Enable audit on server systems only

hosts/common.nix

@@ -18,16 +18,7 @@
   
   console.keyMap = "uk";
 
-  security = {
+  security.sudo.execWheelOnly = true;
-    auditd.enable = true;
-    audit = {
-      enable = true;
-      rules = [
-        "-a exit,always -F arch=b64 -S execve"
-      ];
-    };
-    sudo.execWheelOnly = true;
-  };
 
   services.openssh = {
     enable = true;

hosts/server.nix

@@ -7,6 +7,16 @@
 
   documentation.enable = false;
 
+  security = {
+    auditd.enable = true;
+    audit = {
+      enable = true;
+      rules = [
+        "-a exit,always -F arch=b64 -S execve"
+      ];
+    };
+  };
+
   modules.networking.tailscale = {
     enable = true;
     restrictSSH = false;