hyprwm/hyprland-infra
1
0
Fork 0
mirror of https://github.com/hyprwm/hyprland-infra.git synced 2025-05-12 21:30:36 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

modules/security: hardened kernel; protect kernel & modules

Browse source
This commit is contained in:
NotAShelf 2024-08-18 16:51:14 +03:00
parent 3d9b446c98
commit ca724b08b3
No known key found for this signature in database
GPG key ID: AF26552424E53993
1 changed files with 19 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
modules/security.nix Normal file
View file

@ -0,0 +1,19 @@
{
pkgs,
lib,
...
}: let
inherit (lib.modules) mkForce;
in {
boot.kernelPackages = pkgs.linuxPackages_hardened;
security = {
# Do not allow loading additional kernel modules imperatively.
lockKernelModules = false;
# Disallow replacing the running kernel. This breaks hibernation
# which is practically useless on a server.
protectKernelImage = true;
allowSimultaneousMultithreading = mkForce false;
};
}