liv/nixos-config
1
0
Fork 0
mirror of https://github.com/Ahwxorg/nixos-config.git synced 2025-12-04 06:50:14 +01:00
Code Issues 1 Projects Releases Packages Wiki Activity Actions

feat: harden sudo configuration a little bit

Browse source
This commit is contained in:
Ahwx 2025-07-27 21:06:47 +02:00
parent 0cbf189fa5
commit 0ed60a4352
1 changed files with 9 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

10
modules/core/security.nix
View file

@ -8,9 +8,17 @@
security = { security = {
rtkit.enable = true; rtkit.enable = true;
pam.services.swaylock = { }; pam.services.swaylock = { };
auditd.enable = true;
audit = {
enable = true;
rules = [
"-a exit,always -F arch=b64 -S execve"
];
};
sudo = { sudo = {
enable = true; enable = true;
execWheelOnly = true;
extraRules = [ extraRules = [
{ {
groups = [ "wheel" ]; groups = [ "wheel" ];
@ -20,7 +28,7 @@
options = [ "NOPASSWD" ]; options = [ "NOPASSWD" ];
} }
{ {
command = "/home/liv/.local/src/framework-system/target/debug/framework_tool"; command = "/run/current-system/sw/bin/framework_tool --privacy";
options = [ "NOPASSWD" ]; options = [ "NOPASSWD" ];
} }
]; ];