discord attachments and osu openmsnitch rules

2024-10-08 11:58:36 +02:00 · 2024-10-08 11:58:36 +02:00 · 96d240c517
commit 96d240c517
parent 48cb9f9e7c
2 changed files with 52 additions and 6 deletions
--- a/common/tooling/opensnitch/default.nix
+++ b/common/tooling/opensnitch/default.nix
@ -132,6 +132,51 @@ in
          };
        };

+        osu_deny = mkIf (config.grimmShared.gaming && graphical) {
+          name = "osu-deny";
+          enabled = true;
+          action = "deny";
+          precedence = false;
+          duration = "always";
+          operator = {
+            type ="regexp";
+            sensitive = false;
+            operand = "process.path";
+            data = "/nix/store/[a-z0-9]{32}-osu-lazer-bin-${escapeRegex (getVersion pkgs.osu-lazer-bin)}-extracted/usr/bin/osu!";
+          };
+        };
+
+        osu_allow = mkIf (config.grimmShared.gaming && graphical) {
+          name = "osu-allow";
+          enabled = true;
+          action = "allow";
+          precedence = true;
+          duration = "always";
+          operator = {
+            type = "list";
+            operand = "list";
+            list = [
+              {
+                type = "simple";
+                operand = "dest.port";
+                data = "443";
+              }
+              {
+                type ="regexp";
+                sensitive = false;
+                operand = "process.path";
+                data = "/nix/store/[a-z0-9]{32}-osu-lazer-bin-${escapeRegex (getVersion pkgs.osu-lazer-bin)}-extracted/usr/bin/osu!";
+              }
+              {
+                type = "regexp";
+                sensitive = false;
+                operand = "dest.host";
+                data = "(api\.github\.com)|((.+\.)?ppy\.sh)";
+              }
+            ];
+          };
+        };
+
        ncspot = mkIf (config.grimmShared.spotify.enable) {
          name = "ncspot";
          enabled = true;
@ -375,13 +420,13 @@ in
                operand = "dest.port";
                data = "123|37|53";
              }
+#              {
+#                type = "regexp";
+#                sensitive = false;
+#                operand = "dest.host";
+#                data = ".*\.nixos\.pool\.ntp\.org";
+#              }
              {
-                type = "regexp";
-                sensitive = false;
-                operand = "dest.host";
-                data = ".*\.nixos\.pool\.ntp\.org";
-              }
-                            {
                type = "simple";
                operand = "user.id";
                data = "154";
--- a/common/tooling/opensnitch/discord_hosts/hosts.list
+++ b/common/tooling/opensnitch/discord_hosts/hosts.list
@ -4,6 +4,7 @@ discordapp.net
 discord.gg
 discord.com
 vencord.dev
+discord-attachments-uploads-prd.storage.googleapis.com

 github.com
 githubusercontent.com