From ec3661ed7ace0effe7193e97d6c99f275b4340d3 Mon Sep 17 00:00:00 2001
From: Grimmauld <Grimmauld@grimmauld.de>
Date: Thu, 26 Dec 2024 18:33:25 +0100
Subject: [PATCH] nixos/opensnitch: fix eval on non-ebpf ProcMonitorMethod

---
 nixos/modules/services/security/opensnitch.nix | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/nixos/modules/services/security/opensnitch.nix b/nixos/modules/services/security/opensnitch.nix
index 97700987025d..c56501c98a5f 100644
--- a/nixos/modules/services/security/opensnitch.nix
+++ b/nixos/modules/services/security/opensnitch.nix
@@ -150,7 +150,7 @@ in
             };
 
             Ebpf.ModulesPath = lib.mkOption {
-              type = lib.types.path;
+              type = lib.types.nullOr lib.types.path;
               default =
                 if cfg.settings.ProcMonitorMethod == "ebpf" then
                   "${config.boot.kernelPackages.opensnitch-ebpf}/etc/opensnitchd"
@@ -202,10 +202,16 @@ in
       services.opensnitchd = {
         wantedBy = [ "multi-user.target" ];
         serviceConfig = {
-          ExecStart = [
-            ""
-            "${pkgs.opensnitch}/bin/opensnitchd --config-file ${format.generate "default-config.json" cfg.settings}"
-          ];
+          ExecStart =
+            let
+              preparedSettings = removeAttrs cfg.settings (
+                lib.optional (cfg.settings.ProcMonitorMethod != "ebpf") "Ebpf"
+              );
+            in
+            [
+              ""
+              "${pkgs.opensnitch}/bin/opensnitchd --config-file ${format.generate "default-config.json" preparedSettings}"
+            ];
         };
         preStart = lib.mkIf (cfg.rules != { }) (
           let