grimm-nixos-laptop/hardening/default.nix

{ lib, config, ... }:
{
  imports = [
    ./systemd
    ./ssh-as-sudo.nix
  ];

  specialisation.unhardened.configuration = { };
  services.opensnitch.enable = lib.mkForce false;

  systemd.tpm2.enable = false;
  systemd.enableEmergencyMode = false;
  virtualisation.vswitch.enable = false;
  services.resolved.enable = false;
  security.unprivilegedUsernsClone = true;
}
hardening WIP 2025-01-03 15:57:36 +01:00			`{ lib, config, ... }:`
			`{`
			`imports = [`
systemd network hardening 2025-01-05 13:27:12 +01:00			`./systemd`
hardening WIP 2025-01-03 15:57:36 +01:00			`./ssh-as-sudo.nix`
			`];`

			`specialisation.unhardened.configuration = { };`
			`services.opensnitch.enable = lib.mkForce false;`

			`systemd.tpm2.enable = false;`
			`systemd.enableEmergencyMode = false;`
			`virtualisation.vswitch.enable = false;`
			`services.resolved.enable = false;`
			`security.unprivilegedUsernsClone = true;`
			`}`