From 40cc61c620c06286eed41304a65322b522161b35 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= <nikodem@rabulinski.com>
Date: Tue, 30 Jan 2024 18:10:40 +0100
Subject: [PATCH] modules/system/common: Disable yama security for interactive
 machines

---
 modules/system/common/default.nix |  1 +
 modules/system/common/user.nix    | 23 +++++++++++++++++++++++
 2 files changed, 24 insertions(+)
 create mode 100644 modules/system/common/user.nix

diff --git a/modules/system/common/default.nix b/modules/system/common/default.nix
index 4182e71..9ee8805 100644
--- a/modules/system/common/default.nix
+++ b/modules/system/common/default.nix
@@ -58,6 +58,7 @@ in {
 
   imports = [
     (import ./hercules.nix {inherit isLinux;})
+    (import ./user.nix {inherit isLinux;})
   ];
 
   config = lib.mkMerge [
diff --git a/modules/system/common/user.nix b/modules/system/common/user.nix
new file mode 100644
index 0000000..9e01c93
--- /dev/null
+++ b/modules/system/common/user.nix
@@ -0,0 +1,23 @@
+{isLinux}: {
+  config,
+  lib,
+  ...
+}: let
+  sharedConfig = {};
+
+  linuxConfig = lib.optionalAttrs isLinux {
+    boot.kernel.sysctl."kernel.yama.ptrace_scope" = 0;
+  };
+
+  darwinConfig = lib.optionalAttrs (!isLinux) {};
+
+  finalConfig = lib.mkMerge [
+    sharedConfig
+    linuxConfig
+    darwinConfig
+  ];
+in {
+  _file = ./user.nix;
+
+  config = lib.mkIf config.settei.user.enable finalConfig;
+}