summaryrefslogtreecommitdiff
path: root/hosts/common/security.nix
diff options
context:
space:
mode:
Diffstat (limited to 'hosts/common/security.nix')
-rw-r--r--hosts/common/security.nix43
1 files changed, 25 insertions, 18 deletions
diff --git a/hosts/common/security.nix b/hosts/common/security.nix
index f0f3bb9..32c2ff5 100644
--- a/hosts/common/security.nix
+++ b/hosts/common/security.nix
@@ -1,21 +1,28 @@
_: {
- security.sudo = {
- configFile = ''
- Defaults env_reset
- Defaults secure_path = /run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin
- Defaults editor = /run/current-system/sw/bin/vim,!env_editor
- '';
- execWheelOnly = true;
- extraRules = [
- {
- users = ["root"];
- groups = ["root"];
- commands = ["ALL"];
- }
- {
- users = ["seth"];
- commands = ["ALL"];
- }
- ];
+ security = {
+ apparmor.enable = true;
+ audit.enable = true;
+ auditd.enable = true;
+ rtkit.enable = true;
+ sudo = {
+ configFile = ''
+ Defaults env_reset
+ Defaults secure_path = /run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin
+ Defaults editor = /run/current-system/sw/bin/vim,!env_editor
+ '';
+ execWheelOnly = true;
+ extraRules = [
+ {
+ users = ["root"];
+ groups = ["root"];
+ commands = ["ALL"];
+ }
+ {
+ users = ["seth"];
+ commands = ["ALL"];
+ }
+ ];
+ };
+ polkit.enable = true;
};
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-06 16:57:33 +0000