programs.tirith.enable
Whether to enable Tirith, a shell security monitor.
Type: boolean
Default:
false
Example:
true
Declared by:
programs.tirith.enableBashIntegration
Whether to enable Bash integration.
Type: boolean
Example:
false
Declared by:
programs.tirith.enableFishIntegration
Whether to enable Fish integration.
Type: boolean
Example:
false
Declared by:
programs.tirith.enableZshIntegration
Whether to enable Zsh integration.
Type: boolean
Example:
false
Declared by:
programs.tirith.package
The tirith package to use.
Type: package
Default:
pkgs.tirith
Declared by:
programs.tirith.allowlist
List of allowed domains that bypass Tirith analysis.
Written to $XDG_CONFIG_HOME/tirith/allowlist.
Type: list of string
Default:
[ ]
Example:
[
"localhost"
]
Declared by:
programs.tirith.policy
Tirith policy configuration.
Written to $XDG_CONFIG_HOME/tirith/policy.yaml.
See https://github.com/sheeki03/tirith/blob/main/docs/cookbook.md for policy examples.
Type: YAML 1.1 value
Default:
{ }
Example:
{
allow_bypass = true;
fail_mode = "open";
severity_overrides = {
docker_untrusted_registry = "CRITICAL";
};
version = 1;
}
Declared by: