31 lines
694 B
Nix
31 lines
694 B
Nix
{
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
{
|
|
imports = [
|
|
./systemd
|
|
./ssh-as-sudo.nix
|
|
./apparmor
|
|
./opensnitch
|
|
./security.nix
|
|
./encrypt-dns.nix
|
|
];
|
|
|
|
specialisation.unhardened.configuration = {
|
|
services.opensnitch.enable = lib.mkForce false;
|
|
security.apparmor.enable = lib.mkForce false;
|
|
};
|
|
#
|
|
|
|
systemd.tpm2.enable = false;
|
|
systemd.enableEmergencyMode = false;
|
|
virtualisation.vswitch.enable = false;
|
|
services.resolved.enable = false;
|
|
security.unprivilegedUsernsClone = true;
|
|
security.apparmor.enable = true;
|
|
security.allowSimultaneousMultithreading = true;
|
|
environment.defaultPackages = lib.mkForce [ ];
|
|
environment.systemPackages = with pkgs; [ nano ];
|
|
}
|