mirror of
https://github.com/ItsDrike/nixdots
synced 2024-12-25 18:24:34 +00:00
65 lines
1.6 KiB
Nix
65 lines
1.6 KiB
Nix
{
|
|
lib,
|
|
config,
|
|
...
|
|
}:
|
|
with lib; let
|
|
inherit (lib) mkEnableOption mkOption literalExpression types;
|
|
in {
|
|
options.myOptions.security.auditd = {
|
|
enable = mkEnableOption "the audit daemon.";
|
|
autoPrune = {
|
|
enable = mkEnableOption ''
|
|
automatic pruning of audit logs.
|
|
|
|
Enabling this is HEAVILY recommended, as audit logs
|
|
can grow very large very quickly.
|
|
'';
|
|
|
|
size = mkOption {
|
|
type = types.int;
|
|
default = 524288000; # roughly 500MB
|
|
description = ''
|
|
The maximum size of the audit log in bytes.
|
|
|
|
The default is 500MB.
|
|
'';
|
|
};
|
|
|
|
schedule = mkOption {
|
|
type = types.str;
|
|
default = "daily";
|
|
example = "weekly";
|
|
description = "How often cleaning is triggered. Passed to systemd.time";
|
|
};
|
|
};
|
|
|
|
extraFiles = mkOption {
|
|
default = [];
|
|
type = types.listOf types.path;
|
|
example = literalExpression ''["/etc/nix/id_rsa"]'';
|
|
description = ''
|
|
Additional files in root to link to persistent storage.
|
|
'';
|
|
};
|
|
|
|
extraDirectories = mkOption {
|
|
default = [];
|
|
type = types.listOf types.path;
|
|
example = literalExpression ''["/etc/nix/id_rsa"]'';
|
|
description = ''
|
|
Additional directories in root to link to persistent storage.
|
|
'';
|
|
};
|
|
|
|
persistentMountPoint = mkOption {
|
|
default = "/persist";
|
|
description = ''
|
|
Path to a persistent directory (usually a mount point to a
|
|
standalone partition / subvolume), which will hold the persistent
|
|
system state files.
|
|
'';
|
|
};
|
|
};
|
|
}
|