nyancat/flake
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

nixos: core: use sudo-rs

Browse source
This commit is contained in:
Guanran Wang 2023-12-25 21:03:49 +08:00
parent cadeefb081
commit fa0e9ccc74
Signed by: nyancat
SSH key fingerprint: SHA256:8oWGKciPALWut/6WA27oFKofX+6Wtc0gQnsefXLQx/8
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
nixos/profiles/core/hardening/default.nix
View file

@ -8,7 +8,8 @@
environment.etc.machine-id.text = "b08dfa6083e7567a1921a715000001fb"; # whonix id environment.etc.machine-id.text = "b08dfa6083e7567a1921a715000001fb"; # whonix id
security.apparmor.enable = true; security.apparmor.enable = true;
security.sudo.execWheelOnly = true; security.sudo-rs.enable = true;
security.sudo-rs.execWheelOnly = true;
boot.blacklistedKernelModules = [ boot.blacklistedKernelModules = [
# Obscure network protocols # Obscure network protocols