summaryrefslogtreecommitdiff
path: root/modules/nixos/defaults/security.nix
diff options
context:
space:
mode:
authorseth <[email protected]>2024-10-27 20:12:19 -0400
committerGitHub <[email protected]>2024-10-28 00:12:19 +0000
commit5ec7ee21e036f7bc1cbdec714271c619cb3fdb3d (patch)
tree3277d8ba68ca466e68c58a8373063010db392d2e /modules/nixos/defaults/security.nix
parent75ec48c5f7dd7877f2294b86764b1fdadc6b7e88 (diff)
modules: restructure (#487)
* seth: remove unused pkgs * modules: restructure from archetypes back to profiles make less actual modules for everything use lib.mkDefault like it's supposed to move mixins out of server * nixos/resolved: use modern options
Diffstat (limited to 'modules/nixos/defaults/security.nix')
-rw-r--r--modules/nixos/defaults/security.nix13
1 files changed, 13 insertions, 0 deletions
diff --git a/modules/nixos/defaults/security.nix b/modules/nixos/defaults/security.nix
new file mode 100644
index 0000000..65ce729
--- /dev/null
+++ b/modules/nixos/defaults/security.nix
@@ -0,0 +1,13 @@
+# Much of this is sourced from https://xeiaso.net/blog/paranoid-nixos-2021-07-18/
+{ lib, ... }:
+{
+ security = {
+ apparmor.enable = lib.mkDefault true;
+ audit.enable = lib.mkDefault true;
+ auditd.enable = lib.mkDefault true;
+ polkit.enable = true;
+ sudo.execWheelOnly = true;
+ };
+
+ services.dbus.apparmor = lib.mkDefault "enabled";
+}
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-06 21:43:37 +0000