{ config, lib, pkgs, ... }:

{
  services.opensnitch = {
    enable = true;
    settings = {
      DefaultAction = "allow";
      LogLevel = 2;
      Stats.MaxEvents = 3;
    };

    rules = {
      "systemd-timesyncd" = {
        "name" = "systemd-timesyncd";
        "enabled" = true;
        "action" = "allow";
        "duration" = "always";
        "operator" = {
          "type" = "simple";
          "sensitive" = false;
          "operand" = "process.path";
          "data" = "${pkgs.systemd}/lib/systemd/systemd-timesyncd";
        };
      };
      "nsncd" = {
        "name" = "nsncd";
        "enabled" = true;
        "action" = "allow";
        "duration" = "always";
        "operator" = {
          "type" = "simple";
          "sensitive" = false;
          "operand" = "process.path";
          "data" = "${pkgs.nsncd}/bin/nsncd";
        };
      };
      "firefox" = {
        "name" = "firefox";
        "enabled" = true;
        "action" = "allow";
        "duration" = "always";
        "operator" = {
          "type" = "simple";
          "sensitive" = false;
          "operand" = "process.path";
          "data" = "${pkgs.firefox}/bin/firefox";
        };
      };
      "firefox-regexp" = {
        "name" = "firefox2";
        "enabled" = true;
        "action" = "allow";
        "duration" = "always";
        "operator" = {
          "type" = "regexp";
          "sensitive" = false;
          "operand" = "process.path";
          "data" = "/nix/store/[aA0-zZ9]*-firefox-.*/.*"; # im too lazy smh
        };
      };
      "nix" = {
        "name" = "nix";
        "enabled" = true;
        "action" = "allow";
        "duration" = "always";
        "operator" = {
          "type" = "simple";
          "sensitive" = false;
          "operand" = "process.path";
          "data" = "${pkgs.nix}/bin/nix";
        };
      };
      "steam" = {
        "name" = "steam";
        "enabled" = true;
        "action" = "allow";
        "duration" = "always";
        "operator" = {
          "type" = "regexp";
          "sensitive" = false;
          "operand" = "process.path";
          "data" = "^/home/[aA0-zZ9]*/.local/share/Steam/(ubuntu12_[0-9][0-9]|linux[0-9][0-9])/steam.*";
        };
      };
      "electron" = {
        "name" = "electron";
        "enabled" = true;
        "action" = "allow";
        "duration" = "always";
        "operator" = {
          "type" = "simple";
          "sensitive" = false;
          "operand" = "process.path";
          "data" = "${pkgs.electron}/libexec/electron/electron";
        };
      };
      "prismlauncher" = {
        "name" = "prismlauncher";
        "enabled" = true;
        "action" = "allow";
        "duration" = "always";
        "operator" = {
          "type" = "simple";
          "sensitive" = false;
          "operand" = "process.path";
          "data" = "${pkgs.prismlauncher-unwrapped}/bin/prismlauncher";
        };
      };
      "speech-dispatcher" = {
        "name" = "speech-dispatcher";
        "enabled" = true;
        "action" = "block";
        "duration" = "always";
        "operator" = {
          "type" = "simple";
          "sensitive" = false;
          "operand" = "process.path";
          "data" = "${pkgs.speechd}/bin/speech-dispatcher";
        };
      };
    };
  };

  environment.systemPackages = [
    pkgs.opensnitch-ui
  ];
}