commit 38e5187aeea047f16faa4f03a110c69e353b8396 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

opensnitch: add `package` option (#416289)

authored by Jonas Heinrich and committed by GitHub 7 months ago 38e5187a 0205b99b

+5 -5

1 changed file

expand all

unified split

nixos

modules

services

security

opensnitch.nix

+5 -5

nixos/modules/services/security/opensnitch.nix

··· 13 13 file = pkgs.writeText "rule" (builtins.toJSON cfg); 14 14 } 15 15 ); 16 - 17 16 in 18 17 { 19 18 options = { 20 19 services.opensnitch = { 21 20 enable = lib.mkEnableOption "Opensnitch application firewall"; 21 + package = lib.mkPackageOption pkgs "opensnitch" { }; 22 22 23 23 rules = lib.mkOption { 24 24 default = { }; ··· 192 192 services.opensnitch.settings = lib.mapAttrs (_: v: lib.mkDefault v) ( 193 193 builtins.fromJSON ( 194 194 builtins.unsafeDiscardStringContext ( 195 - builtins.readFile "${pkgs.opensnitch}/etc/opensnitchd/default-config.json" 195 + builtins.readFile "${cfg.package}/etc/opensnitchd/default-config.json" 196 196 ) 197 197 ) 198 198 ); 199 199 200 200 systemd = { 201 - packages = [ pkgs.opensnitch ]; 201 + packages = [ cfg.package ]; 202 202 services.opensnitchd = { 203 203 wantedBy = [ "multi-user.target" ]; 204 204 serviceConfig = { ··· 210 210 in 211 211 [ 212 212 "" 213 - "${pkgs.opensnitch}/bin/opensnitchd --config-file ${format.generate "default-config.json" preparedSettings}" 213 + "${cfg.package}/bin/opensnitchd --config-file ${format.generate "default-config.json" preparedSettings}" 214 214 ]; 215 215 }; 216 216 preStart = lib.mkIf (cfg.rules != { }) ( ··· 245 245 }; 246 246 tmpfiles.rules = [ 247 247 "d ${cfg.settings.Rules.Path} 0750 root root - -" 248 - "L+ /etc/opensnitchd/system-fw.json - - - - ${pkgs.opensnitch}/etc/opensnitchd/system-fw.json" 248 + "L+ /etc/opensnitchd/system-fw.json - - - - ${cfg.package}/etc/opensnitchd/system-fw.json" 249 249 ]; 250 250 }; 251 251