l mors.r: hardening
This commit is contained in:
parent
b74a981dcf
commit
33add1d756
@ -36,6 +36,7 @@ with import <stockholm/lib>;
|
|||||||
<stockholm/lass/2configs/blue-host.nix>
|
<stockholm/lass/2configs/blue-host.nix>
|
||||||
<stockholm/lass/2configs/network-manager.nix>
|
<stockholm/lass/2configs/network-manager.nix>
|
||||||
<stockholm/lass/2configs/nfs-dl.nix>
|
<stockholm/lass/2configs/nfs-dl.nix>
|
||||||
|
<stockholm/lass/2configs/hardening.nix>
|
||||||
{
|
{
|
||||||
krebs.iptables.tables.filter.INPUT.rules = [
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
#risk of rain
|
#risk of rain
|
||||||
|
11
lass/2configs/hardening.nix
Normal file
11
lass/2configs/hardening.nix
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
{ pkgs, lib, ... }:
|
||||||
|
with lib;
|
||||||
|
{
|
||||||
|
security.chromiumSuidSandbox.enable = true;
|
||||||
|
security.lockKernelModules = false;
|
||||||
|
boot.kernel.sysctl."user.max_user_namespaces" = 63414;
|
||||||
|
|
||||||
|
imports = [
|
||||||
|
<nixpkgs/nixos/modules/profiles/hardened.nix>
|
||||||
|
];
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user