From f217128dcc4050843cb226ad686ddd13e33a1ab8 Mon Sep 17 00:00:00 2001
From: caem <me@caem.dev>
Date: Tue, 9 Jul 2024 14:01:37 +0200
Subject: [PATCH] Add some security enhancements at the cost of perf Currently
 experimenting with whether or not it's worth running ClamAV. Realistically
 speaking, I probably don't need it, all my executables are sourced from
 nixpkgs and should be malware free. I don't even know if it scans the store
 or anything. I'm just going to leave it here and forget about it and maybe
 sometime in the future it saves me from something idk.

---
 packages/sets/security.nix | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 packages/sets/security.nix

diff --git a/packages/sets/security.nix b/packages/sets/security.nix
new file mode 100644
index 0000000..667f1b6
--- /dev/null
+++ b/packages/sets/security.nix
@@ -0,0 +1,15 @@
+{ ... }:
+
+{
+  services.clamav = {
+    scanner.enable = true;
+    daemon.enable = true;
+    fangfrisch.enable = true;
+    updater.enable = true;
+  };
+
+  security.apparmor = {
+    enable = true;
+  };
+}
+