2025-01-23 22:19:41 +01:00
|
|
|
{ username, ... }:
|
2025-01-10 23:38:56 +01:00
|
|
|
|
|
|
|
|
{
|
2025-01-11 02:00:28 +01:00
|
|
|
programs.gnupg.agent = {
|
2025-01-10 23:38:56 +01:00
|
|
|
enable = true;
|
|
|
|
|
enableSSHSupport = true;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Sudo is scheduled to be replaced by systemd's run0.
|
|
|
|
|
* The blocker for this is persistent authentication support.
|
|
|
|
|
*
|
|
|
|
|
* https://github.com/systemd/systemd/issues/33366
|
|
|
|
|
* https://github.com/polkit-org/polkit/issues/472
|
|
|
|
|
*/
|
|
|
|
|
security.sudo = {
|
|
|
|
|
enable = true;
|
|
|
|
|
execWheelOnly = true;
|
|
|
|
|
extraConfig = ''
|
|
|
|
|
Defaults lecture="never"
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
security.apparmor.enable = true;
|
|
|
|
|
networking.firewall.enable = true;
|
|
|
|
|
|
|
|
|
|
/* Disable the root user */
|
|
|
|
|
users = {
|
|
|
|
|
users.root.hashedPassword = "!";
|
|
|
|
|
mutableUsers = false;
|
|
|
|
|
};
|
2025-01-19 03:05:43 +01:00
|
|
|
|
2025-01-20 00:29:00 +01:00
|
|
|
sops.age.keyFile = "/nix/config/keys.txt";
|
2025-01-23 22:18:37 +01:00
|
|
|
|
|
|
|
|
environment.persistence."/nix/persist" = {
|
|
|
|
|
users."${username}".directories = [
|
|
|
|
|
".ssh"
|
2025-01-23 22:19:41 +01:00
|
|
|
".local/share/gnupg"
|
2025-01-23 22:18:37 +01:00
|
|
|
];
|
|
|
|
|
};
|
2025-01-10 23:38:56 +01:00
|
|
|
}
|
