diff options
Diffstat (limited to 'profiles/nixos/security.nix')
| -rw-r--r-- | profiles/nixos/security.nix | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/profiles/nixos/security.nix b/profiles/nixos/security.nix new file mode 100644 index 0000000..7ad0069 --- /dev/null +++ b/profiles/nixos/security.nix @@ -0,0 +1,32 @@ +{ + lib, + pkgs, + ... +}: { + security = { + apparmor.enable = lib.mkDefault true; + audit.enable = lib.mkDefault true; + auditd.enable = lib.mkDefault true; + rtkit.enable = true; + sudo = { + execWheelOnly = true; + extraRules = [ + { + users = ["root"]; + groups = ["root"]; + commands = ["ALL"]; + } + { + users = ["seth"]; + commands = ["ALL"]; + } + ]; + }; + polkit.enable = true; + }; + + users = { + defaultUserShell = pkgs.bash; + mutableUsers = false; + }; +} |