Reading through this stack, I was wondering what’s the best nix-way to keep Opensnitch running across hibernates. Currently, Opensnitch dies about half the time after hibernating my laptop.
I currently have the following in configuration.nix:
services.opensnitch.enable = true;
And the following in home.nix:
services.opensnitch-ui.enable = true;
I didn’t find any additional info in the Opensnitch Wiki or the Nixos Wiki: Opensnitch. So I added the following script to my system scripts:
post-hibernate-cpr = pkgs.writeShellScriptBin "post-hibernate-cpr" ''
if ! pgrep -x "opensnitchd" > /dev/null; then
systemctl enable --user --now opensnitch
fi
'';
Then I added the following to to my hyprland config:
bindl = [ ",switch:off:Lid Switch, exec, post-hibernate-cpr" ]
So far, so good. If there’s a better solution that gets to the root cause, please let me know so I can ditch this band-aid.
If you find that it reliably works, I suggest adding it in the official nixos wiki OpenSnitch - NixOS Wiki (not the old nixos.wiki)
unless there is a better solution.
also hibernate - Script that is executed after resuming from hibernation? - Unix & Linux Stack Exchange for a general systemd service instead of something specific to hyprland. Code search results · GitHub
1 Like
Thank you for the reply. If this works, I will definitely try adding it to the wiki.
I’m curious about adding a post hibernate systemd service. A quick search for “00myscript nixos” didn’t return anything. Do you have any recommendations on how to go about trying this.
Also, my system already has a service for opensnitch with Restart=always
. I wonder if this could be a bug with systemd, and if the solution to a systemd problem could really be adding an additional service. Worth a shot, I suppose. It would be a more general solution that would work for other users than my hyprland specific solution.
[Unit]
Description=Application firewall OpenSnitch
Documentation=https://github.com/evilsocket/opensnitch/wiki
[Service]
Type=simple
PermissionsStartOnly=true
ExecStart=/nix/store/66578x0nsgxqkcxrpkhqzcgimf2f0xp5-opensnitch-1.6.6/bin/opensnitchd -rules-path /etc/opensnitchd/rules
Restart=always
RestartSec=30
TimeoutStopSec=10
[Install]
WantedBy=multi-user.target