search

NixOS / nixpkgs

Nix Packages collection & NixOS
MIT License
18.14k stars 14.17k forks source link

Opensnitch missing system-fw.json file #256290

Closed bfcns closed 1 year ago

bfcns commented 1 year ago

Describe the bug

Opensnitch requires system-fw.json file to be placed under /etc/opensnitchd/system-fw.json to be able to enable its System rules/Firewall settings to be active and changeable.

Steps To Reproduce

Steps to reproduce the behavior:

  1. Go to OpenSnitch Statistics
  2. Click to the button on the left navigation window just right of Rules/System Rules.
  3. You cannot change the firewall settings there.
  4. Also the service complains about it.

Expected behavior

Being able to access that windows' setting.

Screenshots

These screenshot shows the corrected version of the window. Screenshot_20230920_065719 Screenshot_20230920_065650

Additional context

Can be solved temporarily with the nixos config below (the file can be found in opensnitch github repo):

  environment.etc."/opensnitchd/system-fw.json" = {
    enable = true;
    source = "/etc/nixos/.nixos/.files/asuspc/system-fw.json";
    target = "opensnitchd/system-fw.json";
  };

Notify maintainers

@onny @ncfavier @happysalada @pennae @raboof @r-ryantm

Metadata

Please run nix-shell -p nix-info --run "nix-info -m" and paste the result.

[~]$ nix-shell -p nix-info --run "nix-info -m"
 - system: `"x86_64-linux"`
 - host os: `Linux 6.5.3, NixOS, 23.11 (Tapir), 23.11.20230917.970a59b`
 - multi-user?: `yes`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.17.0`
 - nixpkgs: `/nix/var/nix/profiles/per-user/root/channels/nixos`
stnert commented 9 months ago

Explain this line to me

source = "/etc/nixos/.nixos/.files/asuspc/system-fw.json";

My hardware wouldn't be "asus" how do I find the directory for that?

onny commented 9 months ago

Explain this line to me

source = "/etc/nixos/.nixos/.files/asuspc/system-fw.json";

My hardware wouldn't be "asus" how do I find the directory for that?

the latest change to the opensnitch module (in unstable) has again a change for deploying the system-fw.json file, see https://github.com/NixOS/nixpkgs/blob/7dfa5ad068902a88b20c16cabdbb534bd6936c38/nixos/modules/services/security/opensnitch.nix#L200 the file comes from the opensnitch package and is linked to /etc/openstnichd/system-fw.json. configuring this file is currently not supported. what would your use case be?