From 5ec7ee21e036f7bc1cbdec714271c619cb3fdb3d Mon Sep 17 00:00:00 2001
From: seth <getchoo@tuta.io>
Date: Sun, 27 Oct 2024 20:12:19 -0400
Subject: modules: restructure (#487)

* seth: remove unused pkgs

* modules: restructure

from archetypes back to profiles
make less actual modules for everything
use lib.mkDefault like it's supposed to
move mixins out of server

* nixos/resolved: use modern options
---
 modules/nixos/base/security.nix | 42 -----------------------------------------
 1 file changed, 42 deletions(-)
 delete mode 100644 modules/nixos/base/security.nix

(limited to 'modules/nixos/base/security.nix')

diff --git a/modules/nixos/base/security.nix b/modules/nixos/base/security.nix
deleted file mode 100644
index 66a1e7e..0000000
--- a/modules/nixos/base/security.nix
+++ /dev/null
@@ -1,42 +0,0 @@
-{ config, lib, ... }:
-let
-  cfg = config.base.security;
-in
-{
-  options.base.security = {
-    enable = lib.mkEnableOption "basic security settings" // {
-      default = config.base.enable;
-      defaultText = lib.literalExpression "config.base.enable";
-    };
-
-    apparmor = lib.mkEnableOption "AppArmor support" // {
-      default = true;
-    };
-
-    auditing = lib.mkEnableOption "auditing support" // {
-      default = true;
-    };
-  };
-
-  # much here is sourced from https://xeiaso.net/blog/paranoid-nixos-2021-07-18/
-  config = lib.mkIf cfg.enable (
-    lib.mkMerge [
-      {
-        security = {
-          polkit.enable = true;
-          sudo.execWheelOnly = true;
-        };
-      }
-      (lib.mkIf cfg.auditing {
-        security = {
-          audit.enable = true;
-          auditd.enable = true;
-        };
-      })
-      (lib.mkIf cfg.apparmor {
-        security.apparmor.enable = true;
-        services.dbus.apparmor = lib.mkDefault "enabled";
-      })
-    ]
-  );
-}
-- 
cgit v1.2.3