felschr/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nixos-config/system/hardened.nix
Felix Schröter c8e0b67ed4
All checks were successful
Test / tests (push) Successful in 9m52s
Details
feat(system): disable apparmor in hardened config 
Caused some problems with passing secrets to miniflux that I could not
resolve. And there are very few apparmor profiles available anyway.
2025-09-23 21:32:51 +02:00

33 lines
749 B
Nix
Raw Blame History

{
config,
modulesPath,
pkgs,
lib,
...
}:
{
imports = [ "${modulesPath}/profiles/hardened.nix" ];
# @TODO hardened kernel causes Bluetooth issues
boot.kernelPackages = lib.mkOverride 900 pkgs.linuxPackages;
security = {
apparmor.enable = lib.mkOverride 900 false;
# Xbox Controller not working via Bluetooth if enabled
lockKernelModules = lib.mkOverride 900 false;
sudo.enable = false;
sudo-rs = {
enable = true;
execWheelOnly = true;
};
};
boot.loader.systemd-boot.editor = lib.mkDefault false;
# scudo causes Firefox & Tor Browser segfaults
environment.memoryAllocator.provider = lib.mkOverride 900 "libc";
security.allowSimultaneousMultithreading = lib.mkOverride 900 true;
}
Reference in a new issue View git blame Copy permalink