20 lines
421 B
Nix
20 lines
421 B
Nix
{
|
|
config,
|
|
pkgs,
|
|
lib,
|
|
...
|
|
}: {
|
|
fileSystems."/".options = ["noatime" "nodiratime" "discard"];
|
|
|
|
hardware.enableRedistributableFirmware = lib.mkDefault true;
|
|
boot = {
|
|
kernel.sysctl = {
|
|
"max_user_watches" = 524288;
|
|
"kernel.dmesg_restrict" = true;
|
|
"kernel.unprivileged_bpf_disabled" = true;
|
|
"kernel.unprivileged_userns_clone" = 1;
|
|
"net.core.bpf_jit_harden" = true;
|
|
};
|
|
};
|
|
}
|