blob: 403cfa5e8e0c8dc49b19efce3b2feddcc1d91cc6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
{
lib,
pkgs,
...
}: let
inherit (lib) mkDefault;
in {
security = {
apparmor.enable = mkDefault true;
audit.enable = mkDefault true;
auditd.enable = mkDefault true;
polkit.enable = mkDefault true;
rtkit.enable = mkDefault true;
sudo.execWheelOnly = true;
};
services.dbus.apparmor = mkDefault "enabled";
users = {
defaultUserShell = pkgs.bash;
mutableUsers = false;
};
nix.settings = {
allowed-users = ["root" "@wheel"];
trusted-users = ["root"];
};
}
|
