Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

l mors.r: hardening

Browse Source
This commit is contained in:
lassulus 2019-01-28 23:02:48 +01:00
parent b74a981dcf
commit 33add1d756
2 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lass/1systems/mors/config.nix
View File

@ -36,6 +36,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/blue-host.nix>
<stockholm/lass/2configs/network-manager.nix>
<stockholm/lass/2configs/nfs-dl.nix>
<stockholm/lass/2configs/hardening.nix>
{
krebs.iptables.tables.filter.INPUT.rules = [
#risk of rain

11
lass/2configs/hardening.nix Normal file
View File

@ -0,0 +1,11 @@
{ pkgs, lib, ... }:
with lib;
{
security.chromiumSuidSandbox.enable = true;
security.lockKernelModules = false;
boot.kernel.sysctl."user.max_user_namespaces" = 63414;
imports = [
<nixpkgs/nixos/modules/profiles/hardened.nix>
];
}