flake/nixos/profiles/core/hardening.nix
2024-07-10 07:50:22 +08:00

38 lines
572 B
Nix

{
environment.etc.machine-id.text = "b08dfa6083e7567a1921a715000001fb"; # whonix id
security.sudo.execWheelOnly = true;
boot.blacklistedKernelModules = [
# Obscure network protocols
"ax25"
"dccp"
"netrom"
"rds"
"rose"
"stcp"
"tipc"
# Old or rare or insufficiently audited filesystems
"adfs"
"affs"
"bfs"
"befs"
"cramfs"
"efs"
"erofs"
"exofs"
"freevxfs"
"f2fs"
"hfs"
"hpfs"
"jfs"
"minix"
"nilfs2"
"ntfs"
"omfs"
"qnx4"
"qnx6"
"sysv"
"ufs"
];
}