modules/security/default.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

{
  config,
  lib,
  ...
}:
{
  imports = [
    ./apparmor.nix
    ./audit.nix
    ./doas.nix
    ./kernel.nix
    ./pam.nix
    ./pki.nix
    ./polkit.nix
    ./sudo.nix
  ];

  security = {
    rtkit.enable = lib.modules.mkForce config.services.pipewire.enable;
    virtualisation.flushL1DataCache = "always";
  };

  programs.firejail.enable = true;
}