hardening

Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>
2026-05-20 05:12:34 +02:00 · 2026-04-11 11:27:39 +02:00
parent 28b7923e47
commit 2326857f65
6 changed files with 59 additions and 9 deletions
@@ -6,6 +6,11 @@
 }: let
  autoGarbageCollector = config.var.autoGarbageCollector;
 in {
+  # Ask for password once per SSH session (tied to the tty, expires when session closes)
+  security.sudo.extraConfig = ''
+    Defaults timestamp_type=tty,timestamp_timeout=-1
+  '';
+
  security.sudo.extraRules = [
    {
      users = [config.var.username];
@@ -19,7 +24,7 @@ in {
  ];
  nixpkgs.config = {
    allowUnfree = true;
-    allowBroken = true;
+    allowBroken = false;
  };
  nix = {
    nixPath = ["nixpkgs=${inputs.nixpkgs}"];