movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-13 21:50:33 +03:00
Code Activity

nixos/opensnitch: fix eval on non-ebpf ProcMonitorMethod

Browse source
This commit is contained in:
Grimmauld 2024-12-26 18:33:25 +01:00
parent e0be1ad972
commit ec3661ed7a
No known key found for this signature in database
1 changed files with 11 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

16
nixos/modules/services/security/opensnitch.nix
View file

@ -150,7 +150,7 @@ in
};
Ebpf.ModulesPath = lib.mkOption {
type = lib.types.path;
type = lib.types.nullOr lib.types.path;
default =
if cfg.settings.ProcMonitorMethod == "ebpf" then
"${config.boot.kernelPackages.opensnitch-ebpf}/etc/opensnitchd"
@ -202,10 +202,16 @@ in
services.opensnitchd = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = [
""
"${pkgs.opensnitch}/bin/opensnitchd --config-file ${format.generate "default-config.json" cfg.settings}"
];
ExecStart =
let
preparedSettings = removeAttrs cfg.settings (
lib.optional (cfg.settings.ProcMonitorMethod != "ebpf") "Ebpf"
);
in
[
""
"${pkgs.opensnitch}/bin/opensnitchd --config-file ${format.generate "default-config.json" preparedSettings}"
];
};
preStart = lib.mkIf (cfg.rules != { }) (
let