From 3554ffe4669bc8dec365ec58e0e9568d8dd92b54 Mon Sep 17 00:00:00 2001 From: Adithya Nair Date: Fri, 7 Apr 2023 20:55:19 +0530 Subject: [PATCH] move around the security stuff --- system/default.nix | 29 +---------------------------- system/security.nix | 37 +++++++++++++++++++++++++++++++++++++ system/services/default.nix | 5 ----- 3 files changed, 38 insertions(+), 33 deletions(-) create mode 100644 system/security.nix diff --git a/system/default.nix b/system/default.nix index 433f6c9..5db86d2 100644 --- a/system/default.nix +++ b/system/default.nix @@ -6,6 +6,7 @@ ./persistence.nix ./plymouth.nix ./secureboot.nix + ./security.nix ./virtualisation.nix ]; @@ -66,34 +67,6 @@ wireless.iwd.enable = true; }; - security = { - apparmor = { - enable = true; - enableCache = true; - }; - audit.enable = true; - auditd.enable = true; - pam.u2f = { - enable = true; - authFile = "/etc/u2f_keys"; - cue = true; - }; - polkit.enable = true; - rtkit.enable = true; - tpm2 = { - enable = true; - abrmd.enable = true; - pkcs11.enable = true; - tctiEnvironment.enable = true; - }; - sudo = { - package = pkgs.sudo.override { withInsults = true; }; - extraConfig = '' - Defaults lecture="never" - ''; - wheelNeedsPassword = true; - }; - }; sound.enable = true; time.timeZone = "Asia/Kolkata"; diff --git a/system/security.nix b/system/security.nix new file mode 100644 index 0000000..dc1175e --- /dev/null +++ b/system/security.nix @@ -0,0 +1,37 @@ +{ pkgs, ... }: { + security = { + apparmor = { + enable = true; + enableCache = true; + }; + audit.enable = true; + auditd.enable = true; + pam = { + services = { + passwd.enableGnomeKeyring = true; + login.enableGnomeKeyring = true; + swaylock = { }; + }; + u2f = { + enable = true; + authFile = "/etc/u2f_keys"; + cue = true; + }; + }; + polkit.enable = true; + rtkit.enable = true; + tpm2 = { + enable = true; + abrmd.enable = true; + pkcs11.enable = true; + tctiEnvironment.enable = true; + }; + sudo = { + package = pkgs.sudo.override { withInsults = true; }; + extraConfig = '' + Defaults lecture="never" + ''; + wheelNeedsPassword = true; + }; + }; +} diff --git a/system/services/default.nix b/system/services/default.nix index 9f494c8..2ed7388 100644 --- a/system/services/default.nix +++ b/system/services/default.nix @@ -19,9 +19,4 @@ thermald.enable = true; udisks2.enable = true; }; - security.pam.services = { - passwd.enableGnomeKeyring = true; - login.enableGnomeKeyring = true; - swaylock = { }; - }; }