2023-08-13 17:00:41 +01:00
|
|
|
{
|
|
|
|
|
config,
|
|
|
|
|
pkgs,
|
|
|
|
|
lib,
|
|
|
|
|
...
|
|
|
|
|
}: {
|
|
|
|
|
fileSystems."/".options = ["noatime" "nodiratime" "discard"];
|
2019-04-21 10:18:35 +01:00
|
|
|
|
2023-01-05 23:28:34 +00:00
|
|
|
hardware.enableRedistributableFirmware = lib.mkDefault true;
|
2019-04-21 10:18:35 +01:00
|
|
|
boot = {
|
2019-07-06 08:55:20 +01:00
|
|
|
kernel.sysctl = {
|
2019-08-24 10:34:08 +01:00
|
|
|
"max_user_watches" = 524288;
|
2019-12-24 19:13:52 +00:00
|
|
|
"kernel.dmesg_restrict" = true;
|
|
|
|
|
"kernel.unprivileged_bpf_disabled" = true;
|
|
|
|
|
"kernel.unprivileged_userns_clone" = 1;
|
|
|
|
|
"net.core.bpf_jit_harden" = true;
|
2019-07-06 08:55:20 +01:00
|
|
|
};
|
2019-04-21 10:18:35 +01:00
|
|
|
};
|
2019-07-06 08:55:20 +01:00
|
|
|
}
|
