adds com.apple.alf

2019-11-04 13:56:21 +10:00 · 2019-11-04 13:56:21 +10:00 · 400a367d4e
commit 400a367d4e
parent 47a7731943
3 changed files with 73 additions and 1 deletions
--- a/modules/system/defaults/alf.nix
+++ b/modules/system/defaults/alf.nix
@ -0,0 +1,69 @@
+{ config, lib, ... }:
+
+with lib;
+
+{
+  options = {
+    system.defaults.alf.globalstate = mkOption {
+      type = types.nullOr types.int;
+      default = null;
+      description = ''
+        # Apple menu > System Preferences > Security and Privacy > Firewall
+        Enable the internal firewall to prevent unauthorised applications, programs
+        and services from accepting incoming connections.
+
+        0 = disabled
+        1 = enabled
+        2 = blocks all connections except for essential services
+      '';
+    };
+
+    system.defaults.alf.allowsignedenabled = mkOption {
+      type = types.nullOr types.int;
+      default = null;
+      description = ''
+        # Apple menu > System Preferences > Security and Privacy > Firewall
+        Allows any signed Application to accept incoming requests. Default is true.
+
+        0 = disabled
+        1 = enabled
+      '';
+    };
+
+    system.defaults.alf.allowdownloadsignedenabled = mkOption {
+      type = types.nullOr types.int;
+      default = null;
+      description = ''
+        # Apple menu > System Preferences > Security and Privacy > Firewall
+        Allows any downloaded Application that has been signed to accept incoming requests. Default is 0.
+
+        0 = disabled
+        1 = enabled
+      '';
+    };
+
+    system.defaults.alf.loggingenabled = mkOption {
+      type = types.nullOr types.int;
+      default = null;
+      description = ''
+        # Apple menu > System Preferences > Security and Privacy > Firewall
+        Enable logging of requests made to the firewall. Default is 0.
+
+        0 = disabled
+        1 = enabled
+      '';
+    };
+
+    system.defaults.alf.stealthenabled = mkOption {
+      type = types.nullOr types.int;
+      default = null;
+      description = ''
+        # Apple menu > System Preferences > Security and firewall
+        Drops incoming requests via ICMP such as ping requests. Default is 0.
+
+        0 = disabled
+        1 = enabled
+      '';
+    };
+  };
+}