From 425e9583ff482684a4909bdb06dc0ed5556b1966 Mon Sep 17 00:00:00 2001
From: Dave Gallant <davegallant@gmail.com>
Date: Fri, 6 Aug 2021 21:08:48 -0400
Subject: [PATCH] Add opensnitch to Linux

---
 common/opensnitch/default.nix | 24 +++++++++++++++++++++++
 common/packages.nix           |  4 +++-
 flake.lock                    | 36 +++++++++++++++++------------------
 flake.nix                     |  1 +
 4 files changed, 46 insertions(+), 19 deletions(-)
 create mode 100644 common/opensnitch/default.nix

diff --git a/common/opensnitch/default.nix b/common/opensnitch/default.nix
new file mode 100644
index 0000000..fda9a9e
--- /dev/null
+++ b/common/opensnitch/default.nix
@@ -0,0 +1,24 @@
+{ pkgs, ... }:
+{
+  systemd = {
+    services = {
+      opensnitch = {
+        description = "Opensnitch Application Firewall Daemon";
+        wants = [ "network.target" ];
+        after = [ "network.target" ];
+        wantedBy = [ "multi-user.target" ];
+        path = [ pkgs.iptables ];
+        serviceConfig = {
+          Type = "simple";
+          PermissionsStartOnly = true;
+          ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p /etc/opensnitch/rules";
+          ExecStart = "${pkgs.opensnitch}/bin/opensnitchd -rules-path /etc/opensnitch/rules";
+          Restart = "always";
+          RestartSec = 30;
+        };
+        enable = true;
+      };
+    };
+  };
+
+}
diff --git a/common/packages.nix b/common/packages.nix
index c01e0f2..9499146 100644
--- a/common/packages.nix
+++ b/common/packages.nix
@@ -182,10 +182,12 @@ in
         kazam
         libreoffice
         networkmanager-openvpn
+        opensnitch
+        opensnitch-ui
         pulseeffects-pw
         qemu
-        rustup
         rtorrent
+        rustup
         spotify
         strace
         usbutils
diff --git a/flake.lock b/flake.lock
index 96bc1c2..0d19a01 100644
--- a/flake.lock
+++ b/flake.lock
@@ -58,11 +58,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1627592512,
-        "narHash": "sha256-+bauwACGl+/dTQB047XImRz5P6Lp6vxl5ruiKjtENxo=",
+        "lastModified": 1628287034,
+        "narHash": "sha256-pWMEpQQcKxBy0OKskFLXJHEyGYJIiMu/BUQjCWxGF38=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "7f976da06840c268cc291a021bab7532b923713c",
+        "rev": "b0d769691cc379c9ab91d3acec5d14e75c02c02b",
         "type": "github"
       },
       "original": {
@@ -80,11 +80,11 @@
       },
       "locked": {
         "dir": "contrib",
-        "lastModified": 1627946637,
-        "narHash": "sha256-GO17FYEQfUu09L5oh/icxN+FOBqKMfWWNfzCJiF/kjs=",
+        "lastModified": 1628168846,
+        "narHash": "sha256-SKe98a5oiaCCVixVrZErNnKk+7NPbcFPwhGnxtAlC6k=",
         "owner": "neovim",
         "repo": "neovim",
-        "rev": "8baf7bce2b51e8d3d47b6c70ce054663d927639a",
+        "rev": "5130bc071e7720e261b7251c1716df69e33ae1dd",
         "type": "github"
       },
       "original": {
@@ -101,11 +101,11 @@
         "nixpkgs": "nixpkgs"
       },
       "locked": {
-        "lastModified": 1627978407,
-        "narHash": "sha256-dwcd10ap1W3p17NcKUdpjMPUzKEZLfOicZN6uKC0+SI=",
+        "lastModified": 1628237805,
+        "narHash": "sha256-J8aN6H8xXPotJ2r3KJS8eJEOPFBUxlI3xxIoAK3y4Y0=",
         "owner": "nix-community",
         "repo": "neovim-nightly-overlay",
-        "rev": "e637af22f0a71b678a1352139db91898ff991315",
+        "rev": "cc836b73d702cdd77f36dbb36c711e90b2a447fe",
         "type": "github"
       },
       "original": {
@@ -116,11 +116,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1627666012,
-        "narHash": "sha256-Dx93VcfFwFlUex2Me4i+lS2IFwNrSVEvTvZuP/vmmXQ=",
+        "lastModified": 1628078080,
+        "narHash": "sha256-NKYtXUH32TlhOyhi41ZLtkBYh+7z24FpONDOInG4QR8=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "09ed30ff3bb67f5efe9c77e0d79aca01793526ca",
+        "rev": "8296b88560d8ac07a885452e094cd454de90ea9b",
         "type": "github"
       },
       "original": {
@@ -132,11 +132,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1627857416,
-        "narHash": "sha256-AV0MsFVzbWI2MZbJ2j0kc8ooFLGSCZHuM9ipaWR9ds4=",
+        "lastModified": 1628121754,
+        "narHash": "sha256-WQJSvlP/4f1pJCPM9Se+0x606jrUNgDiIUvF7GYxS2Q=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "aaf9676fbb7fb4570216ca1e189a3dc769d62c45",
+        "rev": "5a82107589e6ba78a14b9a00c9ba268f1329a13f",
         "type": "github"
       },
       "original": {
@@ -148,11 +148,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1627857416,
-        "narHash": "sha256-AV0MsFVzbWI2MZbJ2j0kc8ooFLGSCZHuM9ipaWR9ds4=",
+        "lastModified": 1628199198,
+        "narHash": "sha256-DkMFcm5VdqbausjUjyHWGBlcXNw/EMFiQpiCY5KKtMo=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "aaf9676fbb7fb4570216ca1e189a3dc769d62c45",
+        "rev": "439b1605227b8adb1357b55ce8529d541abbe9eb",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index 93dff54..2412adb 100644
--- a/flake.nix
+++ b/flake.nix
@@ -30,6 +30,7 @@
           ./common/fonts.nix
           ./common/linux.nix
           ./common/netdata/default.nix
+          ./common/opensnitch/default.nix
           ./common/networking.nix
           ./common/packages.nix
           ./common/printing.nix