stockholm/lass/2configs/hardening.nix

{ pkgs, lib, ... }:
with lib;
{
  security.chromiumSuidSandbox.enable = true;
  security.lockKernelModules = false;
  boot.kernel.sysctl."user.max_user_namespaces" = 63414;

  imports = [
    <nixpkgs/nixos/modules/profiles/hardened.nix>
  ];
}
l mors.r: hardening 2019-01-28 22:02:48 +00:00			`{ pkgs, lib, ... }:`
			`with lib;`
			`{`
			`security.chromiumSuidSandbox.enable = true;`
			`security.lockKernelModules = false;`
			`boot.kernel.sysctl."user.max_user_namespaces" = 63414;`

			`imports = [`
			`<nixpkgs/nixos/modules/profiles/hardened.nix>`
			`];`
			`}`