dotfiles/hosts/thinkpad/system/security.nix

{
  pkgs,
  config,
  systemd,
  user,
  ...
}:
{

  # enabling firejail for sandboxing
  programs.firejail = {
    enable = true;
  };

  # enabling doas
  security.doas.enable = true;
  security.sudo.enable = false;
  security.doas.extraRules = [
    {
      users = [ user ];
      keepEnv = true;
      persist = true;
    }
  ];

  # setting up a polkit
  security.polkit.enable = true;
}
created files 2024-04-28 11:35:35 +02:00			`{`
overhaul: added new device: thinkpad 2025-01-09 09:34:41 +01:00			`pkgs,`
			`config,`
			`systemd,`
			`user,`
			`...`
			`}:`
			`{`

created files 2024-04-28 11:35:35 +02:00			`# enabling firejail for sandboxing`
			`programs.firejail = {`
			`enable = true;`
			`};`

			`# enabling doas`
			`security.doas.enable = true;`
			`security.sudo.enable = false;`
overhaul: added new device: thinkpad 2025-01-09 09:34:41 +01:00			`security.doas.extraRules = [`
			`{`
			`users = [ user ];`
			`keepEnv = true;`
			`persist = true;`
			`}`
			`];`
created files 2024-04-28 11:35:35 +02:00
overhaul: added new device: thinkpad 2025-01-09 09:34:41 +01:00			`# setting up a polkit`
created files 2024-04-28 11:35:35 +02:00			`security.polkit.enable = true;`
			`}`