{pkgs, ...}: {
  security = {
    audit = {
      enable = true;

      rules = [
        "-a exit,always -F arch=b64 -S execve"
        # "-w /etc/passwd -p wa -k passwd_changes"
        # "-w /home/tasia -p wa -k home_changes"
      ];
    };

    auditd.enable = true;
  };

  environment.systemPackages = with pkgs; [
    audit
  ];
}