Initial nixos config edits

nixos/security-services.nix

@@ -17,7 +17,7 @@
   security.sudo.enable = false;
   users.users.root.hashedPassword = "!";
   security.tpm2 = {
-    enable = true;
+    enable = false;
     pkcs11.enable = true;
     tctiEnvironment.enable = true;
   };
@@ -32,7 +32,7 @@
 
   security.pam.services = {
     login.enableAppArmor = true;
-    sshd.enableAppArmor = true;
+    # sshd.enableAppArmor = true;
     sudo-rs.enableAppArmor = true;
     su.enableAppArmor = true;
     greetd.enableAppArmor = true;
@@ -40,52 +40,28 @@
   };
 
   services.dbus.apparmor = "enabled";
-  services.fail2ban.enable = true;
+  # services.fail2ban.enable = true;
   # security.polkit.enable = true;
-  programs.browserpass.enable = true;
-  services.clamav = {
-    daemon.enable = true;
-    fangfrisch.enable = true;
-    fangfrisch.interval = "daily";
-    updater.enable = true;
-    updater.interval = "daily"; #man systemd.time
-    updater.frequency = 12;
-  };
+  # programs.browserpass.enable = true;
+  # services.clamav = {
+  #   daemon.enable = true;
+  #   fangfrisch.enable = true;
+  #   fangfrisch.interval = "daily";
+  #   updater.enable = true;
+  #   updater.interval = "daily"; #man systemd.time
+  #   updater.frequency = 12;
+  # };
   programs.firejail = {
     enable = true;
     wrappedBinaries = { 
-      mpv = {
-        executable = "${lib.getBin pkgs.mpv}/bin/mpv";
-        profile = "${pkgs.firejail}/etc/firejail/mpv.profile";
-      };
-      imv = {
-        executable = "${lib.getBin pkgs.imv}/bin/imv";
-        profile = "${pkgs.firejail}/etc/firejail/imv.profile";
-      };
-      zathura = {
-        executable = "${lib.getBin pkgs.zathura}/bin/zathura";
-        profile = "${pkgs.firejail}/etc/firejail/zathura.profile";
-      };
-      discord = {
-        executable = "${lib.getBin pkgs.discord}/bin/discord";
-        profile = "${pkgs.firejail}/etc/firejail/discord.profile";
-      };
-      slack = {
-        executable = "${lib.getBin pkgs.slack}/bin/slack";
-        profile = "${pkgs.firejail}/etc/firejail/slack.profile";
+      vlc = {
+        executable = "${lib.getBin pkgs.vlc}/bin/vlc";
+        profile = "${pkgs.firejail}/etc/firejail/vlc.profile";
       };
       telegram-desktop = {
         executable = "${lib.getBin pkgs.tdesktop}/bin/telegram-desktop";
         profile = "${pkgs.firejail}/etc/firejail/telegram-desktop.profile";
       };
-      brave = {
-        executable = "${lib.getBin pkgs.brave}/bin/brave";
-        profile = "${pkgs.firejail}/etc/firejail/brave.profile";
-      };
-      qutebrowser = {
-        executable = "${lib.getBin pkgs.qutebrowser}/bin/qutebrowser";
-        profile = "${pkgs.firejail}/etc/firejail/qutebrowser.profile";
-      };
       thunar = {
         executable = "${lib.getBin pkgs.xfce.thunar}/bin/thunar";
         profile = "${pkgs.firejail}/etc/firejail/thunar.profile";
@@ -99,7 +75,7 @@
 
   environment.systemPackages = with pkgs; [
     vulnix       #scan command: vulnix --system
-    clamav       #scan command: sudo freshclam; clamscan [options] [file/directory/-]
+    # clamav       #scan command: sudo freshclam; clamscan [options] [file/directory/-]
     chkrootkit   #scan command: sudo chkrootkit
 
     # passphrase2pgp