From b4a13380121f2e72735294464f0c9648c7b2bec3 Mon Sep 17 00:00:00 2001
From: Stu Small <stuart.alan.small@gmail.com>
Date: Wed, 22 May 2024 17:48:51 -0600
Subject: [PATCH] Re-enable opensnitch

---
 base.nix               | 4 ++++
 bootstrap.sh           | 3 ++-
 modules/opensnitch.nix | 2 +-
 modules/rust.nix       | 5 +++--
 4 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/base.nix b/base.nix
index b739fc5..05e009d 100644
--- a/base.nix
+++ b/base.nix
@@ -17,6 +17,7 @@
   # Set a limit on the number of generations to include in boot
   boot.loader.systemd-boot.configurationLimit = 20;
 
+  # clean tmp directory on boot.  Otherwise this fills up overtime and causes issues
   boot.tmp.cleanOnBoot = true;
 
 
@@ -93,6 +94,9 @@
     operation = "boot";
   };
 
+  # Enable udev settings for yubikey personalization
+  services.udev.packages = [ pkgs.yubikey-personalization ];
+
 
   environment.systemPackages = with pkgs; [
     helix
diff --git a/bootstrap.sh b/bootstrap.sh
index 2e21df7..d208b6a 100755
--- a/bootstrap.sh
+++ b/bootstrap.sh
@@ -38,10 +38,11 @@ done
 
 echo "Setting up channels"
 sudo nix-channel --add https://nixos.org/channels/nixos-23.11 nixos
+sudo nix-channel --add https://nixos.org/channels/nixos-unstable nixos-unstable
 sudo nix-channel --add https://github.com/nix-community/home-manager/archive/release-23.11.tar.gz home-manager
 sudo nix-channel --update
 
 echo "Rebuilding the OS"
 sudo nixos-rebuild boot
 
-echo "All done!"
+echo "All done! Reboot to use updated config"
diff --git a/modules/opensnitch.nix b/modules/opensnitch.nix
index 5d91b9a..791ea73 100644
--- a/modules/opensnitch.nix
+++ b/modules/opensnitch.nix
@@ -11,7 +11,7 @@
 
   # A list of general rules needed no matter how the system is configured
   services.opensnitch = {
-    enable = false;
+    enable = true;
     settings.DefaultAction = "deny";
     rules = {
       rule-000-firefox = {
diff --git a/modules/rust.nix b/modules/rust.nix
index a90bfac..391cb5b 100644
--- a/modules/rust.nix
+++ b/modules/rust.nix
@@ -16,16 +16,17 @@
         operand = "list";
         list = [
           {
-            type = "regex";
+            type = "regexp";
             sensitive = false;
             operand = "process.path";
-            data = "^/home/stusmall/.rustup/toolchains/*/bin/cargo$";
+            data = "^/home/stusmall/.rustup/toolchains/(.*)/bin/cargo$";
           }
           {
             type = "regexp";
             operand = "dest.host";
             sensitive = false;
             data = "^(([a-z0-9|-]+\.)*crates\.io)$";
+            operand = "process.path";
           }
         ];
       };