hardened
This commit is contained in:
Cyryl Płotnicki
parent
4551b20c89
commit
c8102cafbe
2 changed files with 3 additions and 1 deletions
|
|
@ -11,7 +11,6 @@
|
||||||
"kernel.dmesg_restrict" = true;
|
"kernel.dmesg_restrict" = true;
|
||||||
"kernel.unprivileged_bpf_disabled" = true;
|
"kernel.unprivileged_bpf_disabled" = true;
|
||||||
"kernel.unprivileged_userns_clone" = 1;
|
"kernel.unprivileged_userns_clone" = 1;
|
||||||
"net.core.bpf_jit_enable" = pkgs.lib.mkDefault false;
|
|
||||||
"net.core.bpf_jit_harden" = true;
|
"net.core.bpf_jit_harden" = true;
|
||||||
};
|
};
|
||||||
loader.grub = {
|
loader.grub = {
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,7 @@ in
|
||||||
{
|
{
|
||||||
imports =
|
imports =
|
||||||
[
|
[
|
||||||
|
<nixpkgs/nixos/modules/profiles/hardened.nix>
|
||||||
./vscode.nix
|
./vscode.nix
|
||||||
./syncthing.nix
|
./syncthing.nix
|
||||||
./gsconnect.nix
|
./gsconnect.nix
|
||||||
|
|
@ -14,6 +15,8 @@ in
|
||||||
./vim.nix
|
./vim.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
security.allowUserNamespaces = true;
|
||||||
|
|
||||||
nixpkgs.config = {
|
nixpkgs.config = {
|
||||||
allowUnfree = true;
|
allowUnfree = true;
|
||||||
packageOverrides = pkgs: {
|
packageOverrides = pkgs: {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue