sensitive = false;
operand = "process.path";
data = "${lib.getBin pkgs.nsncd}/bin/nsncd";
};
};
ssb-patchwork = {
name = "ssb-patchwork";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "simple";
sensitive = false;
operand = "process.path";
data = "${lib.getBin pkgs.ssb-patchwork}/ssb-patchwork";
};
};
rustdesk-serverk = {
name = "rustdesk-server";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "simple";
sensitive = false;
operand = "process.path";
data = "${lib.getBin pkgs.rustdesk-server}/bin/hbbs";
};
};
vscodium = {
name = "vscodium";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "list";
operand = "list";
data = "[{\"type\": \"simple\", \"operand\": \"dest.host\", \"data\": \"open-vsx.org\"}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"${lib.getBin pkgs.vscodium}/lib/vscode/codium\"}]";
list = [
{
type = "simple";
operand = "dest.host";
sensitive = false;
data = "open-vsx.org";
list = null;
}
{
type = "simple";
sensitive = false;
operand = "process.path";
data = "${lib.getBin pkgs.vscodium}/lib/vscode/codium";
list = null;
}
];
};
};
};
};
}