pyrox.dev / nixpkgs
lol
fork atom

nixos/opensnitch: fix eval on non-ebpf ProcMonitorMethod

Grimmauld ec3661ed e0be1ad9

options
unified split
Changed files
+11 -5
nixos
modules
services
security
opensnitch.nix
+11 -5
nixos/modules/services/security/opensnitch.nix 
···

       
150

       
150

       
 

       
            };


     

       
151

       
151

       
 

       



     

       
152

       
152

       
 

       
            Ebpf.ModulesPath = lib.mkOption {


     

       
153

       

       
-

       
              type = lib.types.path;


     

       

       
153

       
+

       
              type = lib.types.nullOr lib.types.path;


     

       
154

       
154

       
 

       
              default =


     

       
155

       
155

       
 

       
                if cfg.settings.ProcMonitorMethod == "ebpf" then


     

       
156

       
156

       
 

       
                  "${config.boot.kernelPackages.opensnitch-ebpf}/etc/opensnitchd"


     
···

       
202

       
202

       
 

       
      services.opensnitchd = {


     

       
203

       
203

       
 

       
        wantedBy = [ "multi-user.target" ];


     

       
204

       
204

       
 

       
        serviceConfig = {


     

       
205

       

       
-

       
          ExecStart = [


     

       
206

       

       
-

       
            ""


     

       
207

       

       
-

       
            "${pkgs.opensnitch}/bin/opensnitchd --config-file ${format.generate "default-config.json" cfg.settings}"


     

       
208

       

       
-

       
          ];


     

       

       
205

       
+

       
          ExecStart =


     

       

       
206

       
+

       
            let


     

       

       
207

       
+

       
              preparedSettings = removeAttrs cfg.settings (


     

       

       
208

       
+

       
                lib.optional (cfg.settings.ProcMonitorMethod != "ebpf") "Ebpf"


     

       

       
209

       
+

       
              );


     

       

       
210

       
+

       
            in


     

       

       
211

       
+

       
            [


     

       

       
212

       
+

       
              ""


     

       

       
213

       
+

       
              "${pkgs.opensnitch}/bin/opensnitchd --config-file ${format.generate "default-config.json" preparedSettings}"


     

       

       
214

       
+

       
            ];


     

       
209

       
215

       
 

       
        };


     

       
210

       
216

       
 

       
        preStart = lib.mkIf (cfg.rules != { }) (


     

       
211

       
217

       
 

       
          let