From 400a367d4ef48564cc85ce61c6d2e3f3a751b0d9 Mon Sep 17 00:00:00 2001
From: Simon Holywell <simon@holywell.com.au>
Date: Mon, 4 Nov 2019 13:56:21 +1000
Subject: adds com.apple.alf

---
 modules/system/defaults/alf.nix | 69 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 69 insertions(+)
 create mode 100644 modules/system/defaults/alf.nix

(limited to 'modules/system/defaults')

diff --git a/modules/system/defaults/alf.nix b/modules/system/defaults/alf.nix
new file mode 100644
index 0000000..f62ead2
--- /dev/null
+++ b/modules/system/defaults/alf.nix
@@ -0,0 +1,69 @@
+{ config, lib, ... }:
+
+with lib;
+
+{
+  options = {
+    system.defaults.alf.globalstate = mkOption {
+      type = types.nullOr types.int;
+      default = null;
+      description = ''
+        # Apple menu > System Preferences > Security and Privacy > Firewall
+        Enable the internal firewall to prevent unauthorised applications, programs
+        and services from accepting incoming connections.
+
+        0 = disabled
+        1 = enabled
+        2 = blocks all connections except for essential services
+      '';
+    };
+
+    system.defaults.alf.allowsignedenabled = mkOption {
+      type = types.nullOr types.int;
+      default = null;
+      description = ''
+        # Apple menu > System Preferences > Security and Privacy > Firewall
+        Allows any signed Application to accept incoming requests. Default is true.
+
+        0 = disabled
+        1 = enabled
+      '';
+    };
+
+    system.defaults.alf.allowdownloadsignedenabled = mkOption {
+      type = types.nullOr types.int;
+      default = null;
+      description = ''
+        # Apple menu > System Preferences > Security and Privacy > Firewall
+        Allows any downloaded Application that has been signed to accept incoming requests. Default is 0.
+
+        0 = disabled
+        1 = enabled
+      '';
+    };
+
+    system.defaults.alf.loggingenabled = mkOption {
+      type = types.nullOr types.int;
+      default = null;
+      description = ''
+        # Apple menu > System Preferences > Security and Privacy > Firewall
+        Enable logging of requests made to the firewall. Default is 0.
+
+        0 = disabled
+        1 = enabled
+      '';
+    };
+
+    system.defaults.alf.stealthenabled = mkOption {
+      type = types.nullOr types.int;
+      default = null;
+      description = ''
+        # Apple menu > System Preferences > Security and firewall
+        Drops incoming requests via ICMP such as ping requests. Default is 0.
+
+        0 = disabled
+        1 = enabled
+      '';
+    };
+  };
+}
-- 
cgit v1.2.3