1766606163

2025-12-24 12:56:03 -07:00
parent 72afd43933
commit a479ec48f8
3 changed files with 5 additions and 5 deletions
--- a/configuration.nix
+++ b/configuration.nix
@@ -3,7 +3,7 @@
 {
  imports = [
    ./hardware-configuration.nix
-    
+
    # Import Modules
    ./modules/boot.nix
    ./modules/networking.nix
--- a/modules/security.nix
+++ b/modules/security.nix
@@ -17,7 +17,6 @@

  security.apparmor = {
    enable = true;
-    killUnconfinedConfinables = true;
  };

  services.fail2ban = {
@@ -50,7 +49,6 @@
    "kernel.kptr_restrict" = 2;
    "kernel.perf_event_paranoid" = 3;
    "kernel.yama.ptrace_scope" = 1;
-    "kernel.unprivileged_bpf_disabled" = 1;
    "kernel.sysrq" = 0;
    "kernel.randomize_va_space" = 2;
    "kernel.kexec_load_disabled" = 1;
--- a/modules/services.nix
+++ b/modules/services.nix
@@ -11,13 +11,13 @@
      PasswordAuthentication = false;
      KbdInteractiveAuthentication = false;
      PermitEmptyPasswords = false;
-      
+
      # Security hardening
      X11Forwarding = false;
      AllowTcpForwarding = false;
      AllowAgentForwarding = false;
      AllowStreamLocalForwarding = false;
-      
+
      # Session settings
      ClientAliveInterval = 300;
      ClientAliveCountMax = 2;
@@ -57,4 +57,6 @@

  services.avahi.publish.enable = true;
  services.avahi.publish.userServices = true;
+
+  services.gnome.gnome-remote-desktop.enable = true;
 }