security: Initial commit

2022-05-13 12:51:12 +02:00 · 2022-05-13 12:51:12 +02:00 · 230335431c
commit 230335431c
parent b8d71e5127
2 changed files with 27 additions and 0 deletions
--- a/modules/default.nix
+++ b/modules/default.nix
@ -47,6 +47,9 @@
    ./virtualisation/default.nix
    ./virtualisation/gaming.nix

+    # Security
+    ./security/apparmor.nix
+    
    # Pure options
    ./base.nix
  ];
--- a/modules/security/apparmor.nix
+++ b/modules/security/apparmor.nix
@ -0,0 +1,24 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.ptw.security.apparmor;
+in {
+  options.ptw.security.apparmor = {
+    enable = lib.mkEnableOption "Enable AppArmor";
+  };
+
+  config = lib.mkIf cfg.enable {
+    environment.systemPackages = with pkgs; [
+      apparmor-bin-utils
+    ];
+
+    services.dbus.apparmor = "enabled";
+    security.apparmor = {
+      enable = true;
+      enableCache = true;
+      includes = {
+        profiles = "${pkgs.apparmor-profiles}/etc/apparmor.d";
+      };
+    };
+  };
+}