nftables: retake at ICMPv6 and other stuffs

[sourcephile-nix.git] / machines / mermet / security.nix

{ inputs, pkgs, lib, config, machineName, ... }:
let
  inherit (config.security) gnupg;
  rootKey = "root/key";
  initrdKey = "initrd/ssh.key";
  keygrip = "89F52A879E0019A966503AFFDE72EEA84CDFA3A7";
in
{
security.gnupg.store = inputs.pass + "/machines/${machineName}";
environment.memoryAllocator.provider = "libc";
services.openssh.extraConfig = ''
  StreamLocalBindUnlink yes
'';
}