From a091fb2a691e3c91a3d584286606e1e04aff3cfd Mon Sep 17 00:00:00 2001
From: Jordan Holt <jordan@vimium.com>
Date: Sat, 20 Jan 2024 15:46:15 +0000
Subject: [PATCH] Enable audit on server systems only

---
 hosts/common.nix | 11 +----------
 hosts/server.nix | 10 ++++++++++
 2 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/hosts/common.nix b/hosts/common.nix
index 69ba270..82f48b3 100644
--- a/hosts/common.nix
+++ b/hosts/common.nix
@@ -18,16 +18,7 @@
   
   console.keyMap = "uk";
 
-  security = {
-    auditd.enable = true;
-    audit = {
-      enable = true;
-      rules = [
-        "-a exit,always -F arch=b64 -S execve"
-      ];
-    };
-    sudo.execWheelOnly = true;
-  };
+  security.sudo.execWheelOnly = true;
 
   services.openssh = {
     enable = true;
diff --git a/hosts/server.nix b/hosts/server.nix
index 2dde15b..623b1f5 100644
--- a/hosts/server.nix
+++ b/hosts/server.nix
@@ -7,6 +7,16 @@
 
   documentation.enable = false;
 
+  security = {
+    auditd.enable = true;
+    audit = {
+      enable = true;
+      rules = [
+        "-a exit,always -F arch=b64 -S execve"
+      ];
+    };
+  };
+
   modules.networking.tailscale = {
     enable = true;
     restrictSSH = false;