FIx warnings after upgrade

This commit is contained in:
Cyryl Płotnicki 2022-06-03 21:45:58 +01:00
parent 17b9ca2b7c
commit 0d19744a99
5 changed files with 13 additions and 7 deletions

View file

@ -6,6 +6,7 @@
./tailscale-vpsfree1.nix
../cli.nix
../../server-security.nix
../../server-common.nix
../../tailscale.nix
];
@ -18,4 +19,3 @@
nix.buildCores = 7;
}

View file

@ -11,6 +11,7 @@
./snowflake.nix
../cli.nix
../../server-security.nix
../../server-common.nix
../../tailscale.nix
];

View file

@ -1,14 +1,18 @@
{ config, pkgs, lib, ... }: {
networking.firewall.checkReversePath = "loose";
networking.firewall.enable = true;
nix.allowedUsers = [ "@users" ];
security.lockKernelModules = false;
security.protectKernelImage = true;
security.forcePageTableIsolation = true;
security.virtualisation.flushL1DataCache = "always";
security.apparmor.enable = true;
security.apparmor.killUnconfinedConfinables = true;
networking.firewall.enable = true;
security.forcePageTableIsolation = true;
security.lockKernelModules = false;
security.protectKernelImage = true;
security.virtualisation.flushL1DataCache = "always";
services.clamav.daemon.enable = true;
services.clamav.updater.enable = true;
boot.kernelParams =
[ "slub_debug=FZP" "page_poison=1" "page_alloc.shuffle=1" ];

1
nixos/server-common.nix Normal file
View file

@ -0,0 +1 @@
{ config, pkgs, ... }: { system.stateVersion = "22.05"; }

View file

@ -8,7 +8,7 @@ let
];
in {
imports = [ ./security.nix ];
security.acme.email = "admin@cyplo.dev";
security.acme.defaults.email = "admin@cyplo.dev";
security.acme.acceptTerms = true;
services.fail2ban.enable = true;