summaryrefslogtreecommitdiff
path: root/modules/nixos/defaults/security.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/nixos/defaults/security.nix')
-rw-r--r--modules/nixos/defaults/security.nix13
1 files changed, 13 insertions, 0 deletions
diff --git a/modules/nixos/defaults/security.nix b/modules/nixos/defaults/security.nix
new file mode 100644
index 0000000..65ce729
--- /dev/null
+++ b/modules/nixos/defaults/security.nix
@@ -0,0 +1,13 @@
+# Much of this is sourced from https://xeiaso.net/blog/paranoid-nixos-2021-07-18/
+{ lib, ... }:
+{
+ security = {
+ apparmor.enable = lib.mkDefault true;
+ audit.enable = lib.mkDefault true;
+ auditd.enable = lib.mkDefault true;
+ polkit.enable = true;
+ sudo.execWheelOnly = true;
+ };
+
+ services.dbus.apparmor = lib.mkDefault "enabled";
+}
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-06 19:10:46 +0000