This commit is contained in:
Cyryl Płotnicki 2020-02-16 09:23:31 +00:00
parent 4551b20c89
commit c8102cafbe
2 changed files with 3 additions and 1 deletions

View file

@ -11,7 +11,6 @@
"kernel.dmesg_restrict" = true; "kernel.dmesg_restrict" = true;
"kernel.unprivileged_bpf_disabled" = true; "kernel.unprivileged_bpf_disabled" = true;
"kernel.unprivileged_userns_clone" = 1; "kernel.unprivileged_userns_clone" = 1;
"net.core.bpf_jit_enable" = pkgs.lib.mkDefault false;
"net.core.bpf_jit_harden" = true; "net.core.bpf_jit_harden" = true;
}; };
loader.grub = { loader.grub = {

View file

@ -6,6 +6,7 @@ in
{ {
imports = imports =
[ [
<nixpkgs/nixos/modules/profiles/hardened.nix>
./vscode.nix ./vscode.nix
./syncthing.nix ./syncthing.nix
./gsconnect.nix ./gsconnect.nix
@ -14,6 +15,8 @@ in
./vim.nix ./vim.nix
]; ];
security.allowUserNamespaces = true;
nixpkgs.config = { nixpkgs.config = {
allowUnfree = true; allowUnfree = true;
packageOverrides = pkgs: { packageOverrides = pkgs: {