help

author: seth <[email protected]> 2023-01-25 20:26:41 -0500
committer: seth <[email protected]> 2023-01-26 03:49:52 -0500
commit: 7608b3701bf43502a9d3e5752b5f4cd9643f126b (patch)
tree: 31e8e43af2effe1a306db6cc3b65171101968698 /hosts/common/security.nix
parent: 7c93704d3d49a7dc3f0067beb80846ca539d392b (diff)
1 files changed, 25 insertions, 18 deletions
diff --git a/hosts/common/security.nix b/hosts/common/security.nix
index f0f3bb9..32c2ff5 100644
--- a/hosts/common/security.nix
+++ b/hosts/common/security.nix
@@ -1,21 +1,28 @@
 _: {
-	security.sudo = {
-		configFile = ''
-			Defaults	env_reset
-			Defaults	secure_path = /run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin
-			Defaults	editor = /run/current-system/sw/bin/vim,!env_editor
-		'';
-		execWheelOnly = true;
-		extraRules = [
-			{
-				users = ["root"];
-				groups = ["root"];
-				commands = ["ALL"];
-			}
-			{
-				users = ["seth"];
-				commands = ["ALL"];
-			}
-		];
+	security = {
+		apparmor.enable = true;
+		audit.enable = true;
+		auditd.enable = true;
+		rtkit.enable = true;
+		sudo = {
+			configFile = ''
+				Defaults	env_reset
+				Defaults	secure_path = /run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin
+				Defaults	editor = /run/current-system/sw/bin/vim,!env_editor
+			'';
+			execWheelOnly = true;
+			extraRules = [
+				{
+					users = ["root"];
+					groups = ["root"];
+					commands = ["ALL"];
+				}
+				{
+					users = ["seth"];
+					commands = ["ALL"];
+				}
+			];
+		};
+		polkit.enable = true;
 	};
 }
author	seth <[email protected]>	2023-01-25 20:26:41 -0500
committer	seth <[email protected]>	2023-01-26 03:49:52 -0500
commit	7608b3701bf43502a9d3e5752b5f4cd9643f126b (patch)
tree	31e8e43af2effe1a306db6cc3b65171101968698 /hosts/common/security.nix
parent	7c93704d3d49a7dc3f0067beb80846ca539d392b (diff)