summaryrefslogtreecommitdiff
path: root/modules/system/defaults
diff options
context:
space:
mode:
Diffstat (limited to 'modules/system/defaults')
-rw-r--r--modules/system/defaults/alf.nix69
1 files changed, 69 insertions, 0 deletions
diff --git a/modules/system/defaults/alf.nix b/modules/system/defaults/alf.nix
new file mode 100644
index 0000000..f62ead2
--- /dev/null
+++ b/modules/system/defaults/alf.nix
@@ -0,0 +1,69 @@
+{ config, lib, ... }:
+
+with lib;
+
+{
+ options = {
+ system.defaults.alf.globalstate = mkOption {
+ type = types.nullOr types.int;
+ default = null;
+ description = ''
+ # Apple menu > System Preferences > Security and Privacy > Firewall
+ Enable the internal firewall to prevent unauthorised applications, programs
+ and services from accepting incoming connections.
+
+ 0 = disabled
+ 1 = enabled
+ 2 = blocks all connections except for essential services
+ '';
+ };
+
+ system.defaults.alf.allowsignedenabled = mkOption {
+ type = types.nullOr types.int;
+ default = null;
+ description = ''
+ # Apple menu > System Preferences > Security and Privacy > Firewall
+ Allows any signed Application to accept incoming requests. Default is true.
+
+ 0 = disabled
+ 1 = enabled
+ '';
+ };
+
+ system.defaults.alf.allowdownloadsignedenabled = mkOption {
+ type = types.nullOr types.int;
+ default = null;
+ description = ''
+ # Apple menu > System Preferences > Security and Privacy > Firewall
+ Allows any downloaded Application that has been signed to accept incoming requests. Default is 0.
+
+ 0 = disabled
+ 1 = enabled
+ '';
+ };
+
+ system.defaults.alf.loggingenabled = mkOption {
+ type = types.nullOr types.int;
+ default = null;
+ description = ''
+ # Apple menu > System Preferences > Security and Privacy > Firewall
+ Enable logging of requests made to the firewall. Default is 0.
+
+ 0 = disabled
+ 1 = enabled
+ '';
+ };
+
+ system.defaults.alf.stealthenabled = mkOption {
+ type = types.nullOr types.int;
+ default = null;
+ description = ''
+ # Apple menu > System Preferences > Security and firewall
+ Drops incoming requests via ICMP such as ping requests. Default is 0.
+
+ 0 = disabled
+ 1 = enabled
+ '';
+ };
+ };
+}
generated by cgit v1.2.3 (git 2.25.1) at 2026-02-17 13:20:32 +0000