From 5aafbb0dcb240d674948d485214f39aeda8bcc87 Mon Sep 17 00:00:00 2001 From: Colin Date: Tue, 29 Jul 2025 00:17:53 +0000 Subject: [PATCH] programs/tcpdump: move to own file --- hosts/common/programs/assorted.nix | 5 ----- hosts/common/programs/default.nix | 1 + hosts/common/programs/tcpdump.nix | 8 ++++++++ 3 files changed, 9 insertions(+), 5 deletions(-) create mode 100644 hosts/common/programs/tcpdump.nix diff --git a/hosts/common/programs/assorted.nix b/hosts/common/programs/assorted.nix index dd521caa9..a0923668d 100644 --- a/hosts/common/programs/assorted.nix +++ b/hosts/common/programs/assorted.nix @@ -1179,11 +1179,6 @@ in systemctl.sandbox.capabilities = [ "cap_dac_override" "cap_sys_admin" ]; systemctl.sandbox.keepPidsAndProc = true; - tcpdump.sandbox.net = "all"; - tcpdump.sandbox.autodetectCliPaths = "existingFileOrParent"; - tcpdump.sandbox.capabilities = [ "net_admin" "net_raw" ]; - tcpdump.sandbox.tryKeepUsers = true; - tdesktop.persist.byStore.private = [ ".local/share/TelegramDesktop" ]; tokodon.buildCost = 1; diff --git a/hosts/common/programs/default.nix b/hosts/common/programs/default.nix index f17521be3..dfc8ce955 100644 --- a/hosts/common/programs/default.nix +++ b/hosts/common/programs/default.nix @@ -213,6 +213,7 @@ ./switchboard.nix ./syshud.nix ./tangram.nix + ./tcpdump.nix ./tor-browser.nix ./tuba.nix ./unl0kr diff --git a/hosts/common/programs/tcpdump.nix b/hosts/common/programs/tcpdump.nix new file mode 100644 index 000000000..accca00a0 --- /dev/null +++ b/hosts/common/programs/tcpdump.nix @@ -0,0 +1,8 @@ +{ ... }: { + sane.programs.tcpdump = { + sandbox.net = "all"; + sandbox.autodetectCliPaths = "existingFileOrParent"; + sandbox.capabilities = [ "net_admin" "net_raw" ]; + sandbox.tryKeepUsers = true; + }; +}