A huge part of what won me over to NixOS is the integration with OpenSnitch. The idea of having stable reliable application level firewall rules that updated in lock step with packages updating sounded like I dream. Overall it has been fantastic, but I’ve consistently had issues writing regex rules.
NixOS lets you declare a JSON value for a rule. It is then written out to disk as a JSON file. OpenSnitch you write regex to match various properties like the file path, destination host, etc. For the life of me I couldn’t get just \. to appear in a rule. \. becomes .. \\. because \\.. Eventually I found this issue: `builtins.toJSON` impossible to create single backslash followed by certain characters · Issue #10082 · NixOS/nix · GitHub
So my question is, is there any work around for this? I was thinking of making string templates for the rules to work around this restriction but that seems like a fair amount of work and wonky. Is an upstream fix possible in a future major release? Am I missing something very obvious to get around this? Maybe a regex trick to avoid ever needing to escape a dot?