use hardened kernel only for some machines

2019-07-10 17:38:47 +01:00 · 2019-07-10 17:38:47 +01:00 · 1e0407f6e6
parent 1f0e5cd347
commit 1e0407f6e6
3 changed files with 5 additions and 1 deletions
--- a/nixos/boxes/foureighty.nix
+++ b/nixos/boxes/foureighty.nix
@ -4,6 +4,7 @@

  networking.hostName = "foureighty";
  boot = {
+    kernelPackages = pkgs.linuxPackages_latest_hardened;
    extraModulePackages = with config.boot.kernelPackages; [ wireguard ];
    initrd.kernelModules = [ "i915" ];
    initrd.availableKernelModules = [
--- a/nixos/boxes/vm.nix
+++ b/nixos/boxes/vm.nix
@ -6,6 +6,10 @@
  services.xserver.desktopManager.plasma5.enable = lib.mkForce false;
  services.xserver.displayManager.sddm.enable = lib.mkForce false;

+  virtualisation.virtualbox.guest.enable = true;
+  virtualisation.virtualbox.guest.x11 = true;
+
+
  imports = [
    <nixpkgs/nixos/modules/installer/virtualbox-demo.nix>
    ../common.nix
--- a/nixos/common.nix
+++ b/nixos/common.nix
@ -105,7 +105,6 @@ in
      hardware.sane.enable = true;
      powerManagement.cpuFreqGovernor = (lib.mkForce null);

-      boot.kernelPackages = pkgs.linuxPackages_latest_hardened;

      nix.gc.automatic = true;
      nix.autoOptimiseStore = true;