machines/losurdo/security.nix

   1 { inputs, pkgs, lib, config, machineName, ... }:
   2 {
   3 security.gnupg.store = inputs.pass + "/machines/${machineName}";
   4 environment.memoryAllocator.provider = "libc";
   5 services.openssh.extraConfig = ''
   6   # This is for removing remote gpg-agent's socket
   7   StreamLocalBindUnlink yes
   8 '';
   9 /*
  10 installer.ssh-nixos = {
  11   PATH = [pkgs.gnupg pkgs.openssh];
  12   sshFlags = [
  13     #"-R" "/var/lib/gnupg/S.gpg-agent.extra:/run/user/1000/gnupg/d.w1sj57hx3zfcwadyxpr6wko9/S.gpg-agent.extra"
  14     #"-o" "StreamLocalBindUnlink=yes"
  15   ];
  16 };
  17 security.wrappers = lib.mkForce {
  18   ping.source = pkgs.inetutils + "/bin/ping";
  19   ping.capabilities = "cap_net_raw+p";
  20 };
  21 */
  22 }