swaphb/nix-darwin-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add security settings

Browse Source
This commit is contained in:
swaphb
2025-01-07 23:24:08 -05:00
parent 88129add4d
commit 5280c4a21a
2 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
modules/darwin/security/default.nix
View File

@@ -2,4 +2,12 @@
{
# Enable TouchID for PAM auth: you could also place security/pam or other service configs here:
security.pam.enableSudoTouchIdAuth = true;
system.defaults.alf = {
allowsignedenabled = 1; # Allows any signed Application to accept incoming requests. Default is true. 0 = disabled 1 = enabled
allowdownloadsignedenabled = 0; # Allows any signed Application to accept incoming requests. Default is false. 0 = disabled 1 = enabled
globalstate = 1; # Enable the internal firewall to prevent unauthorised applications, programs and services from accepting incoming connections. 0 = disabled 1 = enabled 2 = blocks all connections except for essential services
loggingenabled = 0; # Enable logging of blocked incoming connections. 0 = disabled 1 = enabled
stealthenabled = 1; # Enable stealth mode. This will prevent the computer from responding to ICMP ping requests and will not answer to port scans. 0 = disabled 1 = enabled
};
}