Grimmauld/grimm-nixos-laptop
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
grimm-nixos-laptop/hardening/opensnitch/default.nix
Grimmauld d62b9c76d2
encrypted dns
2025-01-28 19:54:36 +01:00

55 lines
1.1 KiB
Nix
Raw Permalink Blame History

{
pkgs,
config,
lib,
...
}:
let
inherit (config.grimmShared)
enable
tooling
graphical
network
;
inherit (lib)
optional
mkIf
;
in
{
imports = [
./vesktop.nix
./nix.nix
./spotify.nix
./global.nix
./time.nix
./osu.nix
./cups.nix
./network_support.nix
./firefox.nix
./tooling.nix
./dns.nix
];
config = mkIf (enable && tooling.enable && network) {
environment.systemPackages = optional graphical pkgs.opensnitch-ui;
grimmShared.sway.config.autolaunch = optional graphical pkgs.opensnitch-ui;
networking.nftables.enable = true;
# security.audit.enable = true;
systemd.services.opensnitchd.path = lib.optional (
config.services.opensnitch.settings.ProcMonitorMethod == "audit"
) pkgs.audit.bin;
services.opensnitch = {
enable = true;
settings = {
DefaultAction = "deny";
Firewall = if config.networking.nftables.enable then "nftables" else "iptables";
ProcMonitorMethod = "ftrace";
# ProcMonitorMethod = "audit";
};
};
};
}
Reference in a new issue View git blame Copy permalink