diff options
| author | Freya Murphy <freya@freyacat.org> | 2026-01-26 08:06:19 -0500 |
|---|---|---|
| committer | Freya Murphy <freya@freyacat.org> | 2026-01-26 08:06:19 -0500 |
| commit | 351d76d05ac4cd67866fa2005ee4501a2b14e6a7 (patch) | |
| tree | 8a6cce571bdb88792645fb78c487ab4888864d0e /system | |
| parent | modify firefox stuff (diff) | |
| download | dotfiles-nix-351d76d05ac4cd67866fa2005ee4501a2b14e6a7.tar.gz dotfiles-nix-351d76d05ac4cd67866fa2005ee4501a2b14e6a7.tar.bz2 dotfiles-nix-351d76d05ac4cd67866fa2005ee4501a2b14e6a7.zip | |
update commits and remove unused modules/inputs
Diffstat (limited to '')
| -rw-r--r-- | system/default.nix | 1 | ||||
| -rw-r--r-- | system/desktop.nix | 10 | ||||
| -rw-r--r-- | system/hardened.nix | 58 |
3 files changed, 0 insertions, 69 deletions
diff --git a/system/default.nix b/system/default.nix index 9be2937..aba8c11 100644 --- a/system/default.nix +++ b/system/default.nix @@ -15,7 +15,6 @@ ./bluetooth.nix ./desktop.nix ./fingerprint.nix - ./hardened.nix ./hardware.nix ./networking.nix ./sshd.nix diff --git a/system/desktop.nix b/system/desktop.nix index 8a37148..853296b 100644 --- a/system/desktop.nix +++ b/system/desktop.nix @@ -8,10 +8,6 @@ }: let inherit (lib) mkIf; in { - imports = [ - inputs.preload-ng.nixosModules.default - ]; - config = mkIf config.desktops.enable { # nix-ld programs.nix-ld.enable = true; @@ -61,12 +57,6 @@ in { }; users.groups.lp.members = [config.user]; - # preload-ng - services.preload-ng = { - enable = true; - package = inputs.preload-ng.packages.${system}.preload-ng-src; - }; - # secrets services.gnome.gnome-keyring.enable = true; diff --git a/system/hardened.nix b/system/hardened.nix deleted file mode 100644 index 223b358..0000000 --- a/system/hardened.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ - lib, - config, - inputs, - ... -}: let - inherit (lib) mkIf; -in { - imports = [ - inputs.nix-mineral.nixosModules.nix-mineral - ]; - - config = mkIf config.hardened { - nix-mineral = { - enable = true; - settings = { - debug = { - coredump = true; - zram = false; - }; - network = { - icmp = { - cast = true; - ignore-all = false; - }; - }; - kernel = { - cpu-mitigations = "smt-on"; - io-uring = true; - lockdown = true; - only-signed-modules = true; - pti = true; - sysrq = "none"; - }; - system = { - yama = "relaxed"; - }; - }; - extras = { - kernel = { - intelme-kmodules = false; - }; - system = { - secure-chrony = true; - unprivileged-userns = false; - }; - }; - filesystems = { - normal = { - # let me run shell scripts - # please and thank you - "/home".options.noexec = lib.mkForce false; - "/etc".options.noexec = lib.mkForce true; - }; - }; - }; - }; -} |