l mors.r: hardening
This commit is contained in:
parent
b74a981dcf
commit
33add1d756
@ -36,6 +36,7 @@ with import <stockholm/lib>;
|
||||
<stockholm/lass/2configs/blue-host.nix>
|
||||
<stockholm/lass/2configs/network-manager.nix>
|
||||
<stockholm/lass/2configs/nfs-dl.nix>
|
||||
<stockholm/lass/2configs/hardening.nix>
|
||||
{
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
#risk of rain
|
||||
|
11
lass/2configs/hardening.nix
Normal file
11
lass/2configs/hardening.nix
Normal file
@ -0,0 +1,11 @@
|
||||
{ pkgs, lib, ... }:
|
||||
with lib;
|
||||
{
|
||||
security.chromiumSuidSandbox.enable = true;
|
||||
security.lockKernelModules = false;
|
||||
boot.kernel.sysctl."user.max_user_namespaces" = 63414;
|
||||
|
||||
imports = [
|
||||
<nixpkgs/nixos/modules/profiles/hardened.nix>
|
||||
];
|
||||
}
|
Loading…
Reference in New Issue
Block a user