From 5280c4a21ab0d2dae26804f0c4254e0ddc4cf6cf Mon Sep 17 00:00:00 2001 From: swaphb Date: Tue, 7 Jan 2025 23:24:08 -0500 Subject: [PATCH] add security settings --- modules/darwin/security/default.nix | 8 ++++++++ modules/darwin/system/system.nix | 2 ++ 2 files changed, 10 insertions(+) diff --git a/modules/darwin/security/default.nix b/modules/darwin/security/default.nix index 97a2986..6c31d6b 100644 --- a/modules/darwin/security/default.nix +++ b/modules/darwin/security/default.nix @@ -2,4 +2,12 @@ { # Enable TouchID for PAM auth: you could also place security/pam or other service configs here: security.pam.enableSudoTouchIdAuth = true; + + system.defaults.alf = { + allowsignedenabled = 1; # Allows any signed Application to accept incoming requests. Default is true. 0 = disabled 1 = enabled + allowdownloadsignedenabled = 0; # Allows any signed Application to accept incoming requests. Default is false. 0 = disabled 1 = enabled + globalstate = 1; # Enable the internal firewall to prevent unauthorised applications, programs and services from accepting incoming connections. 0 = disabled 1 = enabled 2 = blocks all connections except for essential services + loggingenabled = 0; # Enable logging of blocked incoming connections. 0 = disabled 1 = enabled + stealthenabled = 1; # Enable stealth mode. This will prevent the computer from responding to ICMP ping requests and will not answer to port scans. 0 = disabled 1 = enabled + }; } \ No newline at end of file diff --git a/modules/darwin/system/system.nix b/modules/darwin/system/system.nix index 58ef04a..984599f 100644 --- a/modules/darwin/system/system.nix +++ b/modules/darwin/system/system.nix @@ -18,5 +18,7 @@ enableKeyMapping = true; # Enable key mapping # Set up your keyboard preferences here }; + + system.defaults.WindowManager.EnableStandardClickToShowDesktop = false; # Disable/Enable standard click to show desktop # You can add more Mac defaults here as well... } \ No newline at end of file