diff --git a/home-manager/opensnitch-ui.nix b/home-manager/opensnitch-ui.nix
new file mode 100644
index 0000000..8d86151
--- /dev/null
+++ b/home-manager/opensnitch-ui.nix
@@ -0,0 +1,3 @@
+{ osConfig, pkgs, lib, inputs, ... }:
+let cfg = osConfig.custom.services.opensnitch;
+in { config = lib.mkIf cfg.enable { services.opensnitch-ui.enable = true; }; }
diff --git a/modules/hardware/nvidia.nix b/modules/hardware/nvidia.nix
index b69dd98..d23003c 100644
--- a/modules/hardware/nvidia.nix
+++ b/modules/hardware/nvidia.nix
@@ -1,13 +1,11 @@
-{lib, config, pkgs, ...}:
+{ lib, config, pkgs, ... }:
 with lib;
-let
-  cfg = config.custom.hardware.nvidia;
-in
-{
+let cfg = config.custom.hardware.nvidia;
+in {
   options.custom.hardware.nvidia = {
     enable = mkEnableOption "Enables nvidia gpus";
   };
-  
+
   config = mkIf cfg.enable {
     # Enable OpenGL
     hardware.opengl = {
@@ -15,8 +13,8 @@ in
       driSupport = true;
       driSupport32Bit = true;
     };
-  
-    services.xserver.videoDrivers = ["nvidia"];
+
+    services.xserver.videoDrivers = [ "nvidia" ];
     hardware.nvidia = {
       # Modesetting is required.
       modesetting.enable = true;
@@ -34,7 +32,7 @@ in
       # Currently alpha-quality/buggy, so false is currently the recommended setting.
       open = true;
       # Enable the Nvidia settings menu,
-        # accessible via `nvidia-settings`.
+      # accessible via `nvidia-settings`.
       nvidiaSettings = true;
       # Optionally, you may need to select the appropriate driver version for your specific GPU.
       package = config.boot.kernelPackages.nvidiaPackages.beta;
diff --git a/modules/services/default.nix b/modules/services/default.nix
index 1029fb0..1bbe12d 100644
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -2,6 +2,7 @@
 {
   imports = [
     ./acme.nix
+    ./opensnitch.nix
     ./adguard.nix
     ./dnsmasq.nix
     ./gitolite.nix
diff --git a/modules/services/opensnitch.nix b/modules/services/opensnitch.nix
new file mode 100644
index 0000000..cbbc5fc
--- /dev/null
+++ b/modules/services/opensnitch.nix
@@ -0,0 +1,39 @@
+{ config, pkgs, lib, inputs, ... }:
+let cfg = config.custom.services.opensnitch;
+in {
+  options.custom.services.opensnitch = {
+    enable = lib.mkEnableOption "Enables opensnitch";
+  };
+  config = lib.mkIf cfg.enable {
+    environment.systemPackages = [ pkgs.opensnitch-ui ];
+    services.opensnitch = {
+      enable = true;
+      rules = {
+        systemd-timesyncd = {
+          name = "systemd-timesyncd";
+          enabled = true;
+          action = "allow";
+          duration = "always";
+          operator = {
+            type = "simple";
+            sensitive = false;
+            operand = "process.path";
+            data = "${lib.getBin pkgs.systemd}/lib/systemd/systemd-timesyncd";
+          };
+        };
+        systemd-resolved = {
+          name = "systemd-resolved";
+          enabled = true;
+          action = "allow";
+          duration = "always";
+          operator = {
+            type = "simple";
+            sensitive = false;
+            operand = "process.path";
+            data = "${lib.getBin pkgs.systemd}/lib/systemd/systemd-resolved";
+          };
+        };
+      };
+    };
+  };
+}
diff --git a/systems/pc/configuration.nix b/systems/pc/configuration.nix
index 8821325..65ffeda 100644
--- a/systems/pc/configuration.nix
+++ b/systems/pc/configuration.nix
@@ -45,6 +45,9 @@
       tpm.enable = true;
       tablet.enable = true;
     };
+    services = {
+      opensnitch.enable = true;
+    };
     graphical = {
       audio.enable = true;
       code = {
diff --git a/users/kopatz/home.nix b/users/kopatz/home.nix
index 7b536b7..7548fc6 100644
--- a/users/kopatz/home.nix
+++ b/users/kopatz/home.nix
@@ -24,6 +24,7 @@
     ../../home-manager/nixvim
     ../../home-manager/rofi.nix
     ../../home-manager/dunst.nix
+    ../../home-manager/opensnitch-ui.nix
     #../../home-manager/theme.nix
     ../../home-manager/zsh
     ../../home-manager/i3.nix