reorganization + todo

modules/security.nix

@@ -23,7 +23,7 @@ in {
           # do not accept IP source packets (we are not a router)
           "net.ipv4.conf.all.accept_source_route" = 0;
           "net.ipv6.conf.all.accept_source_route" = 0;
-          # Don't send ICMP redirects (again, we're not a router)
+          # don't send ICMP redirects (again, we're not a router)
           "net.ipv4.conf.all.send_redirects" = 0;
           "net.ipv4.conf.default.send_redirects" = 0;
           # refuse ICMP redirects (MITM mitigations)
@@ -52,8 +52,8 @@ in {
         # prevents replacing the kernel without a reboot
       	protectKernelImage = true;
         # allows unprivileged processes to speak to privileged processes (ex. nmtui, reboot)
-        polkit.enable = true;
       	rtkit.enable = true;
+        polkit.enable = true;
       };
     } // (mkIf cfg.useDoas {
     	security.sudo.enable = false;

readme.md

@@ -25,3 +25,4 @@ before committing, please run `nix flake check` and make sure everything is ok
 - swap back to hardened kernel
 - leverage nixos-hardware
 - somehow add desktop evironments and per-user dotfiles while keeping a multi-user setup - we can always give this up if needed
+- flake-parts