29 lines
394 B
Nix
Executable file
29 lines
394 B
Nix
Executable file
{
|
|
pkgs,
|
|
config,
|
|
systemd,
|
|
user,
|
|
...
|
|
}:
|
|
{
|
|
|
|
# enabling firejail for sandboxing
|
|
programs.firejail = {
|
|
enable = true;
|
|
};
|
|
|
|
# enabling doas
|
|
security.doas.enable = true;
|
|
security.sudo.enable = false;
|
|
security.doas.extraRules = [
|
|
{
|
|
users = [ user ];
|
|
keepEnv = true;
|
|
persist = true;
|
|
}
|
|
];
|
|
|
|
# setting up a polkit
|
|
security.polkit.enable = true;
|
|
}
|