25 lines
430 B
Nix
25 lines
430 B
Nix
{
|
|
config,
|
|
lib,
|
|
...
|
|
}:
|
|
with lib; {
|
|
options = {
|
|
nixLockdown = {
|
|
enable = mkOption {
|
|
description = "Lockdown Nix";
|
|
default = true;
|
|
example = true;
|
|
type = lib.types.bool;
|
|
};
|
|
};
|
|
};
|
|
config = mkIf config.nixLockdown.enable {
|
|
nix = {
|
|
settings.sandbox = true;
|
|
settings.trusted-users = ["@wheel"];
|
|
settings.allowed-users = ["root" "qbit"];
|
|
};
|
|
};
|
|
}
|