From fa7a407bda1b26b413702287f227629af0798f55 Mon Sep 17 00:00:00 2001
From: seth <getchoo@tuta.io>
Date: Wed, 8 Mar 2023 02:57:57 -0500
Subject: another major refactor

---
 profiles/nixos/security.nix | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 profiles/nixos/security.nix

(limited to 'profiles/nixos/security.nix')

diff --git a/profiles/nixos/security.nix b/profiles/nixos/security.nix
new file mode 100644
index 0000000..7ad0069
--- /dev/null
+++ b/profiles/nixos/security.nix
@@ -0,0 +1,32 @@
+{
+  lib,
+  pkgs,
+  ...
+}: {
+  security = {
+    apparmor.enable = lib.mkDefault true;
+    audit.enable = lib.mkDefault true;
+    auditd.enable = lib.mkDefault true;
+    rtkit.enable = true;
+    sudo = {
+      execWheelOnly = true;
+      extraRules = [
+        {
+          users = ["root"];
+          groups = ["root"];
+          commands = ["ALL"];
+        }
+        {
+          users = ["seth"];
+          commands = ["ALL"];
+        }
+      ];
+    };
+    polkit.enable = true;
+  };
+
+  users = {
+    defaultUserShell = pkgs.bash;
+    mutableUsers = false;
+  };
+}
-- 
cgit v1.2.3