cullmann/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

blacklist some stuff

Browse source
This commit is contained in:
Christoph Cullmann 2025-03-30 17:39:21 +02:00
parent 16a3b77766
commit 5d515c04b3
No known key found for this signature in database
1 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
share/common.nix
View file

@ -70,6 +70,15 @@ in
"net.core.bpf_jit_harden" = 2;
};
# blacklist some stuff
boot.blacklistedKernelModules = [
# hardening
"dccp"
"sctp"
"rds"
"tipc"
];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;