hosts/carotte/security.nix

   1 { lib, ... }:
   2 {
   3   security.lockKernelModules = false;
   4   security.virtualisation.flushL1DataCache = lib.mkForce null;
   5   /*
   6   security.gnupg.agent = {
   7     keyring."C7BCEA3D090956E7D51E94ADFF53191D9FA89552" = {
   8       passwordGpg = "gnupg/root.gpg";
   9       passwordFile = "/root/.gnupg.C7BCEA3D090956E7D51E94ADFF53191D9FA89552.txt";
  10     };
  11   };
  12   services.openssh.extraConfig = ''
  13     # This is for removing remote gpg-agent's socket
  14     StreamLocalBindUnlink yes
  15   '';
  16   */
  17 }