OpenSnitch: Difference between revisions

← Older edit Newer edit →

VisualWikitext

@@ Line 24: / Line 24: @@
 <syntaxhighlight lang="nix">
-  services.opensnitch = {
+services.opensnitch = {
-    enable = true;
+  enable = true;
-    rules = {
+  rules = {
-      systemd-timesyncd = {
+    systemd-timesyncd = {
-        name = "systemd-timesyncd";
+      name = "systemd-timesyncd";
-        enabled = true;
+      enabled = true;
-        action = "allow";
+      action = "allow";
-        duration = "always";
+      duration = "always";
-        operator = {
+      operator = {
-          type ="simple";
+        type ="simple";
-          sensitive = false;
+        sensitive = false;
-          operand = "process.path";
+        operand = "process.path";
-          data = "${lib.getBin pkgs.systemd}/lib/systemd/systemd-timesyncd";
+        data = "${lib.getBin pkgs.systemd}/lib/systemd/systemd-timesyncd";
-        };
        };
-      systemd-resolved = {
+    };
-        name = "systemd-resolved";
+    systemd-resolved = {
-        enabled = true;
+      name = "systemd-resolved";
-        action = "allow";
+      enabled = true;
-        duration = "always";
+      action = "allow";
-        operator = {
+      duration = "always";
-          type ="simple";
+      operator = {
-          sensitive = false;
+        type ="simple";
-          operand = "process.path";
+        sensitive = false;
-          data = "${lib.getBin pkgs.systemd}/lib/systemd/systemd-resolved";
+        operand = "process.path";
-        };
+        data = "${lib.getBin pkgs.systemd}/lib/systemd/systemd-resolved";
        };
      };
    };
+};
 </syntaxhighlight>