initial commit

2024-07-15 16:20:16 +02:00 · 2024-07-15 16:20:16 +02:00 · 9a935f8431
commit 9a935f8431
27 changed files with 1309 additions and 0 deletions
--- a/modules/programs/harden.nix
+++ b/modules/programs/harden.nix
@ -0,0 +1,10 @@
+{ config, user, sensitive, lib, ... }: {
+  networking.firewall.enable = true;
+
+#  security.sudo.execWheelOnly = true;
+#  security.auditd.enable = true;
+#  security.audit.enable = !config.boot.isContainer;
+
+  # PGP set up.
+  programs.gnupg.agent.enable = true;
+}