modules/system/common: Disable yama security for interactive machines

modules/system/common/default.nix

@@ -58,6 +58,7 @@ in {
 
   imports = [
     (import ./hercules.nix {inherit isLinux;})
+    (import ./user.nix {inherit isLinux;})
   ];
 
   config = lib.mkMerge [

modules/system/common/user.nix

@@ -0,0 +1,23 @@
+{isLinux}: {
+  config,
+  lib,
+  ...
+}: let
+  sharedConfig = {};
+
+  linuxConfig = lib.optionalAttrs isLinux {
+    boot.kernel.sysctl."kernel.yama.ptrace_scope" = 0;
+  };
+
+  darwinConfig = lib.optionalAttrs (!isLinux) {};
+
+  finalConfig = lib.mkMerge [
+    sharedConfig
+    linuxConfig
+    darwinConfig
+  ];
+in {
+  _file = ./user.nix;
+
+  config = lib.mkIf config.settei.user.enable finalConfig;
+}