hosts/carotte/security.nix

   1 { inputs, pkgs, lib, config, ... }:
   2 {
   3 security.lockKernelModules = false;
   4 security.virtualisation.flushL1DataCache = lib.mkForce null;
   5 security.gnupg.agent = {
   6   keyring."C7BCEA3D090956E7D51E94ADFF53191D9FA89552" = {
   7     passwordGpg = "gnupg/root.gpg";
   8   };
   9 };
  10 services.openssh.extraConfig = ''
  11   # This is for removing remote gpg-agent's socket
  12   StreamLocalBindUnlink yes
  13 '';
  14 /*
  15 environment.systemPackages = [
  16   pkgs.tshark
  17 ];
  18 */
  19 }