nixos/modules/security/auditd.nix at 23.05-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / modules / security / auditd.nix

at 23.05-pre 751 B view raw

 1{ config, lib, pkgs, ... }:
 2
 3with lib;
 4
 5{
 6  options.security.auditd.enable = mkEnableOption (lib.mdDoc "the Linux Audit daemon");
 7
 8  config = mkIf config.security.auditd.enable {
 9    boot.kernelParams = [ "audit=1" ];
10
11    environment.systemPackages = [ pkgs.audit ];
12
13    systemd.services.auditd = {
14      description = "Linux Audit daemon";
15      wantedBy = [ "basic.target" ];
16
17      unitConfig = {
18        ConditionVirtualization = "!container";
19        ConditionSecurity = [ "audit" ];
20        DefaultDependencies = false;
21      };
22
23      path = [ pkgs.audit ];
24
25      serviceConfig = {
26        ExecStartPre="${pkgs.coreutils}/bin/mkdir -p /var/log/audit";
27        ExecStart = "${pkgs.audit}/bin/auditd -l -n -s nochange";
28      };
29    };
30  };
31}