desktop-2024-10-31-13-41-42

configs/user.nix

@@ -1,4 +1,18 @@
 { config, pkgs, lib, inputs, ... }:
+let
+  serviceConfig = {
+    MountAPIVFS = true;
+    PrivateTmp = true;
+    PrivateUsers = true;
+    ProtectKernelModules = true;
+    PrivateDevices = true;
+    ProtectControlGroups = true;
+    ProtectHome = true;
+    ProtectKernelTunables = true;
+    ProtectSystem = "full";
+    RestrictSUIDSGID = true;
+  };
+in
 {
   imports = [
     inputs.home-manager.nixosModules.home-manager
@@ -15,6 +29,7 @@
 
     users.alex = {
       isNormalUser = true;
+      uid = 1000;
       # hashedPassword = secrets.hashedPassword;
       hashedPasswordFile = config.sops.secrets.hashedPassword.path;
       extraGroups = [
@@ -36,6 +51,11 @@
     };
   };
 
+  systemd.services = {
+    alex.serviceConfig = serviceConfig;
+    root.serviceConfig = serviceConfig;
+  };
+
   programs = {
     zsh.enable = true;
     nix-ld.enable = true;