opensnitch: init at 1.3.6

Just the daemon and ui programs. It would of course be nice to also have
it available as a NixOS service, but I'd like to leave that as future
work.

3 files changed, 100 insertions, 0 deletions

diff --git a/pkgs/tools/networking/opensnitch/daemon.nix b/pkgs/tools/networking/opensnitch/daemon.nix
new file mode 100644
index 0000000000000..d7359ea0e70c6
--- /dev/null
+++ b/pkgs/tools/networking/opensnitch/daemon.nix
@@ -0,0 +1,50 @@
+{ buildGoModule
+, fetchFromGitHub
+, fetchpatch
+, pkg-config
+, libnetfilter_queue
+, libnfnetlink
+, lib
+}:
+
+buildGoModule rec {
+  pname = "opensnitch";
+  version = "1.3.6";
+
+  src = fetchFromGitHub {
+    owner = "evilsocket";
+    repo = "opensnitch";
+    rev = "v${version}";
+    sha256 = "sha256-Cgo+bVQQeUZuYYhA1WSqlLyQQGAeXbbNno9LS7oNvhI=";
+  };
+
+  patches = [
+    # https://github.com/evilsocket/opensnitch/pull/384 don't require
+    # a configuration file in /etc
+    (fetchpatch {
+      name = "dont-require-config-in-etc.patch";
+      url = "https://github.com/evilsocket/opensnitch/commit/8a3f63f36aa92658217bbbf46d39e6d20b2c0791.patch";
+      sha256 = "sha256-WkwjKTQZppR0nqvRO4xiQoKZ307NvuUwoRx+boIpuTg=";
+    })
+  ];
+
+  modRoot = "daemon";
+
+  postBuild = ''
+    mv $GOPATH/bin/daemon $GOPATH/bin/opensnitchd
+  '';
+
+  vendorSha256 = "sha256-LMwQBFkHg1sWIUITLOX2FZi5QUfOivvrkcl9ELO3Trk=";
+
+  nativeBuildInputs = [ pkg-config ];
+
+  buildInputs = [ libnetfilter_queue libnfnetlink ];
+
+  meta = with lib; {
+    description = "An application firewall";
+    homepage = "https://github.com/evilsocket/opensnitch/wiki";
+    license = licenses.gpl3Only;
+    maintainers = [ maintainers.raboof ];
+    platforms = platforms.linux;
+  };
+}
diff --git a/pkgs/tools/networking/opensnitch/ui.nix b/pkgs/tools/networking/opensnitch/ui.nix
new file mode 100644
index 0000000000000..69b26492282da
--- /dev/null
+++ b/pkgs/tools/networking/opensnitch/ui.nix
@@ -0,0 +1,46 @@
+{ python3Packages
+, fetchFromGitHub
+, wrapQtAppsHook
+, lib
+}:
+
+python3Packages.buildPythonApplication rec {
+  pname = "opensnitch-ui";
+  version = "1.3.6";
+
+  src = fetchFromGitHub {
+    owner = "evilsocket";
+    repo = "opensnitch";
+    rev = "v${version}";
+    sha256 = "sha256-Cgo+bVQQeUZuYYhA1WSqlLyQQGAeXbbNno9LS7oNvhI=";
+  };
+
+  nativeBuildInputs = [ wrapQtAppsHook ];
+
+  propagatedBuildInputs = with python3Packages; [
+    grpcio-tools
+    pyqt5
+    unidecode
+    unicode-slugify
+    pyinotify
+  ];
+
+  preConfigure = ''
+    cd ui
+  '';
+
+  preCheck = ''
+    export PYTHONPATH=opensnitch:$PYTHONPATH
+  '';
+
+  dontWrapQtApps = true;
+  makeWrapperArgs = [ "\${qtWrapperArgs[@]}" ];
+
+  meta = with lib; {
+    description = "An application firewall";
+    homepage = "https://github.com/evilsocket/opensnitch/wiki";
+    license = licenses.gpl3Only;
+    maintainers = [ maintainers.raboof ];
+    platforms = platforms.linux;
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 0bdccaeb3fcd2..aea7cb263d1ef 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -6880,6 +6880,10 @@ in
 
   openfortivpn = callPackage ../tools/networking/openfortivpn { };
 
+  opensnitch = callPackage ../tools/networking/opensnitch/daemon.nix { };
+
+  opensnitch-ui = libsForQt5.callPackage ../tools/networking/opensnitch/ui.nix { };
+
   obexfs = callPackage ../tools/bluetooth/obexfs { };
 
   obexftp = callPackage ../tools/bluetooth/obexftp { };