Opensnitch
services.opensnitch.enable
Whether to enable Opensnitch application firewall.
Type: boolean
Default
false
Example
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/opensnitch.nix
services.opensnitch.rules
Declarative configuration of firewall rules.
All rules will be stored in /var/lib/opensnitch/rules by default.
Rules path can be configured with settings.Rules.Path.
See upstream documentation
for available options.
Type: JSON value
Default
{ }
Example
{"tor" = {"name" = "tor";"enabled" = true;"action" = "allow";"duration" = "always";"operator" = {"type" ="simple";"sensitive" = false;"operand" = "process.path";"data" = "${lib.getBin pkgs.tor}/bin/tor";};};};
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/opensnitch.nix
services.opensnitch.settings
opensnitchd configuration. Refer to upstream documentation for details on supported values.
Type: JSON value
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/opensnitch.nix
services.opensnitch.settings.DefaultAction
Default action whether to block or allow application internet access.
Type: one of "allow", "deny"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/opensnitch.nix
services.opensnitch.settings.Ebpf.ModulesPath
Configure eBPF modules path. Used when
settings.ProcMonitorMethod is set to ebpf.
Type: path
Default
if cfg.settings.ProcMonitorMethod == "ebpf" then"\\$\\{config.boot.kernelPackages.opensnitch-ebpf\\}/etc/opensnitchd"else null;
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/opensnitch.nix
services.opensnitch.settings.Firewall
Which firewall backend to use.
Type: one of "iptables", "nftables"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/opensnitch.nix
services.opensnitch.settings.InterceptUnknown
Whether to intercept spare connections.
Type: boolean
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/opensnitch.nix
services.opensnitch.settings.LogLevel
Default log level from 0 to 4 (debug, info, important, warning, error).
Type: one of 0, 1, 2, 3, 4
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/opensnitch.nix
services.opensnitch.settings.ProcMonitorMethod
Which process monitoring method to use.
Type: one of "ebpf", "proc", "ftrace", "audit"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/opensnitch.nix
services.opensnitch.settings.Rules.Path
Path to the directory where firewall rules can be found and will get stored by the NixOS module.
Type: path
Default
"/var/lib/opensnitch/rules"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/opensnitch.nix
services.opensnitch.settings.Server.Address
Unix socket path (unix:///tmp/osui.sock, the "unix:///" part is mandatory) or TCP socket (192.168.1.100:50051).
Type: string
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/opensnitch.nix
services.opensnitch.settings.Server.LogFile
File to write logs to (use /dev/stdout to write logs to standard output).
Type: path
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/opensnitch.nix
services.opensnitch.settings.Stats.MaxEvents
Max events to send to the GUI.
Type: signed integer
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/opensnitch.nix
services.opensnitch.settings.Stats.MaxStats
Max stats per item to keep in backlog.
Type: signed integer
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/opensnitch.nix