Re-enable opensnitch

base.nix

@@ -17,6 +17,7 @@
   # Set a limit on the number of generations to include in boot
   boot.loader.systemd-boot.configurationLimit = 20;
 
+  # clean tmp directory on boot.  Otherwise this fills up overtime and causes issues
   boot.tmp.cleanOnBoot = true;
 
 
@@ -93,6 +94,9 @@
     operation = "boot";
   };
 
+  # Enable udev settings for yubikey personalization
+  services.udev.packages = [ pkgs.yubikey-personalization ];
+
 
   environment.systemPackages = with pkgs; [
     helix

bootstrap.sh

@@ -38,10 +38,11 @@ done
 
 echo "Setting up channels"
 sudo nix-channel --add https://nixos.org/channels/nixos-23.11 nixos
+sudo nix-channel --add https://nixos.org/channels/nixos-unstable nixos-unstable
 sudo nix-channel --add https://github.com/nix-community/home-manager/archive/release-23.11.tar.gz home-manager
 sudo nix-channel --update
 
 echo "Rebuilding the OS"
 sudo nixos-rebuild boot
 
-echo "All done!"
+echo "All done! Reboot to use updated config"

modules/opensnitch.nix

@@ -11,7 +11,7 @@
 
   # A list of general rules needed no matter how the system is configured
   services.opensnitch = {
-    enable = false;
+    enable = true;
     settings.DefaultAction = "deny";
     rules = {
       rule-000-firefox = {

modules/rust.nix

@@ -16,16 +16,17 @@
         operand = "list";
         list = [
           {
-            type = "regex";
+            type = "regexp";
             sensitive = false;
             operand = "process.path";
-            data = "^/home/stusmall/.rustup/toolchains/*/bin/cargo$";
+            data = "^/home/stusmall/.rustup/toolchains/(.*)/bin/cargo$";
           }
           {
             type = "regexp";
             operand = "dest.host";
             sensitive = false;
             data = "^(([a-z0-9|-]+\.)*crates\.io)$";
+            operand = "process.path";
           }
         ];
       };