default.nix
1 { inputs, config, pkgs, lib, hostname, system, ... }: let 2 3 in { 4 imports = [ 5 inputs.agenix.nixosModules.default 6 inputs.agenix-rekey.nixosModules.default 7 inputs.sops-nix.nixosModules.sops 8 9 ./systemd-hardening 10 ./apparmor 11 ./firejail 12 ./usbguard 13 ./hardware 14 ./agenix 15 ./sshd 16 ./pki 17 ./pam 18 ]; 19 20 config = { 21 security = { 22 rtkit.enable = true; 23 sudo = { 24 enable = true; 25 execWheelOnly = true; 26 wheelNeedsPassword = true; 27 }; 28 polkit = { 29 enable = true; 30 adminIdentities = [ 31 "unix-group:wheel" 32 ]; 33 }; 34 }; 35 }; 36 }