onny

services.iwd-autocaptiveauth.enable

Whether to enable iwd auto authenticate to captive portals.

example

{
  services.iwd-autocaptiveauth.enable = true;
}

default

{
  services.iwd-autocaptiveauth.enable = false;
}

services.opensnitch.enable

Whether to enable opensnitch.

example

{
  services.opensnitch.enable = true;
}

default

{
  services.opensnitch.enable = false;
}

services.opensnitch.extraRules

Set of JSON attribute sets describing default opensnitch rules that are written to /etc/opensnitch/rules.

example

{
  services.opensnitch.extraRules = ''
    {
      kerberos_rule = {
        action = "allow";
        operator = {
          type = "list";
          list = [
            {
              type = "simple";
              operand = "dest.host";
              data = "kerberos.example.domain";
            }
            {
              type = "simple";
              operand = "dest.port";
              data = "88";
            }
          ];
        };
      };
    }
    
  '';
}

default

{
  services.opensnitch.extraRules = [];
}

services.opensnitch.startUserService

If enabled, run the opensnitch-ui process as a user service in the graphical session. All users' UI processes share the config specified in uiConfig. If this is disabled, opensnitch-ui must be run by some other means.

type

boolean

default

{
  services.opensnitch.startUserService = true;
}

services.opensnitch.uiConfig

JSON attribute set for opensnitch-ui config file.

type

attribute set

example

{
  services.opensnitch.uiConfig = ''
    {
      default_timeout = 15;
      default_action = "allow";
      default_duration = "until restart";
    }
    
  '';
}

default

{
  services.opensnitch.uiConfig = {
    default_action = "deny";
    default_duration = "once";
    default_timeout = 60;
  };
}

services.opensnitch.whitelistHosts

List of destination hosts for which to create default (regexp) allow rules, regardless of other connection properties.

type

list of attribute set

example

{
  services.opensnitch.whitelistHosts = "[ { host = "*.nixos.org" } { ip = "127.0.0.1" } ]";
}

default

{
  services.opensnitch.whitelistHosts = [];
}

services.opensnitch.whitelistPackages

List of packages for which to generate rules to allow connections from all processes that are located below a package's store path. Intended for process rules which should survive NixOS updates.

type

list of package

default

{
  services.opensnitch.whitelistPackages = [
    {
      drvPath = "nix-2.8.1";
      name = "nix-2.8.1";
      outPath = "nix-2.8.1";
      type = "derivation";
    }
  ];
}