cyplo/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

use hardened kernel only for some machines

Browse source
This commit is contained in:
Cyryl Płotnicki 2019-07-10 17:38:47 +01:00
parent 1f0e5cd347
commit 1e0407f6e6
3 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
nixos/boxes/foureighty.nix
View file

@ -4,6 +4,7 @@
networking.hostName = "foureighty"; networking.hostName = "foureighty";
boot = { boot = {
kernelPackages = pkgs.linuxPackages_latest_hardened;
extraModulePackages = with config.boot.kernelPackages; [ wireguard ]; extraModulePackages = with config.boot.kernelPackages; [ wireguard ];
initrd.kernelModules = [ "i915" ]; initrd.kernelModules = [ "i915" ];
initrd.availableKernelModules = [ initrd.availableKernelModules = [

4
nixos/boxes/vm.nix
View file

@ -6,6 +6,10 @@
services.xserver.desktopManager.plasma5.enable = lib.mkForce false; services.xserver.desktopManager.plasma5.enable = lib.mkForce false;
services.xserver.displayManager.sddm.enable = lib.mkForce false; services.xserver.displayManager.sddm.enable = lib.mkForce false;
virtualisation.virtualbox.guest.enable = true;
virtualisation.virtualbox.guest.x11 = true;
imports = [ imports = [
<nixpkgs/nixos/modules/installer/virtualbox-demo.nix> <nixpkgs/nixos/modules/installer/virtualbox-demo.nix>
../common.nix ../common.nix

1
nixos/common.nix
View file

@ -105,7 +105,6 @@ in
hardware.sane.enable = true; hardware.sane.enable = true;
powerManagement.cpuFreqGovernor = (lib.mkForce null); powerManagement.cpuFreqGovernor = (lib.mkForce null);
boot.kernelPackages = pkgs.linuxPackages_latest_hardened;
nix.gc.automatic = true; nix.gc.automatic = true;
nix.autoOptimiseStore = true; nix.autoOptimiseStore = true;