nixos-config/system/hardened.nix

{ config, modulesPath, pkgs, lib, ... }:

with lib; {
  imports = [ "${modulesPath}/profiles/hardened.nix" ];

  # @TODO hardened kernel causes Bluetooth issues
  boot.kernelPackages = mkOverride 900 pkgs.linuxPackages;

  # Xbox Controller not working via Bluetooth if enabled
  security.lockKernelModules = mkOverride 900 false;

  boot.loader.systemd-boot.editor = mkDefault false;

  # scudo causes Firefox & Tor Browser segfaults
  environment.memoryAllocator.provider = mkOverride 900 "libc";

  security.allowSimultaneousMultithreading = mkOverride 900 true;
}
feat(system): improve hardened.nix Import from nixpkgs as basis and override settings that cause problems. 2023-04-14 22:18:38 +02:00			`{ config, modulesPath, pkgs, lib, ... }:`
feat: add hardened module 2020-08-14 23:19:21 +02:00
style: format nix files 2020-09-23 13:19:19 +02:00			`with lib; {`
feat(system): improve hardened.nix Import from nixpkgs as basis and override settings that cause problems. 2023-04-14 22:18:38 +02:00			`imports = [ "${modulesPath}/profiles/hardened.nix" ];`
feat: add hardened module 2020-08-14 23:19:21 +02:00
refactor: update hardened.nix 2023-05-31 17:02:01 +02:00			`# @TODO hardened kernel causes Bluetooth issues`
			`boot.kernelPackages = mkOverride 900 pkgs.linuxPackages;`

feat(hardware): update hardened config 2023-04-17 12:42:15 +02:00			`# Xbox Controller not working via Bluetooth if enabled`
refactor: update hardened.nix 2023-05-31 17:02:01 +02:00			`security.lockKernelModules = mkOverride 900 false;`
feat(hardware): update hardened config 2023-04-17 12:42:15 +02:00
feat(system): improve hardened.nix Import from nixpkgs as basis and override settings that cause problems. 2023-04-14 22:18:38 +02:00			`boot.loader.systemd-boot.editor = mkDefault false;`
feat: add hardened module 2020-08-14 23:19:21 +02:00
feat(system): improve hardened.nix Import from nixpkgs as basis and override settings that cause problems. 2023-04-14 22:18:38 +02:00			`# scudo causes Firefox & Tor Browser segfaults`
refactor: update hardened.nix 2023-05-31 17:02:01 +02:00			`environment.memoryAllocator.provider = mkOverride 900 "libc";`
feat(hardware): update hardened config 2023-04-17 12:42:15 +02:00
refactor: update hardened.nix 2023-05-31 17:02:01 +02:00			`security.allowSimultaneousMultithreading = mkOverride 900 true;`
feat: add hardened module 2020-08-14 23:19:21 +02:00			`}`