another major refactor

author: seth <[email protected]> 2023-03-08 02:57:57 -0500
committer: seth <[email protected]> 2023-03-08 15:32:06 -0500
commit: fa7a407bda1b26b413702287f227629af0798f55 (patch)
tree: 38cc9ae1791939a0f92a3f03d37a0249e62cdf1a /profiles/nixos/security.nix
parent: 729db074dc1b93cab10b43119197c8e02a452405 (diff)
1 files changed, 32 insertions, 0 deletions
diff --git a/profiles/nixos/security.nix b/profiles/nixos/security.nix
new file mode 100644
index 0000000..7ad0069
--- /dev/null
+++ b/profiles/nixos/security.nix
@@ -0,0 +1,32 @@
+{
+  lib,
+  pkgs,
+  ...
+}: {
+  security = {
+    apparmor.enable = lib.mkDefault true;
+    audit.enable = lib.mkDefault true;
+    auditd.enable = lib.mkDefault true;
+    rtkit.enable = true;
+    sudo = {
+      execWheelOnly = true;
+      extraRules = [
+        {
+          users = ["root"];
+          groups = ["root"];
+          commands = ["ALL"];
+        }
+        {
+          users = ["seth"];
+          commands = ["ALL"];
+        }
+      ];
+    };
+    polkit.enable = true;
+  };
+
+  users = {
+    defaultUserShell = pkgs.bash;
+    mutableUsers = false;
+  };
+}
author	seth <[email protected]>	2023-03-08 02:57:57 -0500
committer	seth <[email protected]>	2023-03-08 15:32:06 -0500
commit	fa7a407bda1b26b413702287f227629af0798f55 (patch)
tree	38cc9ae1791939a0f92a3f03d37a0249e62cdf1a /profiles/nixos/security.nix
parent	729db074dc1b93cab10b43119197c8e02a452405 (diff)