From 7b5e114944ba949d5a2d5fe75391d31067159330 Mon Sep 17 00:00:00 2001
From: h7x4 <h7x4@nani.wtf>
Date: Sat, 15 Mar 2025 01:19:33 +0100
Subject: [PATCH] base: use dbus-broker as dbus implementation

---
 base/default.nix       | 3 +++
 base/services/dbus.nix | 7 +++++++
 2 files changed, 10 insertions(+)
 create mode 100644 base/services/dbus.nix

diff --git a/base/default.nix b/base/default.nix
index 8b28c7a..027390b 100644
--- a/base/default.nix
+++ b/base/default.nix
@@ -10,6 +10,7 @@
 
     ./services/acme.nix
     ./services/auto-upgrade.nix
+    ./services/dbus.nix
     ./services/irqbalance.nix
     ./services/logrotate.nix
     ./services/nginx.nix
@@ -48,6 +49,8 @@
 
   programs.zsh.enable = true;
 
+  security.lockKernelModules = true;
+  security.protectKernelImage = true;
   security.sudo.execWheelOnly = true;
   security.sudo.extraConfig = ''
     Defaults lecture = never
diff --git a/base/services/dbus.nix b/base/services/dbus.nix
new file mode 100644
index 0000000..e9409da
--- /dev/null
+++ b/base/services/dbus.nix
@@ -0,0 +1,7 @@
+{ ... }:
+{
+  services.dbus = {
+    enable = true;
+    implementation = "broker";
+  };
+}