Move and rename some stuff whatever

2024-12-09 23:07:20 -05:00 · 2024-12-09 23:07:20 -05:00 · 7c5ff0253e
commit 7c5ff0253e
parent a0cc623c4b
38 changed files with 53 additions and 127 deletions
--- a/modules/system/settings/security/apparmor/default.nix
+++ b/modules/system/settings/security/apparmor/default.nix
@ -0,0 +1,4 @@
+{ ... }:
+{
+  security.apparmor.enable = true;
+}
--- a/modules/system/settings/security/default.nix
+++ b/modules/system/settings/security/default.nix
@ -0,0 +1,9 @@
+{ ... }:
+{
+  imports = [
+    ./apparmor
+    ./polkit
+    ./privilege
+    ./rtprio
+  ];
+}
--- a/modules/system/settings/security/polkit/default.nix
+++ b/modules/system/settings/security/polkit/default.nix
@ -0,0 +1,7 @@
+{ config, ... }:
+{
+  security = {
+    polkit.enable = config.system.desktop.enable;
+    rtkit.enable = config.system.desktop.enable;
+  };
+}
--- a/modules/system/settings/security/privilege/default.nix
+++ b/modules/system/settings/security/privilege/default.nix
@ -0,0 +1,16 @@
+{ ... }:
+{
+  security = {
+    sudo.enable = false;
+    doas = {
+      enable = true;
+      extraRules = [
+        { # Give wheel root access
+          groups = [ "wheel" ];
+          keepEnv = true;
+          persist = true;
+        }
+      ];
+    };
+  };
+}
--- a/modules/system/settings/security/rtprio/default.nix
+++ b/modules/system/settings/security/rtprio/default.nix
@ -0,0 +1,11 @@
+{ ... }:
+{
+  security.pam.loginLimits = [
+    {
+      domain = "@users";
+      item = "rtprio";
+      type = "-";
+      value = 1;
+    }
+  ];
+}