nix.nix - nixfiles

1 
2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
{
  config,
  lib,
  ...
}:
{

  options.common.security.nix.enable = lib.mkEnableOption "enhanced nix security";

  config = lib.mkIf config.common.security.nix.enable {
    users.groups.nix = { };

    nix.settings.allowed-users = lib.mkForce [
      "@users"
      "@nix"
    ];
  };

}