21 lines
367 B
Nix
Executable file
21 lines
367 B
Nix
Executable file
{ pkgs, config, systemd, ... }:
|
|
{
|
|
|
|
# enabling firejail for sandboxing
|
|
programs.firejail = {
|
|
enable = true;
|
|
};
|
|
|
|
# enabling doas
|
|
security.doas.enable = true;
|
|
security.sudo.enable = false;
|
|
security.doas.extraRules = [{
|
|
users = [ "grape" ];
|
|
keepEnv = true;
|
|
persist = true;
|
|
}];
|
|
|
|
# setting up a polkit
|
|
security.polkit.enable = true;
|
|
}
|