From 7608b3701bf43502a9d3e5752b5f4cd9643f126b Mon Sep 17 00:00:00 2001
From: seth <getchoo@tuta.io>
Date: Wed, 25 Jan 2023 20:26:41 -0500
Subject: help

---
 hosts/common/security.nix | 43 +++++++++++++++++++++++++------------------
 1 file changed, 25 insertions(+), 18 deletions(-)

(limited to 'hosts/common/security.nix')

diff --git a/hosts/common/security.nix b/hosts/common/security.nix
index f0f3bb9..32c2ff5 100644
--- a/hosts/common/security.nix
+++ b/hosts/common/security.nix
@@ -1,21 +1,28 @@
 _: {
-	security.sudo = {
-		configFile = ''
-			Defaults	env_reset
-			Defaults	secure_path = /run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin
-			Defaults	editor = /run/current-system/sw/bin/vim,!env_editor
-		'';
-		execWheelOnly = true;
-		extraRules = [
-			{
-				users = ["root"];
-				groups = ["root"];
-				commands = ["ALL"];
-			}
-			{
-				users = ["seth"];
-				commands = ["ALL"];
-			}
-		];
+	security = {
+		apparmor.enable = true;
+		audit.enable = true;
+		auditd.enable = true;
+		rtkit.enable = true;
+		sudo = {
+			configFile = ''
+				Defaults	env_reset
+				Defaults	secure_path = /run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin
+				Defaults	editor = /run/current-system/sw/bin/vim,!env_editor
+			'';
+			execWheelOnly = true;
+			extraRules = [
+				{
+					users = ["root"];
+					groups = ["root"];
+					commands = ["ALL"];
+				}
+				{
+					users = ["seth"];
+					commands = ["ALL"];
+				}
+			];
+		};
+		polkit.enable = true;
 	};
 }
-- 
cgit v1.2.3