flake/nixos/profiles/core/hardening.nix

{
  environment.etc.machine-id.text = "b08dfa6083e7567a1921a715000001fb"; # whonix id
  boot.blacklistedKernelModules = [
    # Obscure network protocols
    "ax25"
    "dccp"
    "netrom"
    "rds"
    "rose"
    "stcp"
    "tipc"

    # Old or rare or insufficiently audited filesystems
    "adfs"
    "affs"
    "bfs"
    "befs"
    "cramfs"
    "efs"
    "erofs"
    "exofs"
    "freevxfs"
    "f2fs"
    "hfs"
    "hpfs"
    "jfs"
    "minix"
    "nilfs2"
    "ntfs"
    "omfs"
    "qnx4"
    "qnx6"
    "sysv"
    "ufs"
  ];
}
treewide: cleanup 2024-07-09 23:12:02 +00:00			`{`
nixos: profiles: core: sorting 2023-12-16 08:58:10 +00:00			`environment.etc.machine-id.text = "b08dfa6083e7567a1921a715000001fb"; # whonix id`
			`boot.blacklistedKernelModules = [`
			`# Obscure network protocols`
			`"ax25"`
nixos: apply more hardening 2024-02-05 05:42:06 +00:00			`"dccp"`
nixos: profiles: core: sorting 2023-12-16 08:58:10 +00:00			`"netrom"`
nixos: apply more hardening 2024-02-05 05:42:06 +00:00			`"rds"`
nixos: profiles: core: sorting 2023-12-16 08:58:10 +00:00			`"rose"`
nixos: apply more hardening 2024-02-05 05:42:06 +00:00			`"stcp"`
			`"tipc"`
nixos: profiles: core: sorting 2023-12-16 08:58:10 +00:00
			`# Old or rare or insufficiently audited filesystems`
			`"adfs"`
			`"affs"`
			`"bfs"`
			`"befs"`
			`"cramfs"`
			`"efs"`
			`"erofs"`
			`"exofs"`
			`"freevxfs"`
			`"f2fs"`
			`"hfs"`
			`"hpfs"`
			`"jfs"`
			`"minix"`
			`"nilfs2"`
			`"ntfs"`
			`"omfs"`
			`"qnx4"`
			`"qnx6"`
			`"sysv"`
			`"ufs"`
			`];`
			`}`