From 28f4b4ade31bcc9485326f0223160a660d6aa0af Mon Sep 17 00:00:00 2001
From: Nico <nico@astolfo.org>
Date: Sat, 3 May 2025 16:16:02 +1000
Subject: [PATCH] opensnitch: add rules for many programs

adds rules for:
- systemd-timesyncd
- nsncd
- firefox
- nix
- steam
- electron (apps like obsidian and vesktop)
- prismlauncher
- speech dispatcher
---
 modules/linux/opensnitch.nix | 111 +++++++++++++++++++++++++++++++++++
 1 file changed, 111 insertions(+)

diff --git a/modules/linux/opensnitch.nix b/modules/linux/opensnitch.nix
index c68fee0..31e09e9 100644
--- a/modules/linux/opensnitch.nix
+++ b/modules/linux/opensnitch.nix
@@ -8,6 +8,117 @@
       LogLevel = 2;
       Stats.MaxEvents = 3;
     };
+
+    rules = {
+      "systemd-timesyncd" = {
+        "name" = "systemd-timesyncd";
+        "enabled" = true;
+        "action" = "allow";
+        "duration" = "always";
+        "operator" = {
+          "type" = "simple";
+          "sensitive" = false;
+          "operand" = "process.path";
+          "data" = "${pkgs.systemd}/lib/systemd/systemd-timesyncd";
+        };
+      };
+      "nsncd" = {
+        "name" = "nsncd";
+        "enabled" = true;
+        "action" = "allow";
+        "duration" = "always";
+        "operator" = {
+          "type" = "simple";
+          "sensitive" = false;
+          "operand" = "process.path";
+          "data" = "${pkgs.nsncd}/bin/nsncd";
+        };
+      };
+      "firefox" = {
+        "name" = "firefox";
+        "enabled" = true;
+        "action" = "allow";
+        "duration" = "always";
+        "operator" = {
+          "type" = "simple";
+          "sensitive" = false;
+          "operand" = "process.path";
+          "data" = "${pkgs.firefox}/bin/firefox";
+        };
+      };
+      "firefox-regexp" = {
+        "name" = "firefox2";
+        "enabled" = true;
+        "action" = "allow";
+        "duration" = "always";
+        "operator" = {
+          "type" = "regexp";
+          "sensitive" = false;
+          "operand" = "process.path";
+          "data" = "/nix/store/[aA0-zZ9]*-firefox-.*/.*"; # im too lazy smh
+        };
+      };
+      "nix" = {
+        "name" = "nix";
+        "enabled" = true;
+        "action" = "allow";
+        "duration" = "always";
+        "operator" = {
+          "type" = "simple";
+          "sensitive" = false;
+          "operand" = "process.path";
+          "data" = "${pkgs.nix}/bin/nix";
+        };
+      };
+      "steam" = {
+        "name" = "steam";
+        "enabled" = true;
+        "action" = "allow";
+        "duration" = "always";
+        "operator" = {
+          "type" = "regexp";
+          "sensitive" = false;
+          "operand" = "process.path";
+          "data" = "^/home/[aA0-zZ9]*/.local/share/Steam/(ubuntu12_[0-9][0-9]|linux[0-9][0-9])/steam.*";
+        };
+      };
+      "electron" = {
+        "name" = "electron";
+        "enabled" = true;
+        "action" = "allow";
+        "duration" = "always";
+        "operator" = {
+          "type" = "simple";
+          "sensitive" = false;
+          "operand" = "process.path";
+          "data" = "${pkgs.electron}/libexec/electron/electron";
+        };
+      };
+      "prismlauncher" = {
+        "name" = "prismlauncher";
+        "enabled" = true;
+        "action" = "allow";
+        "duration" = "always";
+        "operator" = {
+          "type" = "simple";
+          "sensitive" = false;
+          "operand" = "process.path";
+          "data" = "${pkgs.prismlauncher-unwrapped}/bin/prismlauncher";
+        };
+      };
+      "speech-dispatcher" = {
+        "name" = "speech-dispatcher";
+        "enabled" = true;
+        "action" = "block";
+        "duration" = "always";
+        "operator" = {
+          "type" = "simple";
+          "sensitive" = false;
+          "operand" = "process.path";
+          "data" = "${pkgs.speechd}/bin/speech-dispatcher";
+        };
+      };
+    };
   };
 
   environment.systemPackages = [