configuration.nix/hosts/skipper/security.nix

{pkgs, ...}: {
  security = {
    apparmor = {
      enable = true;
      enableCache = true;
    };
    audit.enable = true;
    auditd.enable = true;
    pam = {
      services = {
        passwd.enableGnomeKeyring = true;
        login.enableGnomeKeyring = true;
        swaylock = {};
      };
      u2f = {
        enable = true;
        authFile = "/etc/u2f_keys";
        cue = true;
      };
    };
    polkit.enable = true;
    rtkit.enable = true;
    tpm2 = {
      enable = true;
      abrmd.enable = true;
      pkcs11.enable = true;
      tctiEnvironment.enable = true;
    };
    sudo = {
      package = pkgs.sudo.override {withInsults = true;};
      extraConfig = ''
        Defaults lecture="never"
      '';
      wheelNeedsPassword = true;
    };
  };
}
reformat with alejandra 2023-05-18 16:11:26 +05:30			`{pkgs, ...}: {`
move around the security stuff 2023-04-07 20:55:19 +05:30			`security = {`
			`apparmor = {`
			`enable = true;`
			`enableCache = true;`
			`};`
			`audit.enable = true;`
			`auditd.enable = true;`
			`pam = {`
			`services = {`
			`passwd.enableGnomeKeyring = true;`
			`login.enableGnomeKeyring = true;`
reformat with alejandra 2023-05-18 16:11:26 +05:30			`swaylock = {};`
move around the security stuff 2023-04-07 20:55:19 +05:30			`};`
			`u2f = {`
			`enable = true;`
			`authFile = "/etc/u2f_keys";`
			`cue = true;`
			`};`
			`};`
			`polkit.enable = true;`
			`rtkit.enable = true;`
			`tpm2 = {`
			`enable = true;`
			`abrmd.enable = true;`
			`pkcs11.enable = true;`
			`tctiEnvironment.enable = true;`
			`};`
			`sudo = {`
reformat with alejandra 2023-05-18 16:11:26 +05:30			`package = pkgs.sudo.override {withInsults = true;};`
move around the security stuff 2023-04-07 20:55:19 +05:30			`extraConfig = ''`
			`Defaults lecture="never"`
			`'';`
			`wheelNeedsPassword = true;`
			`};`
			`};`
			`}`