1766606163

configuration.nix

@@ -3,7 +3,7 @@
 {
   imports = [
     ./hardware-configuration.nix
-    
+
     # Import Modules
     ./modules/boot.nix
     ./modules/networking.nix

modules/security.nix

@@ -17,7 +17,6 @@
 
   security.apparmor = {
     enable = true;
-    killUnconfinedConfinables = true;
   };
 
   services.fail2ban = {
@@ -50,7 +49,6 @@
     "kernel.kptr_restrict" = 2;
     "kernel.perf_event_paranoid" = 3;
     "kernel.yama.ptrace_scope" = 1;
-    "kernel.unprivileged_bpf_disabled" = 1;
     "kernel.sysrq" = 0;
     "kernel.randomize_va_space" = 2;
     "kernel.kexec_load_disabled" = 1;

modules/services.nix

@@ -11,13 +11,13 @@
       PasswordAuthentication = false;
       KbdInteractiveAuthentication = false;
       PermitEmptyPasswords = false;
-      
+
       # Security hardening
       X11Forwarding = false;
       AllowTcpForwarding = false;
       AllowAgentForwarding = false;
       AllowStreamLocalForwarding = false;
-      
+
       # Session settings
       ClientAliveInterval = 300;
       ClientAliveCountMax = 2;
@@ -57,4 +57,6 @@
 
   services.avahi.publish.enable = true;
   services.avahi.publish.userServices = true;
+
+  services.gnome.gnome-remote-desktop.enable = true;
 }