]> Git — Sourcephile - sourcephile-nix.git/blob - machines/losurdo/security.nix
nftables: harden input checks on mermet
[sourcephile-nix.git] / machines / losurdo / security.nix
1 { flakes, pkgs, lib, config, machineName, ... }:
2 let
3 inherit (config.security) gnupg;
4 rootKey = "root/key";
5 keygrip = "9AA84E6F6D71F9163C46BF396B141A0806219077";
6 in
7 {
8 security.gnupg.store = flakes.pass + "/machines/${machineName}";
9 environment.memoryAllocator.provider = "libc";
10 services.openssh.extraConfig = ''
11 # This is for removing remote gpg-agent's socket
12 StreamLocalBindUnlink yes
13 '';
14 /*
15 installer.ssh-nixos = {
16 PATH = [pkgs.gnupg pkgs.openssh];
17 sshFlags = [
18 #"-R" "/var/lib/gnupg/S.gpg-agent.extra:/run/user/1000/gnupg/d.w1sj57hx3zfcwadyxpr6wko9/S.gpg-agent.extra"
19 #"-o" "StreamLocalBindUnlink=yes"
20 ];
21 };
22 */
23 }