feat(system): improve hardened.nix

Import  from nixpkgs as basis and override settings that cause problems.

hardware/base.nix

@@ -4,7 +4,7 @@
   imports = [ ./planck.nix ];
 
   boot.supportedFilesystems = lib.mkDefault [ "btrfs" ];
-  boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
+  boot.kernelPackages = lib.mkOverride 0 pkgs.linuxPackages_latest;
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
 

system/hardened.nix

@@ -1,23 +1,10 @@
-{ config, pkgs, lib, ... }:
+{ config, modulesPath, pkgs, lib, ... }:
 
-# utilises some of the measures from
-# <nixpkgs/nixos/modules/profiles/hardened.nix>
 with lib; {
+  imports = [ "${modulesPath}/profiles/hardened.nix" ];
+
   boot.loader.systemd-boot.editor = mkDefault false;
 
-  nix.settings.allowed-users = mkDefault [ "@users" ];
+  # scudo causes Firefox & Tor Browser segfaults
-
+  environment.memoryAllocator.provider = "libc";
-  # causes Firefox & Tor Browser segfaults
-  # environment.memoryAllocator.provider = mkDefault "scudo";
-  # environment.variables.SCUDO_OPTIONS = mkDefault "ZeroContents=1";
-
-  # mullvad-daemon is blocked by one of these measures
-
-  # security.hideProcessInformation = mkDefault true;
-
-  # security.lockKernelModules = mkDefault true;
-
-  # security.protectKernelImage = mkDefault true;
-
-  security.apparmor.enable = mkDefault true;
 }