diff options
| author | Fuwn <[email protected]> | 2024-08-29 20:54:34 -0700 |
|---|---|---|
| committer | Fuwn <[email protected]> | 2024-08-29 20:54:34 -0700 |
| commit | 6ddc25d4e189c30431703f602653b8bae861e4af (patch) | |
| tree | 979cc4d790c3ce8895471d008d61c3e9645acec4 /modules/security.nix | |
| parent | firewall (diff) | |
| download | nixos-config-6ddc25d4e189c30431703f602653b8bae861e4af.tar.xz nixos-config-6ddc25d4e189c30431703f602653b8bae861e4af.zip | |
some stuff
Diffstat (limited to 'modules/security.nix')
| -rw-r--r-- | modules/security.nix | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/modules/security.nix b/modules/security.nix new file mode 100644 index 0000000..b377317 --- /dev/null +++ b/modules/security.nix @@ -0,0 +1,29 @@ +{ + security = { + polkit.enable = true; + auditd.enable = true; + + sudo = { + enable = true; + execWheelOnly = true; + }; + + audit = { + enable = true; + rules = [ "-a exit,always -F arch=b64 -S execve" ]; + }; + + doas = { + enable = true; + extraRules = [ + { + keepEnv = true; + # persist = true; + noPass = true; + + users = [ "ebisu" ]; + } + ]; + }; + }; +} |