add opensnitch
This commit is contained in:
Kopatz
@@ -2,6 +2,7 @@
|
||||
{
|
||||
imports = [
|
||||
./acme.nix
|
||||
./opensnitch.nix
|
||||
./adguard.nix
|
||||
./dnsmasq.nix
|
||||
./gitolite.nix
|
||||
|
||||
39
modules/services/opensnitch.nix
Normal file
39
modules/services/opensnitch.nix
Normal file
@@ -0,0 +1,39 @@
|
||||
{ config, pkgs, lib, inputs, ... }:
|
||||
let cfg = config.custom.services.opensnitch;
|
||||
in {
|
||||
options.custom.services.opensnitch = {
|
||||
enable = lib.mkEnableOption "Enables opensnitch";
|
||||
};
|
||||
config = lib.mkIf cfg.enable {
|
||||
environment.systemPackages = [ pkgs.opensnitch-ui ];
|
||||
services.opensnitch = {
|
||||
enable = true;
|
||||
rules = {
|
||||
systemd-timesyncd = {
|
||||
name = "systemd-timesyncd";
|
||||
enabled = true;
|
||||
action = "allow";
|
||||
duration = "always";
|
||||
operator = {
|
||||
type = "simple";
|
||||
sensitive = false;
|
||||
operand = "process.path";
|
||||
data = "${lib.getBin pkgs.systemd}/lib/systemd/systemd-timesyncd";
|
||||
};
|
||||
};
|
||||
systemd-resolved = {
|
||||
name = "systemd-resolved";
|
||||
enabled = true;
|
||||
action = "allow";
|
||||
duration = "always";
|
||||
operator = {
|
||||
type = "simple";
|
||||
sensitive = false;
|
||||
operand = "process.path";
|
||||
data = "${lib.getBin pkgs.systemd}/lib/systemd/systemd-resolved";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
Reference in New Issue
Block a user