kopatz/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add opensnitch

Browse Source
This commit is contained in:
Kopatz
2024-06-12 18:45:06 +02:00
parent e37b8e3f8d
commit 635d2d27b3
6 changed files with 54 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
home-manager/opensnitch-ui.nix Normal file
View File

@@ -0,0 +1,3 @@
{ osConfig, pkgs, lib, inputs, ... }:
let cfg = osConfig.custom.services.opensnitch;
in { config = lib.mkIf cfg.enable { services.opensnitch-ui.enable = true; }; }

16
modules/hardware/nvidia.nix
View File

@@ -1,13 +1,11 @@
{lib, config, pkgs, ...}: { lib, config, pkgs, ... }:
with lib; with lib;
let let cfg = config.custom.hardware.nvidia;
cfg = config.custom.hardware.nvidia; in {
in
{
options.custom.hardware.nvidia = { options.custom.hardware.nvidia = {
enable = mkEnableOption "Enables nvidia gpus"; enable = mkEnableOption "Enables nvidia gpus";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
# Enable OpenGL # Enable OpenGL
hardware.opengl = { hardware.opengl = {
@@ -15,8 +13,8 @@ in
driSupport = true; driSupport = true;
driSupport32Bit = true; driSupport32Bit = true;
}; };
services.xserver.videoDrivers = ["nvidia"]; services.xserver.videoDrivers = [ "nvidia" ];
hardware.nvidia = { hardware.nvidia = {
# Modesetting is required. # Modesetting is required.
modesetting.enable = true; modesetting.enable = true;
@@ -34,7 +32,7 @@ in
# Currently alpha-quality/buggy, so false is currently the recommended setting. # Currently alpha-quality/buggy, so false is currently the recommended setting.
open = true; open = true;
# Enable the Nvidia settings menu, # Enable the Nvidia settings menu,
# accessible via `nvidia-settings`. # accessible via `nvidia-settings`.
nvidiaSettings = true; nvidiaSettings = true;
# Optionally, you may need to select the appropriate driver version for your specific GPU. # Optionally, you may need to select the appropriate driver version for your specific GPU.
package = config.boot.kernelPackages.nvidiaPackages.beta; package = config.boot.kernelPackages.nvidiaPackages.beta;

1
modules/services/default.nix
View File

@@ -2,6 +2,7 @@
{ {
imports = [ imports = [
./acme.nix ./acme.nix
./opensnitch.nix
./adguard.nix ./adguard.nix
./dnsmasq.nix ./dnsmasq.nix
./gitolite.nix ./gitolite.nix

39
modules/services/opensnitch.nix Normal file
View File

@@ -0,0 +1,39 @@
{ config, pkgs, lib, inputs, ... }:
let cfg = config.custom.services.opensnitch;
in {
options.custom.services.opensnitch = {
enable = lib.mkEnableOption "Enables opensnitch";
};
config = lib.mkIf cfg.enable {
environment.systemPackages = [ pkgs.opensnitch-ui ];
services.opensnitch = {
enable = true;
rules = {
systemd-timesyncd = {
name = "systemd-timesyncd";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "simple";
sensitive = false;
operand = "process.path";
data = "${lib.getBin pkgs.systemd}/lib/systemd/systemd-timesyncd";
};
};
systemd-resolved = {
name = "systemd-resolved";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "simple";
sensitive = false;
operand = "process.path";
data = "${lib.getBin pkgs.systemd}/lib/systemd/systemd-resolved";
};
};
};
};
};
}

3
systems/pc/configuration.nix
View File

@@ -45,6 +45,9 @@
tpm.enable = true; tpm.enable = true;
tablet.enable = true; tablet.enable = true;
}; };
services = {
opensnitch.enable = true;
};
graphical = { graphical = {
audio.enable = true; audio.enable = true;
code = { code = {

1
users/kopatz/home.nix
View File

@@ -24,6 +24,7 @@
../../home-manager/nixvim ../../home-manager/nixvim
../../home-manager/rofi.nix ../../home-manager/rofi.nix
../../home-manager/dunst.nix ../../home-manager/dunst.nix
../../home-manager/opensnitch-ui.nix
#../../home-manager/theme.nix #../../home-manager/theme.nix
../../home-manager/zsh ../../home-manager/zsh
../../home-manager/i3.nix ../../home-manager/i3.nix