Use hardened kernel profile
This commit is contained in:
parent
66095871c6
commit
2d20c1ae02
@ -5,6 +5,12 @@
|
|||||||
{ config, pkgs, ... }: {
|
{ config, pkgs, ... }: {
|
||||||
imports = [
|
imports = [
|
||||||
./modules/nix-bitcoin.nix
|
./modules/nix-bitcoin.nix
|
||||||
|
|
||||||
|
# Use hardened kernel profile. See
|
||||||
|
# https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/hardened.nix
|
||||||
|
# for the enabled options.
|
||||||
|
<nixpkgs/nixos/modules/profiles/hardened.nix>
|
||||||
|
|
||||||
# FIXME: Uncomment next line to import your hardware configuration. If so,
|
# FIXME: Uncomment next line to import your hardware configuration. If so,
|
||||||
# add the hardware configuration file to the same directory as this file.
|
# add the hardware configuration file to the same directory as this file.
|
||||||
# This is not needed when deploying to a virtual box.
|
# This is not needed when deploying to a virtual box.
|
||||||
@ -97,6 +103,10 @@
|
|||||||
# nixos-generate-config, etc.):
|
# nixos-generate-config, etc.):
|
||||||
|
|
||||||
|
|
||||||
|
# If the hardened profile is imported above, we need to explicitly allow
|
||||||
|
# user namespaces to enable sanboxed builds and services.
|
||||||
|
security.allowUserNamespaces = true;
|
||||||
|
|
||||||
# This value determines the NixOS release with which your system is to be
|
# This value determines the NixOS release with which your system is to be
|
||||||
# compatible, in order to avoid breaking some software such as database
|
# compatible, in order to avoid breaking some software such as database
|
||||||
# servers. You should change this only after NixOS release notes say you
|
# servers. You should change this only after NixOS release notes say you
|
||||||
|
Loading…
Reference in New Issue
Block a user