movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-14 06:00:33 +03:00
Code Activity

nixos/opensnitch: fix eval on non-ebpf ProcMonitorMethod

Browse source
This commit is contained in:
Grimmauld 2024-12-26 18:33:25 +01:00
parent e0be1ad972
commit ec3661ed7a
No known key found for this signature in database
1 changed files with 11 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

16
nixos/modules/services/security/opensnitch.nix
View file

@ -150,7 +150,7 @@ in
}; };
Ebpf.ModulesPath = lib.mkOption { Ebpf.ModulesPath = lib.mkOption {
type = lib.types.path; type = lib.types.nullOr lib.types.path;
default = default =
if cfg.settings.ProcMonitorMethod == "ebpf" then if cfg.settings.ProcMonitorMethod == "ebpf" then
"${config.boot.kernelPackages.opensnitch-ebpf}/etc/opensnitchd" "${config.boot.kernelPackages.opensnitch-ebpf}/etc/opensnitchd"
@ -202,10 +202,16 @@ in
services.opensnitchd = { services.opensnitchd = {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig = { serviceConfig = {
ExecStart = [ ExecStart =
"" let
"${pkgs.opensnitch}/bin/opensnitchd --config-file ${format.generate "default-config.json" cfg.settings}" preparedSettings = removeAttrs cfg.settings (
]; lib.optional (cfg.settings.ProcMonitorMethod != "ebpf") "Ebpf"
);
in
[
""
"${pkgs.opensnitch}/bin/opensnitchd --config-file ${format.generate "default-config.json" preparedSettings}"
];
}; };
preStart = lib.mkIf (cfg.rules != { }) ( preStart = lib.mkIf (cfg.rules != { }) (
let let