dave/nix-config
1
0
Fork 0
mirror of https://github.com/davegallant/nix-config synced 2025-08-14 14:50:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: dave:7f64cf264a6e216673348939bdfe84e136e610e3
Branches Tags
dave:main
...
compare: dave:3e8895a3ff5b53487844c14cbf404417daee555a
Branches Tags
dave:main

2 Commits
7f64cf264a ... 3e8895a3ff

Author SHA1 Message Date
Dave Gallant
3e8895a3ff Add freefilesync 2025-02-09 15:55:10 -05:00
Dave Gallant
8ca246c22b Add opensnitch 2025-02-09 14:57:43 -05:00
2 changed files with 147 additions and 2 deletions
Expand all files Collapse all files

3
home/default.nix
View File

@@ -268,8 +268,7 @@ in
];
plugins = {
auto-save.enable = false;
copilot-vim.enable = true;
auto-save.enable = true;
cmp-path.enable = true;
cmp-treesitter.enable = true;
commentary.enable = true;

146
machines/hephaestus/configuration.nix
View File

@@ -95,6 +95,7 @@ in
discord
docker
docker-compose
freefilesync
ghostscript
gimp-with-plugins
glibcLocales
@@ -110,6 +111,7 @@ in
mitmproxy
netdata
nfs-utils
opensnitch-ui
pavucontrol
pika-backup
pinentry-curses
@@ -294,6 +296,150 @@ in
};
};
services.opensnitch = {
enable = true;
rules = {
avahi-ipv4 = {
name = "Allow avahi daemon IPv4";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "list";
operand = "list";
list = [
{
type = "simple";
operand = "process.path";
sensitive = false;
data = "${lib.getBin pkgs.avahi}/bin/avahi-daemon";
}
{
type = "network";
operand = "dest.network";
data = "224.0.0.0/24";
}
];
};
};
systemd-timesyncd = {
name = "systemd-timesyncd";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "simple";
sensitive = false;
operand = "process.path";
data = "${lib.getBin pkgs.systemd}/lib/systemd/systemd-timesyncd";
};
};
systemd-resolved = {
name = "systemd-resolved";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "simple";
sensitive = false;
operand = "process.path";
data = "${lib.getBin pkgs.systemd}/lib/systemd/systemd-resolved";
};
};
localhost = {
name = "Allow all localhost";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "regexp";
operand = "dest.ip";
sensitive = false;
data = "^(127\\.0\\.0\\.1|::1)$";
list = [ ];
};
};
nix-update = {
name = "Allow Nix";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "list";
operand = "list";
list = [
{
type = "simple";
sensitive = false;
operand = "process.path";
data = "${lib.getBin pkgs.nix}/bin/nix";
}
{
type = "regexp";
operand = "dest.host";
sensitive = false;
data = "^(([a-z0-9|-]+\\.)*github\\.com|([a-z0-9|-]+\\.)*nixos\\.org)$";
}
];
};
};
NetworkManager = {
name = "Allow NetworkManager";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "list";
operand = "list";
list = [
{
type = "simple";
sensitive = false;
operand = "process.path";
data = "${lib.getBin pkgs.networkmanager}/bin/NetworkManager";
}
{
type = "simple";
operand = "dest.port";
sensitive = false;
data = "67";
}
{
type = "simple";
operand = "protocol";
sensitive = false;
data = "udp";
}
];
};
};
ssh-github = {
name = "Allow SSH to github";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "list";
operand = "list";
list = [
{
type = "simple";
sensitive = false;
operand = "process.path";
data = "${lib.getBin pkgs.openssh}/bin/ssh";
}
{
type = "simple";
operand = "dest.host";
sensitive = false;
data = "github.com";
}
];
};
};
};
};
virtualisation = {
docker.enable = true;
libvirtd.enable = true;