From 973a9e27519e7e81e75f871e24415a92db35b0ef Mon Sep 17 00:00:00 2001
From: Henri Dohmen <henri.dohmen@stud.tu-darmstadt.de>
Date: Wed, 7 May 2025 11:16:16 +0200
Subject: [PATCH] security

---
 mod/collections/pc.nix | 1 +
 mod/gpg.nix            | 9 +++++++++
 mod/security.nix       | 9 ++-------
 mod/services.nix       | 1 +
 mod/users.nix          | 2 +-
 5 files changed, 14 insertions(+), 8 deletions(-)
 create mode 100644 mod/gpg.nix

diff --git a/mod/collections/pc.nix b/mod/collections/pc.nix
index b9ea57c..d282331 100644
--- a/mod/collections/pc.nix
+++ b/mod/collections/pc.nix
@@ -4,6 +4,7 @@
     audio
     boot
     fonts
+    gpg
     locale
     network
     nix-configuration
diff --git a/mod/gpg.nix b/mod/gpg.nix
new file mode 100644
index 0000000..2c70357
--- /dev/null
+++ b/mod/gpg.nix
@@ -0,0 +1,9 @@
+{ pkgs, ... }:
+{
+  environment.systemPackages = with pkgs; [ seahorse ];
+  programs.gnupg.agent = {
+    enable = true;
+    enableSSHSupport = true;
+    pinentryPackage = pkgs.pinentry-gtk2;
+  };
+}
diff --git a/mod/security.nix b/mod/security.nix
index 2c70357..dd95a5c 100644
--- a/mod/security.nix
+++ b/mod/security.nix
@@ -1,9 +1,4 @@
-{ pkgs, ... }:
+{ ... }:
 {
-  environment.systemPackages = with pkgs; [ seahorse ];
-  programs.gnupg.agent = {
-    enable = true;
-    enableSSHSupport = true;
-    pinentryPackage = pkgs.pinentry-gtk2;
-  };
+  security.protectKernelImage = true;
 }
diff --git a/mod/services.nix b/mod/services.nix
index c3722ad..ca1f2a3 100644
--- a/mod/services.nix
+++ b/mod/services.nix
@@ -7,4 +7,5 @@
     openFirewall = true;
   };
   services.udisks2.enable = true;
+  services.emacs.enable = true;
 }
diff --git a/mod/users.nix b/mod/users.nix
index cb60ba0..976a281 100644
--- a/mod/users.nix
+++ b/mod/users.nix
@@ -17,7 +17,7 @@
     shell = pkgs.fish;
     packages = [ ];
   };
-
   home-manager.users."hd" = lib.mkAliasDefinitions options.home;
+
   users.users.root.hashedPassword = "!";
 }