blob: a8536a55284b36d09ebaad5f3c6bb399f5350b05 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
{
lib,
pkgs,
...
}: let
inherit (lib) mkDefault;
in {
security = {
apparmor.enable = mkDefault true;
audit.enable = mkDefault true;
auditd.enable = mkDefault true;
polkit.enable = mkDefault true;
rtkit.enable = mkDefault true;
sudo.execWheelOnly = true;
};
services.dbus.apparmor = mkDefault "enabled";
users = {
defaultUserShell = pkgs.bash;
mutableUsers = false;
};
nix.settings = {
trusted-users = mkDefault ["root" "@wheel"];
};
}
|
