talexander/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Releases Activity

opensnitch: add package option (#416289)

Browse Source
This commit is contained in:
Jonas Heinrich 2025-06-22 13:17:47 +02:00 committed by GitHub
commit 38e5187aee
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
nixos/modules/services/security/opensnitch.nix
View File

@ -13,12 +13,12 @@ let
file = pkgs.writeText "rule" (builtins.toJSON cfg); file = pkgs.writeText "rule" (builtins.toJSON cfg);
} }
); );
in in
{ {
options = { options = {
services.opensnitch = { services.opensnitch = {
enable = lib.mkEnableOption "Opensnitch application firewall"; enable = lib.mkEnableOption "Opensnitch application firewall";
package = lib.mkPackageOption pkgs "opensnitch" { };
rules = lib.mkOption { rules = lib.mkOption {
default = { }; default = { };
@ -192,13 +192,13 @@ in
services.opensnitch.settings = lib.mapAttrs (_: v: lib.mkDefault v) ( services.opensnitch.settings = lib.mapAttrs (_: v: lib.mkDefault v) (
builtins.fromJSON ( builtins.fromJSON (
builtins.unsafeDiscardStringContext ( builtins.unsafeDiscardStringContext (
builtins.readFile "${pkgs.opensnitch}/etc/opensnitchd/default-config.json" builtins.readFile "${cfg.package}/etc/opensnitchd/default-config.json"
) )
) )
); );
systemd = { systemd = {
packages = [ pkgs.opensnitch ]; packages = [ cfg.package ];
services.opensnitchd = { services.opensnitchd = {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig = { serviceConfig = {
@ -210,7 +210,7 @@ in
in in
[ [
"" ""
"${pkgs.opensnitch}/bin/opensnitchd --config-file ${format.generate "default-config.json" preparedSettings}" "${cfg.package}/bin/opensnitchd --config-file ${format.generate "default-config.json" preparedSettings}"
]; ];
}; };
preStart = lib.mkIf (cfg.rules != { }) ( preStart = lib.mkIf (cfg.rules != { }) (
@ -245,7 +245,7 @@ in
}; };
tmpfiles.rules = [ tmpfiles.rules = [
"d ${cfg.settings.Rules.Path} 0750 root root - -" "d ${cfg.settings.Rules.Path} 0750 root root - -"
"L+ /etc/opensnitchd/system-fw.json - - - - ${pkgs.opensnitch}/etc/opensnitchd/system-fw.json" "L+ /etc/opensnitchd/system-fw.json - - - - ${cfg.package}/etc/opensnitchd/system-fw.json"
]; ];
}; };