{ lib, pkgs, ... }: { environment.systemPackages = with pkgs; [ opensnitch opensnitch-ui ]; home-manager.users.tasia = { services.opensnitch-ui.enable = true; }; services.opensnitch = { enable = true; rules = { # systemd-resolved = { # name = "systemd-resolved"; # enabled = true; # action = "allow"; # duration = "always"; # operator = { # type = "simple"; # sensitive = false; # operand = "process.path"; # data = "${lib.getBin pkgs.systemd}/lib/systemd/systemd-resolved"; # }; # }; # }; systemd-timesyncd = { name = "systemd-timesyncd"; enabled = true; action = "allow"; duration = "always"; operator = { type = "simple"; sensitive = false; operand = "process.path"; data = "${lib.getBin pkgs.systemd}/lib/systemd/systemd-timesyncd"; }; }; adguardhome = { name = "adguardhome"; enabled = true; action = "allow"; duration = "always"; operator = { type = "simple"; sensitive = false; operand = "process.path"; data = "${lib.getBin pkgs.adguardhome}/bin/adguardhome"; }; }; syncthing = { name = "syncthing"; enabled = true; action = "allow"; duration = "always"; operator = { type = "simple"; sensitive = false; operand = "process.path"; data = "${lib.getBin pkgs.syncthing}/bin/syncthing"; }; }; tailscale = { name = "tailscale"; enabled = true; action = "allow"; duration = "always"; operator = { type = "simple"; sensitive = false; operand = "process.path"; data = "${lib.getBin pkgs.tailscale}/bin/.tailscaled-wrapped"; }; }; networkmanager = { name = "networkmanager"; enabled = true; action = "allow"; duration = "always"; operator = { type = "simple"; sensitive = false; operand = "process.path"; data = "${lib.getBin pkgs.networkmanager}/bin/NetworkManager"; }; }; librewolf = { name = "librewolf"; enabled = true; action = "allow"; duration = "always"; operator = { type = "simple"; sensitive = false; operand = "process.path"; data = "${lib.getBin pkgs.librewolf}/lib/librewolf/librewolf"; }; }; dhcpcd = { name = "dhcpcd"; enabled = true; action = "allow"; duration = "always"; operator = { type = "simple"; sensitive = false; operand = "process.path"; data = "${lib.getBin pkgs.dhcpcd}/bin/dhcpcd"; }; }; nsncd = { name = "nsncd"; enabled = true; action = "allow"; duration = "always"; operator = { type = "simple"; sensitive = false; operand = "process.path"; data = "${lib.getBin pkgs.nsncd}/bin/nsncd"; }; }; ssb-patchwork = { name = "ssb-patchwork"; enabled = true; action = "allow"; duration = "always"; operator = { type = "simple"; sensitive = false; operand = "process.path"; data = "${lib.getBin pkgs.ssb-patchwork}/ssb-patchwork"; }; }; rustdesk-serverk = { name = "rustdesk-server"; enabled = true; action = "allow"; duration = "always"; operator = { type = "simple"; sensitive = false; operand = "process.path"; data = "${lib.getBin pkgs.rustdesk-server}/bin/hbbs"; }; }; vscodium = { name = "vscodium"; enabled = true; action = "allow"; duration = "always"; operator = { type = "list"; operand = "list"; data = "[{\"type\": \"simple\", \"operand\": \"dest.host\", \"data\": \"open-vsx.org\"}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"${lib.getBin pkgs.vscodium}/lib/vscode/codium\"}]"; list = [ { type = "simple"; operand = "dest.host"; sensitive = false; data = "open-vsx.org"; list = null; } { type = "simple"; sensitive = false; operand = "process.path"; data = "${lib.getBin pkgs.vscodium}/lib/vscode/codium"; list = null; } ]; }; }; }; }; }