felschr/nixos-config
1
1
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
nixos-config/system/hardened.nix

24 lines
671 B
Nix
Raw Blame History

{ config, pkgs, lib, ... }:
# utilises some of the measures from
# <nixpkgs/nixos/modules/profiles/hardened.nix>
with lib; {
boot.loader.systemd-boot.editor = mkDefault false;
nix.settings.allowed-users = mkDefault [ "@users" ];
# causes Firefox & Tor Browser segfaults
# environment.memoryAllocator.provider = mkDefault "scudo";
# environment.variables.SCUDO_OPTIONS = mkDefault "ZeroContents=1";
# mullvad-daemon is blocked by one of these measures
# security.hideProcessInformation = mkDefault true;
# security.lockKernelModules = mkDefault true;
# security.protectKernelImage = mkDefault true;
security.apparmor.enable = mkDefault true;
}
Reference in a new issue View git blame Copy permalink