]> Git — Sourcephile - sourcephile-nix.git/blob - hosts/carotte/security.nix
losurdo: acme: move to LoadCredentialEncrypted=
[sourcephile-nix.git] / hosts / carotte / security.nix
1 { inputs, pkgs, lib, config, ... }:
2 {
3 security.lockKernelModules = false;
4 security.virtualisation.flushL1DataCache = lib.mkForce null;
5 security.gnupg.agent = {
6 keyring."C7BCEA3D090956E7D51E94ADFF53191D9FA89552" = {
7 passwordGpg = "gnupg/root.gpg";
8 passwordFile = "/root/.gnupg.C7BCEA3D090956E7D51E94ADFF53191D9FA89552.txt";
9 };
10 };
11 services.openssh.extraConfig = ''
12 # This is for removing remote gpg-agent's socket
13 StreamLocalBindUnlink yes
14 '';
15 }